Multi-factor Authentication
What is multi-factor authentication?
Multi-factor authentication (MFA), sometimes referred to as dual factor, is an important feature that keeps your account safer by adding another layer of security beyond a password. When you log in to access your campus apps you will provide a password and verify through another method (usually Okta Verify).
MFA is based on you providing two things:
1. Something you know (username, password, pin to unlock your device)
2. Something you have (your devices, biometrics like face or fingerprint identification
What is Okta and Okta Verify?
Okta is your personal UW-Superior dashboard with all your UW-Superior apps. Go to myapps.uwsuper.edu to login to Okta using your username, password, and multi-factor authentication and you will unlock access to Canvas, Microsoft 365, eHive, Navigate, LinkedIn Learning, and much more.
The Okta Verify app is the superior MFA method choice. This is quick, easy, and ultimately much safer than other methods. It uses number matching (you pick the correct number in the app that matches the login screen) and then you either enter your pin for your device or a biometric method (fingerprint or face ID) to verify it is you.
FAQ’s
Visit myapps.uwsuper.eduand follow the prompts to set up Okta Verify or another approved method (Okta Verify is the best option for most users). Review our guide to Setting up Multi-Factor Authentication with Okta for more information on initial setup and adding or removing MFA methods.
Okta supports more secure options to protect your account. Weaker methods like text and email are more susceptible to phishing attacks, MFA fatigue attacks (such as push bombing), and other types of attacks (sim-swapping, etc.). Okta Verify and the alternative choices available to you are much stronger and are supported by Okta.
Most people do. The Okta Verify app (phone or tablet) is the preferred MFA method due to being the best of both worlds. It provides an extra layer of security while also being convenient and free. You can download Okta Verify to multiple devices. This is a good idea so you have a backup.
Employees that have a university owned mobile device may set up Okta Verify on that device, too.
No. You will have the option in the Okta Verify app to set this up, but you can opt out of using this feature. Instead of using the biometric scan, Okta Verify will use your pin that you use to unlock your device. Biometric verification methods are only available in the Okta Verify app. You will be able to set up either face or fingerprint identification depending on your device.
No. Okta Verify simply offers you a convenient way to securely log into your apps and has no impact on your privacy or grant anyone access to the contents of your device. However, using a physical key is an accepted alternative. Students can purchase one with NFC/tap such as YubiKey (average $50). Employees should reach out to the Technology Help Desk to discuss.
Yes. You will need to use your chosen MFA method every time you need to access your UWS apps in a new Okta session. It is important to not delete your app from your device or leave your physical key behind. Without using your registered MFA method(s) you will be blocked from accessing your account.
Okta Verify is usually used with number matching for convenience, but as an alternative option you can choose to verify with the code displayed in your app. This is typically not done since you need to type out the six-digit code before it refreshes. It is much easier to tap a corresponding number in the Okta Verify app using number matching. However, it is there if you need it.
Google Authenticator and Microsoft Authenticator also can provide randomized codes like this if you decide to use one of them as an MFA method.
Okta defaults to the last method you used for MFA. To change this, click “verify with something else” on the login screen and select a different method. You must have already registered a method for it to show up as an option.
If you are stuck contact the Technology Help Desk to get a one-time passcode. Please be aware that we will ask questions to confirm your identity when you contact us, but we will never ask for highly sensitive information such as your password or social security number.
Users are required to report any lost, stolen, or compromised MFA methods to the Technology Help Desk immediately. If you can get into your Okta dashboard, you can also remove the security method(s) that are compromised under settings.
Contact the Technology Help Desk
Self Service Portal: uwsuper.edu/helpdesk
Email: helpdesk@uwsuper.edu
Call: 715-394-8300
Visit: Swenson Hall 2100
Learn more on our website at uwsuper.edu/technology.
Please skip changing your password until your next login. Changing your password requires you to verify your identity with MFA so on your very first login you will not be able to make this change since your MFA isn’t set up yet. You will be prompted to change it the next time you sign into Okta.
Trouble setting up MFA or have other questions?
In addition to this FAQ, we have created resources to walk you through setting up multi-factor authentication. If you experience issues or have additional questions, please contact the Technology Help Desk for assistance.
Passwords and User Accounts
You can either reset your password yourself using the self-service option or contact the Technology Help Desk for assistance with a one-time reset.
Self-service
Users that register a secondary email with Okta can easily reset their password on their own by visiting myapps.uwsuper.edu and clicking on the “New user/forgot password” link below the sign in button. You will receive an email from Okta to your personal email. Follow the steps. You will need to use your registered MFA method to verify your identity.
