Okta User SSO Guide (Touch ID 2FA Setup)

Overview

While logged in to Okta from the device you wish to add, access the Settings page.
In the ‘Security Methods’ section of the page, choose Set up or Set up another next to Security Key or Biometric.
You will then presented with a password verification and passkey verification prompt.
After pressing Set up twice, a prompt from your web browser will appear, or a 1Password prompt may appear. Click the thumb drive icon to bypass if it appears and you wish to save it in iCloud Keychain (recommended) or the local Chrome browser.
For iCloud Keychain or a YubiKey, click “Use a different passkey”. For the local Chrome browser choose “Continue”.

If you choose to save it in your Chrome profile, another prompt will appear asking you to authenticate using Touch ID or Face ID.
If you chose to use the iCloud Keychain or Security Key, choose the correct option to finish enrollment.
For Security Key, relevant prompts will appear.
You may be prompted for a PIN, and then finally click Allow.
We recommend enrolling both Chrome and Safari for redundancy on your computer, as well as a mobile device. Each browser needs to be enrolled separately, unless you use iCloud Keychain. Note that separate Chrome browser profiles also need to be enrolled separately. You should enroll one computer browser (for example, Chrome), then add the mobile device, then if required add the other computer browser (for example, Safari).
If clearing your browser cache, please be careful as you can delete your passkey.
1. In Chrome, if using “Clear Browsing Data” function please ensure that you do not check “Passwords and other sign-in data” (under “Advanced” tab). By default, this is unchecked.
2. In Safari, the credential is stored under “Settings->Password”. This is separate from the “Settings->Privacy” and “Manage Website Data” where you would click “Remove all” to remove the cache.

We have also prepared Introductory Videos on Configuring Applications and Dashboard Tips.