Multifactor Authentication - Volunteers

Watch a support video on how to set up Multifactor Authentication (MFA)

hide

Activate your MFA now

1. Click here https://login.cfa.vic.gov.au/enduser/settings to sign-in to CFA Okta using your CFA Email and Password.
2. Set up a second factor by choosing your preferred method (Authenticator App, Okta Verify, or Phone)
   Watch video on how to set up Google Authenticator app here.
3. Once you’re logged in, find the section labeled Security Methods with a list of all the available MFA methods.
4. Select your preferred method from the list and click Setup.
5. Enter your Password when prompted to verify it's you, then click Setup.
6. Refer to the set-up instructions below on how to enrol for MFA using your preferred MFA method.
7. Once MFA is activated, make sure to save any changes. You’ll now be prompted to use MFA during future logins.

MFA Setup User Guides

How to set up Okta Verify

Download Okta Verify User Guide

1. Go to the Apple App Store or the Google Play Store and search for Okta Verify and install the app on your device.
2. Open a web browser on your computer. 
3. Click here to sign-in to CFA Okta or access a CFA Okta-protected resource by entering your credentials and clicking Next.
4. On the Setup your multi-factor authentication page, locate and click Set up next to the Okta Verify option.
5. Choose your device type (iOS or Android) and click Next.

If your device can scan QR codes:

a.       Do not click Next in the browser yet; instead, on your mobile device, launch Okta Verify app.

b.       Tap Add account to add choose account type

c.       Select Organization as the account type, and then tap Scan a QR code.

d.       Click Yes, ready to scan and point your camera at the QR code displayed in the browser on your computer. The camera will automatically scan the QR code.

e.       After scanning, go back to the web browser and click Next.

f.         In the Enter Code field, enter the code shown in the Okta Verify app on your mobile device.

g.        Click Verify.

If your device cannot scan QR codes:

a.       In the web browser, click on Can't scan? instead of clicking Next.

b.       Note down the string of numbers and letters displayed on the screen.

c.       On your mobile device, launch the Okta Verify app.

d.       Tap the + sign.

e.       Tap Enter a setup key.

f.         In the Account field, enter your username.

g.        In the Key field, enter the string of numbers and letters you noted earlier.

h.       Tap Add. You should see a message confirming that the secret was saved.

i.          Return to the web browser and click Next.

j.          In the Enter Code field, input the code displayed in the Okta Verify app on your mobile device.

k.       Click Verify.

 

 

How to set up Microsoft Authenticator

Download Microsoft Authenticator User Guide

1. Go to the Apple App Store or the Google Play Store and install Microsoft Authenticator on your device.
2. In the web browser on your computer: When signing in to CFA Okta here or when accessing a CFA Okta-protected resource, enter your credentials and then click Next.
3. On the Setup your multi-factor authentication page, click Set up next to the first option.
4. Select your device type, and then click Next.
5. Perform the QR code scanning steps that apply to you

If your device can scan QR codes:

a.       Do not click Next in the browser yet; instead, on your mobile device, launch Microsoft Authenticator

b.       Tap Add account to add choose account type

c.       Select Work or school account as the account type, and then tap Scan a QR code.

d.       Point your camera at the QR code displayed in the browser on your computer. The camera will automatically scan the QR code.

e.       After scanning, go back to the web browser and click Next.

f.         In the Enter Code field, enter the code shown in the MS Authenticator app on your mobile device.

g.        Click Verify and click Continue

If your device cannot scan QR codes:

a.       Do not click Next in the browser yet.

b.       In the web browser on your computer, click Can't scan?

c.       In the field above the Next button, make a note of the string of numbers and letters.

d.       On your mobile device, launch Microsoft Authenticator.

e.       Tap Add account to add choose account type

c.       Select Work or school account as the account type, and then tap Scan a QR code.

f.         Click on Enter Code manually.

g.        In the Code field, enter the string of numbers and letters you noted earlier.

h.       Tap Add. You should see a message confirming that the secret was saved.

i.          Return to the web browser and click Next.

j.          In the Enter Code field, input the code displayed in the Microsoft Authenticator app on your mobile device.

k.       Click Verify.

