Multifactor Authentication (MFA)

Multifactor Authentication (MFA) is an additional security step to verify your identity when you login to key University of Melbourne applications. This extra layer of security protects your user account from unauthorised access.

Multifactor Authentication (MFA)

Multifactor Authentication (MFA) is an additional security step to verify your identity when you login to key University of Melbourne applications. This extra layer of security protects your user account from unauthorised access.

How to enrol your device

You will need:

Enrol for MFA
Need help?

MFA Enrolment Quick Reference Guides

For more information on Multifactor Authentication, please select any of the previews or links below to download a useful visual step-by-step guide:

Preview of Getting Started with MFA visual guideGetting Started
with MFA
Preview of How to Enrol for MFA visual guideHow to
Enrol for MFA
Preview for guide for logging in after enrolmentHow to
Login after Enrolment
Preview of How to Reset your Enrolment visual guide How to Reset
your Okta Enrolment
Preview of How to Setup Google Authenticator visual guideHow to Setup
Google Authenticator
Preview of How to use MFA Overseas visual guide How to use
MFA Overseas
Preview of a guide for Logging into Microsoft Apps How to Login to
Microsoft Apps
Preview of guide for MFA enrolling from China How to Enrol for
MFA in China

MFA Enrolment Video Guides

Apple Devices

Android Devices

First Time Log In

Enrolling for MFA - Frequently Asked Questions

  • What is the Okta Verify app?

    A lightweight and secure smartphone application

    The Okta Verify app is a lightweight application used to confirm a user’s identity on their smartphone when signing into a key University of Melbourne application. The app is developed by Okta, the University of Melbourne’s technology partner for multifactor authentication (MFA).

    Okta Verify provides an additional security step to verify your identity when you login to key University applications. This extra layer of security protects your user account from unauthorised access.

    Setting up Okta Verify

    The Okta Verify app needs to be downloaded and set up on a compatible smartphone by following a guided process. Once the setup process has completed, the Okta Verify app will display a rolling 6-digit code on your smartphone. At this point you can simply close the app. The use of this code is explained in the next section. You will also receive two emails from Okta confirming your successful enrolment.

    Two ways to verify your identity

    1. Push Notification: When prompted to verify, simply select ‘Yes, it’s me’ on your enrolled smartphone. This requires internet access.
    2. 6-digit code: Sign into a University application in the normal way and select the ‘or enter code’ option on the Okta Verify prompt screen. Now, open the Okta Verify app on your enrolled device and type the 6-digit code provided into the Okta prompt screen on your web browser, then select ‘Verify’.

    The 6-digit code is generated using the industry standard Time-Based One-Time Password Algorithm and is used to authenticate when internet access is unavailable.

    Privacy

    Okta Verify has passed all required vetting both by the App Store and the University. Okta Verify does not store any personal information – it only requires permission to use your device camera to scan a QR code to register your device with Okta.

    For more information, please read the Privacy Collection Notice.

  • Where can I download the Okta Verify app?

    You can download Okta Verify to your smartphone by visiting your Google store (Android), Apple store (iPhone) and the Microsoft store (Windows). If you are currently in China and using an Android phone, please refer to the FAQ below 'How do I setup MFA from China?'.

    Once you have installed the app on your smartphone, please watch our device enrolment video guides to complete your MFA enrolment.

  • My smartphone can’t run the Okta Verify app.

    If you do not own a compatible smartphone, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • I don’t have a smartphone.

    If you do not own a smartphone, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • I don’t want to download the Okta Verify app on my smartphone.

    I am concerned about my privacy:

    • The Okta Verify App has passed through the App Store and University vetting processes.
    • The University has no access to the app on your phone and cannot view any of the data on your phone, other apps installed, monitor calls or track your location
    • The app requires internet for push notifications but can also operate offline via the rolling 6-digit code that updates every 30 seconds
    • The app does not require you to link it to a particular phone number

    I am concerned about using my personal smartphone:

    • The University encourages all staff and students to use their personal device to verify their identity
    • Providing a University-issued device to each user is not possible due to the high cost
    • The security provided by MFA greatly enhances the protection of not just University information but also your personal information
    • The use of MFA is a requirement for ongoing access to University services

    I am concerned about the performance impact on my smartphone:

    • The app uses minimal resources on your smartphone and prompts you only when Okta needs you to verify your current log in
  • My location blocks access to the Google Play store. What should I do?

