Body
Texts are going away for MFA. What does this mean?
Okta, the Identity Management Provider (IDP) for St. Edward's, is deprecating support for SMS (text message) and automated phone calls as second authentication factors. IET has extended the use of SMS and voice for university accounts until July 2026. We strongly recommend that all users still using SMS for MFA transition to better security factors, such as Okta Verify, before that time.
If you need help setting up MFA factors, or resetting them, please see our article: How to Reset Your Multi-Factor Authentication (MFA) Factors.
Message from our Vendor
Starting September 15, 2024, at time of renewal, all customers must bring-their-own telephony provider via Okta’s Telephony Inline Hook in order to continue to send SMS and voice messages for both MFA and non-MFA use cases (authentication / account unlock / password reset).
SMS has played an important role as a universally applicable method of verifying a user’s identity via one-time passcodes. However, SMS offers limited assurance, and Okta has long recommended moving away from phone-based authentication. In August of 2023, Okta stopped offering out-of-the-box telephony services for all net new customers, and starting September 15, 2024, upon renewal, Okta will extend that policy to all customers. Although Customers are free to choose to continue to use SMS and voice for authentication by bringing-their-own provider, Okta urges customers to consider higher assurance out-of-the-box authenticators such as Okta Verify, FastPass, and FIDO2 Webauthn.