Use this link to learn more on how to setup MS Authenticator for MFA

 

How to set up Google Authenticator

Download Google Authenticator User Guide

1. Go to the Apple App Store or the Google Play Store and install Google Authenticator on your device.
2. In the web browser on your computer: When signing in to CFA Okta here or when accessing a CFA Okta-protected resource, enter your credentials and then click Next.
3. On the Setup your multi-factor authentication page, click Set up next to the first option.
4. Select your device type, and then click Next.
5. Perform the QR code scanning steps that apply to you

If your device can scan QR codes:

a.       Do not click Next in the browser yet; instead, on your mobile device, launch Google Authenticator

b.       Click on Add a code

c.       Tap Scan a QR code.

d.       Point your camera at the QR code displayed in the browser on your computer. The camera will automatically scan the QR code.

e.       After scanning, go back to the web browser and click Next.

f.         In the Enter Code field, enter the code shown in the Google Authenticator app on your mobile device.

g.        Click Verify and click Continue

If your device cannot scan QR codes:

a.       Do not click Next in the browser yet.

b.       In the web browser on your computer, click Can't scan?

c.       In the field above the Next button, make a note of the string of numbers and letters.

d.       On your mobile device, launch Google Authenticator.

e.       Click on Add a code and click Enter a set up key

f.         In the Account field, enter your username.

g.        In the Key field, enter the string of numbers and letters you noted earlier.

h.       Tap Add. You should see a message confirming that the secret was saved.

i.          Return to the web browser and click Next.

j.          In the Enter Code field, input the code displayed in the Google Authenticator app on your mobile device.

k.       Click Verify.

 

 

How to set up 1Password

Use this link to learn how to set up 1Password as an authenticator app for MFA.

How to set up Phone number during sign-in

Download SMS MFA User Guide

1. Click here https://login.cfa.vic.gov.au/enduser/settings to sign in to CFA Okta using your CFA Email and Password.
2. On the Set up Multi-Factor Authentication page, click Set up for the phone option.
3. Select SMS.
4. From the Country dropdown menu, Australia will be automatically selected.
5. Enter your phone number in the Phone number field. Don't include the country code, dashes, or the leading zero if your country's phone system uses it.
6. If you selected SMS, you could only provide a mobile phone number.
7. Click the Receive a code button.
8. Enter the OTP that you received via SMS in the Enter Code field and click Verify.
9. After successful verification, complete any other prompts, and then you're signed in. The phone number appears in your End-User Dashboard under Settings Security Methods

 

How to reset my MFA

Perform the following to reset your factor:

1. Click here https://login.cfa.vic.gov.au to sign in to CFA Okta using your CFA Email and Password.
2. If prompted, add your second factor for authentication.
3. Once you’re logged in, select your name on the top right corner of the screen, then click Settings.
4. Find the section labeled Security Methods with a list of all the available MFA methods.
5. Select Remove for the factor you want to reset.
6. For security, you may be prompted to provide your password, second factor, or both.
7. Select the factor you want to reset.

Multifactor Authenticator FAQs

How do I sign into CFA Okta?  

Access CFA’s Okta sign-in page here https://login.cfa.vic.gov.au/enduser/settings

What is my username and password for CFA Okta?

Your username and password are your existing credentials that you use to sign in to the current CFA environment. With these credentials you can access all the CFA apps you are authorized for, and your CFA Okta Dashboard.

• Your username is <your_volunteer_number@cfa.vic.gov.au>, alternatively you can enter <your_CFA_email_address@members.cfa.vic.gov.au>.
• Your password is the existing password you currently use to access CFA resources.

If you've forgotten your password, select the Want to reset your password? link at the bottom of the Sign-in page.

What MFA methods does CFA support?

CFA supports various MFA methods, including:

• Third-party apps such as Microsoft Authenticator, Google Authenticator and 1Password
• Okta Verify app
• SMS

Upon accessing your CFA Okta Dashboard or a specific Okta-protected app, you will be prompted to enroll in MFA. Follow the instructions below to set up MFA authentication methods.