    You can manually download and install Okta Verify on your Android smartphone by following these steps:

    1. On your preferred web browser, go to sso.unimelb.edu.au and login with your University username and password.
    2. Select the Setup button for Okta Verify in the 'Setup Multifactor Authentication' area. Then select your device type.
    3. Manually download and install Okta Verify to your smartphone.
      Download link: https://uom-share.oss-cn-hangzhou.aliyuncs.com/OktaVerify-6.1.1.apk
    4. On the Setup Okta Verify screen on your web browser, select the 'Can't Scan?' option. Then, from the dropdown menu, select 'Setup manually without push notification'.
    5. Open the Okta Verify application on your Android device and select Add Account. Then select the 'No Barcode?' option at the bottom of the screen.
    6. Enter your username and the Secret Key displayed on your web browser. Then select Add Account.
    7. Select Next on your web browser, then enter the 6-digit code associated with your University account displayed on the Okta Verify application on your Android mobile device. Then select Verify.
    8. Congratulations! Your account is now registered with Okta Verify. You can now authenticate via the 6-digit codes generated on the Okta Verify application on your Android smartphone.
  • Can I use Okta Verify on more than one device?

    Okta Verify app can only be enrolled on one device, however the University recommends using Google Authenticator as a backup factor.

    Google Authenticator can be installed on multiple devices.

  • What are the minimum requirements for installing Okta Verify on my smartphone?

    Check that your smartphone meets the following requirements:

    If you continue to have difficulties, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • I can’t find Okta Verify in my app store.

    Please check your smartphone compatibility and ensure your device operating system is up to date:

    If you continue to have difficulties, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • When will I be prompted by Okta Verify?

    You will be prompted by Okta Verify in the following scenarios

    • The first time you login from a browser that you have not logged into before
    • The first time you access your applications from a computer that you have not logged into before
    • Any time you login from a country that is different to the country of your last login

    If you receive a notification for activity that you don’t recognise, you should contact 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) immediately.

  • How can I authenticate using Okta Verify?
    • Push Notification –You will be required to verify your identity by accepting ‘Yes, it’s me’ prompt on your smartphone.
    • 6 digit code (Offline mode) – Alternatively, you have an option to enter the 6 digit code to verify your identity.

    If you require any further assistance, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia).

Using MFA - Frequently Asked Questions

  • Why is MFA required?

    Criminals could steal personal information such as passwords, bank details and date of birth. They could also conduct malicious activities, like unenrolling students from courses and stealing money from bank accounts.

    MFA helps keep your personal information and identity protected.

  • Can I use Google Authenticator instead?

    Yes, however we recommend that you use Okta Verify as your primary authentication factor as you will receive push notifications when verifying your identity.

    Once you have enrolled with the Okta Verify app, Google Authenticator will become available to configure as a recommended backup authentication factor.

    If you wish to use Google as a primary multifactor authenticator, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • What happens if I delete Okta Verify from my smartphone?

    You can use your backup factor, such as Google Authenticator, to enable you to log back in and reset Okta Verify.

    If you do not have a backup factor, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • What happens if I get a new smartphone?
    • Your old smartphone
    • Your new smartphone
    • A computer
    • On the web browser of your computer, go to sso.unimelb.edu.au, enter your login credentials and click on the 'Send Push' button.
    • You will receive a push notification from Okta on your old smartphone. Select ‘Yes, it’s me’ on your old smartphone to verify your identity.
    • Once logged in to your account, select the dropdown menu for your account username (located top-right), and select ‘Settings’.
    • Under the ‘Extra Verification’ section, select the ‘Remove’ button adjacent to ‘Okta Verify’. You’ll then be asked if you want to revoke your existing Okta Verify token. Click ‘Yes’ to continue.
    • You can now follow the steps provided in the How to Enrol for MFA guide to enrol your new smartphone.
  • What happens if I forgot my phone?

    You are most often only prompted to verify your identity when:

    • Logging in to a device you have not logged onto before.
    • Logging in to a browser you have not logged onto before.
    • Logging in from a country that is different to the country of your last login.

    Please continue to access your University of Melbourne applications as normal.

    If you are prompted by MFA and have forgotten your smartphone, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • As a student, why am I prompted by MFA on campus?

    For improved security, University of Melbourne students are subject to the same MFA standards as staff. This means that, like University staff, you may occasionally be prompted to verify on-campus to further protect your account from unauthorised access.

  • How do I avoid being prompted by MFA when logging in from home?

    When logging in from a new device or from home, on the Okta Verify user login screen, select ‘Do not challenge me on this device for the next 90 days’.

  • Can I get temporary exclusion from Multifactor Authentication?

    Multifactor Authentication is required for every University of Melbourne staff member and student.

    Temporary exclusion from Multifactor Authentication can only be granted if you temporarily do not have access to your enrolled device and cannot access University applications.

