On your computer screen, you should see the prompt above that asks you to set up your Multifactor Authentication (MFA).

• Select "Setup" under Voice Call Authentication.
• You will be asked to enter a phone number.
• After you enter your phone number, select "Call."
• You will receive a phone call. When you answer the call, a recorded voice will read out a five-digit number.
• TIP: The number will only be repeated once. Be sure to have a pen and paper ready to record the number.
• Enter the code into the "Enter Code" box.
• Select "Verify."
• You will be redirected back to the MFA enrollment screen. Notice that Voice Call Authentication is now under the Enrolled Factors heading.
• When you have set up all four MFA methods, select the Finish button.
• Note: It is highly encouraged that you set up all four verification methods in case you lose access to one of the MFA methods.

When MFA is required, you can use the downloaded Okta Verify app to access your account. You will be prompted to select an authentication method that you have previously set up.

• Select the drop-down arrow next to the circle check mark.
• Select (Okta Verify).
• Select Send Push or enter code.

• If you selected Send Push, the push notification sent to the mobile device you have set up with Okta Verify will ask if you just signed in. Select "Yes, It's Me" to complete your authentication.

• If you selected enter code, go to your Okta Verify app on the mobile device you have set up and note the six-digit verification code that appears on the screen. If you have several accounts in Okta Verify, use the one associated to the account you want to access. The six-digit code is renewed every 30 seconds.
• Enter the code in the sign-in window and select Verify.

If you are not yet enrolled in multifactor authentication (MFA), you will be prompted to enroll when logging into an MFA-enabled application. On your computer screen, you will see a prompt that asks you to set up your MFA.

• On your smartphone, download the Google Authenticator app as follows:
• Navigate to Google Play (Android) or the App Store (Apple Device). Make sure your smartphone or tablet is running the latest version of the operating system (OS).
• In Google Play (Android) or the App Store (Apple), search for the Google Authenticator app.
• Select the Google Authenticator app.
• Download and install the app.
• Once you have installed the Google Authenticator app on your smartphone or tablet, navigate to the app on your device and open it.
• Note: App may appear slightly different depending on the version of the phone.
• On your computer screen, select "Setup" under Google Authenticator to begin the setup process.
• Choose either iPhone or Android depending on your device.
• You will be instructed to download the Google Authenticator app from the Google Play Store (Android) or the App Store (iPhone). If you have not done so already, you should download the app now.
• TIP: If you have an Apple tablet, choose iPhone.
• Select the "Next" button.

Use the Google Authenticator app on your smartphone or tablet as follows:

• After choosing Apple or Android on your computer screen, your computer screen will show a dialog box with a Quick Response (QR) code in it. The QR code will appear as a square filled with black dots.
• If you are unable to scan the QR code into your smartphone or tablet, select the "Can't Scan?" option under the QR code on your computer screen.
• If you are able to scan the QR code on your smartphone or tablet, navigate to your Google Authenticator app and open it if it is not open already.
• Select "Get Started."
• You will be given the option to either scan a QR code or enter a setup key. Choose one.
• TIP: If you cannot scan the code, select Enter a setup key. See below for the Enter a Setup Key instructions.
• If you have an Android device, the app will ask for permission to use your camera. Select "While Using the App."
• If you have an Apple device, you will see a message that "Authenticator Would Like to Access the Camera." Select OK.
• After granting your phone permission to use the camera, your mobile device's screen will show a blank screen with a square in the center.
• Point your mobile device's camera at the QR code that's on your computer screen, so that the QR code on the computer screen appears in the green box located on your mobile device's screen. The app will automatically scan the code onto your mobile device.

Use the following instructions if you selected "Enter a setup key" in the app:

• On your computer screen, you will be shown a Secret Key. This is the code you will enter in the Google Authenticator app. You will be shown a screen that contains instructions for entering a setup key.
• On your Google Authenticator app, you will see a screen to enter account details. On this screen, enter the following information:
• Your NY.gov account name in the "Account name" field.
• Your Secret Key in the "Your Key" field.
• Select "Time-Based" from the "Type of Key" drop-down.
• Select the "Add" button.

Enter the code from your Google Authenticator app into your computer as follows:

• Once the app has either successfully scanned the QR code or you have successfully entered the Secret Key into the app, the app will display a screen with your username and a six-digit code. This is the code you will enter on your computer in the next steps. This code will change every 30 seconds.
• Enter the six-digit code from your app into the "Enter Code" field on your computer screen and select "Verify."
• You will be redirected back to the enroll screen where you can set up another MFA method. Notice that Google Authenticator is now under the Enrolled Factors heading.
• When you have set up the desired number of MFA methods, select the "Finish" button.
• Note: It is highly encouraged that you set up as many verification methods as possible in case you lose access to one of the MFA methods.
• TIP: If you will be setting up an MFA method that uses a phone app, download the apps before you select the "Setup" button on the "Set up multifactor authentication" browser page. The two MFA methods that use apps are Okta Verify and Google Authenticator.

Potential error messages and how to resolve them

• Error Message: Session has expired.
• Remedy: Customer must sign in again.


• Error Message: Token doesn't match.
• Remedy:
• Customer should check accuracy.
• Customer should select "Send" code again.


• Error Message: Found error.
• Remedy: Customer must re-input code.


• Error Message: Barcode doesn't scan.
• Remedy:
• Ensure customer's device "allowed" access to camera.
• Try alternative methods:
• "Send Activation by SMS" - Customer can input a phone number.
• "Setup manually without push" - Customer will see a temporary code.
• "Send activation email" - Customer will be sent an email to the email account used in the creation of their account.

When MFA is required, you can use the downloaded Google Authenticator app to access your account. You will be prompted to select an authentication method that you have previously set up.

• Select the drop-down arrow next to the circle check mark.
• Select Google Authenticator.
• Navigate to your Google Authenticator app and note the six-digit verification code that appears on the screen. If you have several accounts in the Google Authenticator, use the one associated to the account you want to access. The six-digit code is renewed every 30 seconds.
• Enter the code in the sign-in window and select Verify.

On your computer screen, you should see a prompt that asks you to set up your multifactor authentication (MFA).

• Select "Setup" under SMS Authentication.
• You will be asked to enter a phone number.
• TIP: This phone number must be capable of receiving text messages.
• After you enter your phone number, select "Send code."
• You will receive a text message with a code in it. Enter this code into the "Enter Code" box.
• Select "Verify."
• You will be redirected back to the MFA enrollment screen. Notice that SMS Authentication is now under the "Enrolled factors" heading.
• When you have set up the desired number of MFA methods, select the "Finish" button.
• Note: It is highly encouraged that you set up as many verification methods as possible in case you lose access to one of the MFA methods.

When MFA is required, you can use an SMS code to access your account. You will be prompted to select an authentication method that you have previously set up.

• Select the drop-down arrow next to the circle check mark.
• Select SMS Authentication.
• Select Send code.
• When you receive the text message with the code, enter it and select Verify.