Okta Is Coming
Overview

JMU Information Technology (IT) is currently implementing Okta, a modern, cloud-based, Identity and Access Management (IAM) platform that will replace Duo. Once Okta goes "live," it will:

  • Manage all eIDs and passwords at JMU and provide secure access into every major system
  • Provide a jumping-off point called MyJMULogin where you can access many JMU systems
  • Handle multi-factor authentication (MFA) through the Okta Verify app

Read below for important actions you must take to be ready for Okta!

Differences between Duo and Okta

Here are the significant differences with Okta:

  • You will only need to change your password once per year.
  • An app called Okta Verify will replace Duo Mobile.
  • SMS (text messages) will no longer be accepted as an authentication factor (see FAQ below).
  • Okta passwords will require at least 16 characters.
  • If you currently use a Duo hardware token (D100), you must exchange it for a Yubikey.
How and when do I enroll in Okta?

Your invitation to enroll in Okta is an email in your JMU inbox with subject, "Welcome to JMU Okta!" The email contains an Activate Okta Account link, referred to below as your activation link. You must have at least one compatible device with you to begin enrollment. Most people will enroll with a smartphone running iOS 17, Android 12, or newer. If you do not have a smartphone that can be updated to these specs, you must obtain a Yubikey hardware token. When ready, choose one enrollment method below.

Enroll from a Computer:

  1. Click the activation link in your invitation email. Misplaced the email, or link expired?
  2. Some people (applicants and some alumni) will be asked to set a password. If applicable, click Set Up and set your Okta password before proceeding.
  3. If you are enrolling a Yubikey, follow this link and complete these steps.
  4. To enroll a smartphone, click Set Up under the Okta Verify description.
    1. A QR code will appear. Keep this screen open.
    2. On your smartphone, download the Okta Verify app from the App Store (iOS) or Google Play (Android).
    3. Open the app, click Get Started, and click through the next two prompts.
    4. After clicking Add Account, select Organization (Work, school, company) as the Account Type.
    5. Skip Add Account from Another Device.
    6. On the Do You Have a QR Code? screen, click Yes, Ready to Scan.
    7. Scan the QR Code from the step above.
    8. Finish the Okta Verify setup process. JMU recommends that you Allow Notifications for push authentications.
  5. When you have enrolled at least one device, your Okta enrollment is complete.

Enroll from a Mobile Device:

  1. Download the Okta Verify app from the App Store (iOS) or Google Play (Android).
  2. From your invitation email, click your activation link. Misplaced the email, or link expired?
  3. Some people (applicants and some alumni) will be asked to set a password. If applicable, click Set Up and set your Okta password before proceeding.
  4. Click Set Up under the Okta Verify description.
  5. Select whether you want to be sent an email enrollment link or a text message enrollment link.
  6. When you receive your email or text message, click the enrollment link inside.
  7. Finish the Okta Verify setup process. JMU recommends that you Allow Notifications for push authentications.
What Happens Next?

Once you've enrolled in Okta with at least one device, you're ready! Do not remove Duo Mobile from your device(s) - Duo will continue to authenticate logins until Okta automatically takes over during Spring Break. If you need to enroll a second device or a hardware token, or if you replace a device you've enrolled (e.g., you get a new phone), please return to Okta to update your information or reach out to the IT Help Desk for assistance.

Enrollment Schedule

Upcoming Phases

02/25/25 and 03/04/25: Applicants and Matriculated Students

 

Completed Enrollment Groups

All employees, current students, emeriti, affiliates, Board of Visitors, alumni (graduates prior to Dec. 2021), and December 2024 graduates.

Missing your enrollment email?

Looking for our simple enrollment steps?

 

Updated 2/24/2025

Related News
What is MFA or Okta?
Video Play Button Okta Intro Video
Okta Sneak Peek
Video Play Button Okta Sneek Peek
Need Help?

Information Technology Help Desk at (540) 568-3555, IT Service Portal or helpdesk@jmu.edu

Ask a Question

Report an Issue

Search for Answers

Please see additional frequently asked questions below.

Frequently Asked Questions (FAQs)

Starting March 17, 2025, JMU eID holders will no longer be able to use text messages containing a one-time passcode for multifactor authentication. 

With Duo, users could receive a text message with a passcode as an alternative to receiving a Duo push notification to complete the authentication prompt. Okta Verify will not support this type of authentication. 

Text-based authentication has become less secure than other available methods, so the Identity and Access Management industry is moving away from this method to keep accounts safe.

Most people (people who already have an eID/password and have been using Duo)
You may still visit MyJMULogin at https://mylogin.jmu.edu and enter your credentials to begin enrollment, even if they do not have their activation link.

New applicants or alumni with only an email account
You must have a valid activation link to enroll. You may request a new activation link after clicking the expired one. If you have trouble with this, or if you have lost your email, contact the IT Help Desk to receive a new invitation email. 

If you do not have a smartphone, then you will have to use an Okta hardware token, known as a Yubikey, to authenticate your logins.  Your Duo-branded hardware token will no longer work with Okta.  Information about exchanging Duo tokens for Yubikeys will be sent to token users soon.

Anyone can obtain an Okta hardware token, known as a Yubikey, as an alternative to authenticating on a smartphone (Note: this is the only way to authenticate without a smartphone). Once available, anyone with a current Duo token can exchange it for a Yubikey. JMU employees without a Yubikey can also obtain one free of charge. Please look for upcoming communications about Yubikey availability and exchange instrutions.

Yes, unless you request a change. Following Spring Break 2025, JMU will move to a revised eID format for all new users (new students, new employees, new affiliates). While the current eID format is based upon the user's name, the new eID will be randomized and non-identifiable. If you currently have an eID based on your name, you will not be required to change it. More information about the new eID format is coming soon.

Currently, eID change requests are on a pause due to Okta implementation. Following Okta go-live and a brief, subsequent testing period of the new eID change process, request processing will resume. Any individual who requests an eID change will receive a new eID in the new format (see previous FAQ question). Any eID changes are granted on a one-time, non-reversible basis and can be requested for any reason.

To request a new eID:

  • Employees, please contact the Office of Human Resources.
  • Students, please contact the Office of the Registrar.
  • Anyone with both jmu.edu and dukes.jmu.edu email addresses must request changes to both offices.

Related: University Policy 1345 Legal and Chosen Names 

If you report a legal name change to the University, you are not required to change your eID, nor does it happen automatically - a change must be requested.

There are several key benefits to the Univeristy using Okta, several of which are based around security and simplicity.

Okta will provide a service called MyJMULogin that will serve as a central location or web application from which you can access many JMU-specific sites and accounts. This service will minimize the amount of times you will need to log in and authenticate.

In addition, while password requirements are being modified to match Identity and Access Management Standards, you will not have to update your password as frequently. 

Realizing the impact of this project, Information Technology carefully chose the Okta go-live date and vetted the timing with senior leaders across the UniversityAlternative dates were considered, but none presented fewer or less significant challenges than the chosen date. The choice of Spring Break attempts to minimize disruptions, allows a long enrollment window, and provides everyone an opportunity to get help between go-live and the resumption of classes.
Yes, on March 14th at 5:00pm ET, password changes will be disabled in MyMadison, and you will no longer manage your password there. Beginning March 17th at 8:00am ET, you will manage your JMU password through MyJMULogin.

Back to Top
Information Technology
Massanutten Hall
MSC 5733
1031 South Main Street
Harrisonburg, Virginia 22807