    To request temporary exclusion from Multifactor Authentication, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • Okta Verify push notifications and verification codes aren’t working for me?

    The most common reason for Okta push notifications and verification codes failing is a mismatch of the time and date settings on your phone and actual location. Please make sure the time and date settings on your enrolled device match those of your current location.

    If you are using an Android mobile device, please enable the 'Automatic date and time update' feature in your Settings.

    On your enrolled device, you can also check the following:

    • Push Notifications have been enabled in the Okta Verify app
    • Your device operating system is up to date and meets the minimum requirements to support Okta Verify

    Please check the above and try again.

    For further assistance, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia).

  • How do I reset my Multifactor Authentication factor(s)?

    If you have access to your enrolled device and need to reset your Okta enrolment, please follow the steps provided in the How to Reset Your Okta Enrolment guide.

    If Okta Verify has been deleted and you are unable to reset your factor manually, please visit sso.unimelb.edu.au and authenticate via your backup factor.

    If you have trouble resetting any factor, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • What if I can’t have my enrolled device with me?

    If you work or study in a restricted environment where mobile devices are not allowed, such as University physical containment rooms or science labs, please call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

  • I think my University account may have been compromised. What should I do?

    If you encounter suspicious activity on your University account, please immediately call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia) for assistance.

International MFA Access - Frequently Asked Questions

  • I will be travelling overseas soon. What should I do before I leave?

    Please pre-enrol your device on Okta Verify before travelling to avoid University of Melbourne application access issues.

    You will be prompted to verify while overseas, so please keep your device handy at all times to avoid delays.

  • Can I use Okta Verify without international data / roaming data?

    Yes. You can still verify your identity via access code-based authentication with the Okta Verify app.

    If you have internet access on your phone, including through Wi-Fi, you’ll continue to receive Okta push notifications as normal.

  • Do I need a SIM card with mobile data?

    You only need internet access on your smartphone to receive Okta push notifications.

    If you have mobile data, Okta will use your data for push notifications. If not, you can use the access-code based authentication.

    Please pre-enrol your device on Okta Verify before travelling to avoid University of Melbourne application access issues.

  • Can I enrol from overseas?

    Yes. Simply follow the normal enrolment process and scan the Okta QR code on your smartphone when presented.

    When enrolling from other countries:

    • Ensure that your mobile device has internet access
    • If enrolling with a laptop or desktop device, scan the QR code as usual

    If enrolling directly with a mobile device (without a laptop or desktop), you will have the following options:

    • Send activation link via SMS
    • Send activation link via email
    • Setup manually without push notification

    The University recommends that you use the "Send activation link via email".

    SMS links may not be delivered or may result in roaming fees (depending on your mobile plan).

    Setting up manually is not recommended - you will need to enrol again to start receiving push notifications.

    For further assistance, please call +61 3 9035 5511.

  • How do I setup MFA from China?

    Due to the restrictions on Google services in China, you won't be able to download and install applications such as Okta Verify or Google Authenticator from the Google Play Store on Android devices.

    You can manually download and install Okta Verify on your Android smartphone by following these steps:

    1. On your preferred web browser, go to sso.unimelb.edu.au and login with your University username and password.
    2. Select the Setup button for Okta Verify in the 'Setup Multifactor Authentication' area. Then select your device type.
    3. Manually download and install Okta Verify to your smartphone.
      Download link: https://uom-share.oss-cn-hangzhou.aliyuncs.com/OktaVerify-6.1.1.apk
    4. On the Setup Okta Verify screen on your web browser, select the 'Can't Scan?' option. Then, from the dropdown menu, select 'Setup manually without push notification'.
    5. Open the Okta Verify application on your Android device and select Add Account. Then select the 'No Barcode?' option at the bottom of the screen.
    6. Enter your username and the Secret Key displayed on your web browser. Then select Add Account.
    7. Select Next on your web browser, then enter the 6-digit code associated with your University account displayed on the Okta Verify application on your Android mobile device. Then select Verify.
    8. Congratulations! Your account is now registered with Okta Verify. You can now authenticate via the 6-digit codes generated on the Okta Verify application on your Android smartphone.

    For further assistance, please call +61 3 9035 5511.

MFA Support

Need help with MFA?

Open a chat with Student IT, call 13MELB (13 6352 - within Australia, +61 3 9035 5511 - outside Australia), or visit us at Stop 1 for support with Multifactor Authentication.

Do you have a question about MFA?

Refer to the MFA Support & FAQ page for frequently asked questions and advice on configuring and managing Multifactor Authentication.