How can I change my password?

Password changes are handled through the current Self-Service Password Reset (SSPR) process. For more details, please refer to this link

How do I unlock my account?

If you’re locked out of your CFA account but still remember your password, select "Unlock Account?" at the bottom of the sign-in page. You may receive a prompt to re-authenticate with a password and other security methods configured. Contact ICT Service Desk in case of any issues.

Will I need to re-enroll in MFA if I reset my password?

No, resetting your password doesn’t require re-enrolling in MFA, unless MFA has been reset or removed from your account. 

Can I register multiple devices for MFA?

Yes, you can register multiple mobile phones for MFA. It is recommended to do so to ensure access in case of device loss.

How do you troubleshoot when your phone freezes on the Enrolling Your Device screen?

If you get stuck in a loop when attempting to register using SMS, Email, or QR code, and you are not getting any code or push notifications, your device is not enrolled correctly. You must reset MFA from your account, uninstall Okta Verify on the device, install it again, and then set up the MFA. 

Can I install Authenticator apps on multiple devices?

Yes, you can, and it's a good idea in case you lose or misplace a device. Each device must be set up during registration. Notifications for sign-in approval will appear on all registered devices, but you only need to respond on one.

Does registering my mobile device give CFA access to my device?

No, it does not. Registering a device gives your device access to CFA authentication services, it does not grant nor provide CFA any access to your device.

Why do Authenticator apps ask to enable access to my device camera during setup?

The authenticator app prompts for camera access during initial setup to scan a QR code for device verification. Depending on your device, you may not see this prompt. Once configured, camera access is no longer required and can be disabled after registration. 

Do I need internet or network access to use verification codes after initial registration?

No, after initial registration, the codes work without internet or phone service. Authenticator apps stop running when closed, so it won’t drain your battery.

I don’t have a smartphone. Can I still use MFA?

Yes, you can. If you don’t have a smartphone, you can receive MFA codes via SMS on a regular mobile phone.  

Can I add more than one authentication method to my user account?

Yes, and in most instances, it is recommended to install both the Authenticator app and a Mobile Phone authentication method. Adding the Mobile Phone authentication method is advised for backup and to facilitate phone swaps. 

How do I change my authentication method?

Follow these steps to update your MFA method:

1. Go to https://login.cfa.vic.gov.au to sign in to CFA Dashboard using your CFA Email and Password and complete your second factor authentication.
2. Once you’re logged in, select your name on the top right corner of the screen, then click Settings
3. Find the section labeled Security Methods with a list of all the available MFA methods.
4. Select ‘Set up’ for the factor you want to reset (e.g. SMS).  Watch  on this page to guide you on how to setup your new authentication method.
5. Optional: If you no longer need the previous MFA method, click Remove after the new method is successfully set up.

Will Supplementary Alerting System (SAS) Generic/Guest accounts that are not CFA accounts require CFA MFA?

No, CFA MFA is only required for logons in the @cfa.vic.gov.au and @members.cfa.vic.gov.au domains. Personal emails such as @gmail.com do not access CFA systems and will not be challenged for MFA. 

Why am I seeing the Okta 403 Access Forbidden error when accessing the Okta Console?

Okta 403 Access Forbidden error means the credentials you are using to access the Okta Console are invalid. When accessing the Okta Console always remember the following.

1. Only Privileged Access (PA) Accounts have access to the Okta Console.
2. Always use a new Private or Incognito browser window to log into the Okta Console. This ensures you do not have any token conflict with other CFA applications and browser sessions that may not be using your Privileged Access account.

Who do I contact if I have issues with my account?

In case of any issues, contact ICT Service Desk at ict-it-servicedesk@cfa.vic.gov.au, phone 1300 883 734 or Cybersecurity at cybersecurity@cfa.vic.gov.au.

hide

 

Page last updated:  Thursday, 24 October 2024 2:46:58 PM