Okta Is Coming
Overview

JMU Information Technology (IT) is currently implementing Okta, a modern, cloud-based, Identity and Access Management (IAM) platform that will replace Duo. Simply put, once Okta goes "live," it will:

  • Manage all eIDs and passwords at JMU and provide secure access into every major system
  • Provide a jumping-off point from which you can access many JMU systems from one login
  • Handle multi-factor authentication (MFA) for your account through the Okta Verify app

Please read the information below to learn important actions you need to take to be ready for the go-live date.

Differences between Duo and Okta

There are multiple major differences of which you should be aware:

  • Okta uses the Verify app for MFA instead of the Duo Mobile app you have used in the past.
  • With Okta, you will only need to change your password once per year.
  • After moving to Okta, JMU will introduce a new password standard of at least 16 characters.
  • With Okta, SMS (text messages) will no longer be accepted as an authentication factor (see FAQ below).
  • If you currently have a Duo hardware token (sometimes called a D100), you must exchange it for a Yubikey. These devices will soon be available; look for upcoming details regarding obtaining one.
How and when do I enroll in Okta Verify?

Refer to the Enrollment Schedule on this page to determine when your enrollment window opens. When your enrollment window opens, an email will be sent to your JMU email address that will prompt you to begin enrollment.

Steps

From a computer

  1. In the Okta activation email, sent to your JMU email address (subject, "Welcome to JMU Okta!"), click the Activate Okta Account link. If the activation link has expired, then you will be prompted to request a new one before proceeding.
  2. Click Set Up under the Okta Verify description.
  3. A QR code will appear. Keep this screen open.
  4. On your smartphone, download the Okta Verify app from the App Store (iOS) or Google Play (Android).
  5. Once downloaded, open the app, click Get Started and click through the next two prompts.
  6. After clicking Add Account, select Organization (Work, school, company) as the Account Type.
  7. Skip Add Account from Another Device.
  8. On the Do You Have a QR Code? screen, click Yes, Ready to Scan.
  9. Scan the QR Code from Step 3.
  10. Finish the setup process. (JMU recommends that you Allow Notifications for push authentications)

 

From a mobile device

  1. Download the Okta Verify app from the App Store (iOS) or Google Play (Android).
  2. In the Okta activation email, sent to your JMU email address (subject, "Welcome to JMU Okta!"), click the Activate Okta Account link. If the activation link has expired, then you will be prompted to request a new one before proceeding.
  3. Click Set Up under the Okta Verify description.
  4. Select whether you want to be sent an email enrollment link or a text message enrollment link.
  5. Click the enrollment link in the email or text message you selected from Step 4.
  6. Finish the setup process. (JMU recommends that you Allow Notifications for push authentications)
What Happens Next?

Once you've enrolled into Okta Verify with at least one device, you're ready! Do not remove Duo Mobile from your device(s) - Duo will continue to authenticate logins until Okta goes live during Spring Break. Okta Verify will automatically take over at that time. If you need to enroll a second device or a hardware token, or if you replace a device you've enrolled (e.g., you get a new phone), please return to Okta to update your information or reach out to the IT Help Desk for assistance.

Where can I get Help/Support?

Information Technology Help Desk at (540) 568-3555, IT Service Portal or helpdesk@jmu.edu

Ask a Question

Report an Issue

Search for Answers

Please see additional frequently asked questions below.

Enrollment Schedule

Upcoming Phases:

10/21/24: Help Desk/IAM Team

10/22/24: IT/Tech Coordinators

11/05/24: Emeriti, Affiliates, Board of Visitors, Senior Leaders

11/12/24: Administration & Finance

12/03/24 and 12/10/24: All other Faculty and Staff

01/09/25: Alumni

02/11/25 through 2/20/25: Current Students

02/25/25 and 03/04/25: Applicants and Matriculated Students

Updated 09/24/2024

Related News
What is MFA or Okta?
Video Play Button Okta Intro Video
Okta Sneak Peek
Video Play Button Okta Sneek Peek
Frequently Asked Questions (FAQs)

Starting March 17, 2025, JMU eID holders will no longer be able to use text messages containing a one-time passcode for multifactor authentication. 

With Duo, users could receive a text message with a passcode as an alternative to receiving a Duo push notification to complete the authentication prompt. Okta Verify will not support this type of authentication. 

Text-based authentication has become less secure than other available methods, so the Identity and Access Management industry is moving away from this method to keep accounts safe.

If you do not have a smartphone, then you will have to use an Okta hardware token, known as a Yubikey, to authenticate your logins.  Your Duo-branded hardware token will no longer work with Okta.  Information about exchanging Duo tokens for Yubikeys will be sent to token users soon.

Anyone can obtain an Okta hardware token, know as a Yubikey, as an alternative to authenticating on a smartphone (Note: this is the only way to authenticate without a smartphone). Once available, anyone with a current Duo token can exchange it for a Yubikey. JMU employees without a Yubikey can also obtain one free of charge. Please look for upcoming communications about Yubikey availability and exchange instrutions.

Yes, unless you request a change. Following Spring Break 2025, JMU will move to a revised eID format for all new users (new students, new employees, new affiliates). While the current eID format is based upon the user's name, the new eID will be randomized and non-identifiable. If you currently have an eID based on your name, you will not be required to change it. More information about the new eID format is coming soon.

Currently, eID change requests are on a pause due to Okta implementation. Following Okta go-live and a brief, subsequent testing period of the new eID change process, request processing will resume. Any individual who requests an eID change will receive a new eID in the new format (see previous FAQ question). Any eID changes are granted on a one-time, non-reversible basis and can be requested for any reason.

To request a new eID:

  • Employees, please contact the Office of Human Resources.
  • Students, please contact the Office of the Registrar.
  • Anyone with both jmu.edu and dukes.jmu.edu email addresses must request changes to both offices.

Related: University Policy 1345 Legal and Chosen Names 

If you report a legal name change to the University, you are not required to change your eID, nor does it happen automatically - a change must be requested.

There are several key benefits to the Univeristy using Okta, several of which are based around security and simplicity.

With Okta, allowing the use of central login portal means you will only have to go to one location to access all of your JMU-specific sites and accounts. This will also minimize the amount of times you will need to log in and authenticate.

In addition, while password requirements are being modified to match Identity and Access Management Standards, you will not have to update your password as frequently. 

Realizing the impact of this project, Information Technology carefully chose the Okta go-live date and vetted the timing with senior leaders across the UniversityAlternative dates were considered, but none presented fewer or less significant challenges than the chosen date. The choice of Spring Break attempts to minimize disruptions, allows a long enrollment window, and provides everyone an opportunity to get help between go-live and the resumption of classes.

Back to Top
Information Technology
Massanutten Hall
MSC 5733
1031 South Main Street
Harrisonburg, Virginia 22807