Technology Help Desk
You can usually avoid needing to involve the Help Desk by setting up a secondary email in your Okta settings. However, if you did not provide a secondary email or otherwise are unable to reset your password yourself, contact the Technology Help Desk for next steps.
Technology Services will not reset a password with personally identifiable information alone for your safety. You will be required to either physically visit us in Swenson Hall 2100 or have a video call with us. Call 715-394-8300 or email helpdesk@uwsuper.edu to set up the video call. In either case, please have ready an official photo ID. If you have questions, please ask the Help Desk.
You are required to change your password every 180 days, but you can change your password anytime.
If you get an email telling you to change your password it might be legitimate, but to be safe do not click on any links. Instead go directly to Okta to create a new password. Sending an email asking someone to enter their login information is a very common phishing attack and they can look very convincing. It is better to be safe than sorry. Go directly to the source and do not click on links or attachments in emails you aren’t expecting.
Okta Settings
When you are logged into Okta click on your name to open the menu and select settings. There you can create a new password. You will be required to provide your current password and verify your identity with an MFA method you have previously registered. You have the option to sign yourself out of all other devices.
Okta Login Page (myapps.uwsuper.edu)
You can change your password by clicking on “New user/forgot password?” on the Okta login page or within your Okta Dashboard settings. Never reset your password by clicking on a link in an email. Only change it by going directly to your Okta SSO at myapps.uwsuper.edu.
We highly recommend all users add a personal email in their Okta settings. This allows users to reset their password themselves without the assistance of the Technology Help Desk.
Visit your Okta Settings from the dashboard (myapps.uwsuper.edu) by clicking on your name to open the menu and choosing Settings. Select Edit for your Personal Information.
Add your personal email address. This email is only used if you need to reset a forgotten password or to unlock your account. Make sure that the email you provide has a strong password and MFA enabled. You will be prompted to check the email sent to your personal email to confirm it as your secondary email.
In your personal email inbox, open the confirm email address change email and click Confirm Email Change. You will be required to provide your username, current password, and to confirm your identity with your registered MFA method.
We recommend users create passphrases for their passwords. A passphrase is a short phrase that only you know that couldn’t be guessed by someone else. You can come up with random words, a silly phrase, or create an acronym (for example TRUE could be TurtlesReadUnderEarth). Just be sure to not use personal information such as names of children or pets, your favorite show, your birthday, etc.
Once you have your words it is time to turn it into a password. To make sure a passphrase is both more secure and complies with password requirements replace some letters with numbers and symbols. In our example, the passphrase Pandas Made Cupcakes Today could be P@nd@$M@d3Cupc@k3$T0d@y. To take it to another level come up with your own code. Instead of using @ for a, choose a symbol that looks nothing like the letter that only you will be able to remember. As long as you can remember it that is a good option to up your security.
You may also want to get a password manager.
Image Credit: https://xkcd.com/936
If you are a student, contact the Registrar’s Office. If you are an employee, contact the Human Resources Office. In either case, once your records are updated in our system, you will receive an email asking if you want your username changed. Follow the directions in the email.
VPN (Virtual Private Network)
You can access any campus network resource the same as if you were on campus including access to network drives, email, and any other network-based software that you would have access to if you were connected on campus. The VPN is not intended for use on campus and is not available for personal devices. You can purchase a VPN (students or employees for personal use) at a discount at uwsuper.onthehub.com. For more information on VPN’s, visit our website.
Here are a few steps to help you secure your VPN connection and your campus devices:
• Always disconnect from VPN when you have completed your work or are going to be away from your device for any period of time.
• Never keep your VPN credentials on your device or your device carrying case.
• Store all critical data files on your network drives and password protect those files
• Never allow you device to “Save Passwords”
• Avoid leaving devices in cars, hotel rooms, or in checked luggage
• Pay particular attention to your devices in airports or other public places
• If your device is stolen, immediately contact the Technology Help Desk or if it is after hours contact Campus Safety.
The steps depend on the device that you are connecting with, but in general you will log into Okta, launch the program, and it will launch in your preferred browser.
Contact the Technology Help Desk and provide them with your computer number (bottom of the device) and a phone number where they can reach you.
Polices for using this service are included in the broader Remote Access Policy. All other University policies including Appropriate Use Guidelines must be followed when connecting through VPN.
How you disconnect depends on the device, but in general you launch the “GlobalProtect” dashboard from the system tray or list of programs and click the disconnect button on the dashboard.
No. Because data you are sending and receiving must be encrypted and decrypted, you will sacrifice some performance. The speed of the connection is also dependent on the speed of your internet connection. The campus network is typically much faster than most hotels, airports, or other public networks.