Multifactor authentication (MFA) is an extra layer of security for your ACE account that requires you to provide extra verification to verify your identity when signing in with your ACE account. By requiring extra verification to sign in, it makes it difficult for unauthorized users to access your personal information and university resources.
Get Help with MFA from Scarlet
How MFAWorks
When you sign in with your ACE account, you sign in with your ACE username and password. Your ACE usernameand password is something that you know. However, in the event your ACE usernameand/or password is compromised, someone else can log inusing your account.
MFA works to stop this by verifying who you are using something that you have, such as a smartphoneor security key. When you sign in to your ACE account, you'll be asked to then verify it is actually you signing in by responding to a prompt on your smartphoneor using a security key. This is referred to assatisfying MFA.
Something you know (your ACE credentials)andsomething you have (a device that you typically have with you)are the two factors that make multifactorauthentication possible, and keeps your ACE account secure.
Choosing your Second Factor
ACE offers multiple options to use for your second factor to complete extra verification.
You must have this factor available any time you sign into your ACE account. Select an option that you can always keep with you. You can set up multiple factors.
| Factor | How it Works | Timing | Requirements |
|---|---|---|---|
| OktaVerify (Recommended) | Sends a push notification to your smartphoneto complete verification Supports offline authentication. | Near-instant | Smartphone with iOS14+ or Android 8+ Free OktaVerify App Tablets not supported |
| Security Key or Biometric Authenticator | ASecurity Keyis a special USB key you'll insert or tap on your device when prompted. Supports offline authentication | Instant | Any FIDO2 Security Key. See setup instructions below for more information. |
| Google Authenticator | Supports offline authentication. Uses time-based one-time password. | Near-instant | Smartphone with iOS14+ or Android 8+ Free Google Authenticator App Tablets not supported |
Security Keys and Biometric Authentication will not work in Respondus Lockdown Browser
Respondus Lockdown Browser does not support the use of security keys and biometric authentication(Windows Hello and Face ID / Touch ID).
As a workaround, students will need to setupOkta Verifyin the ACE Dashboard from a normal browser, and then login to Lockdown Browser.
Students who cannot setup another method will need to call the IT Help Desk for assistance.
UNLV IT recommends all customers set upOktaVerify.
Setting Up MFA
UpdatingMFA Settings
To update your MFA settings (such as changing your phone number or Okta Verify app)you'll need to log in to the ACE Dashboard first to start the process.
- On your computer or mobile device, go toace.unlv.eduand sign in with your ACE Account. If you forgot your ACE username or password, you can attempt self-service recovery by selectingNeed help signing in?, orcontact theIT Help Desk.
- On the ACE Dashboard, select your name in the upper right.
- SelectSettings.
- SelectEdit Profile. If you do not seeEdit Profile, continue to the next step.
- You may be prompted to sign in again. Enter your password, then selectVerify.
- You may be prompted to satisfyMFA before you can change methods. If you cannot complete MFA,contact theIT Help Desk.
- Navigate down toExtra Verification.
- If you need to replace a factor, such as changing your phone number, or setting up a new device with OktaVerify, selectRemovefor that option. Then selectSet upto begin the setup process.
- If you are setting up a new factor, selectSet upfor that factor.
- Set up your chosen factor with the applicable instructions below.
- Once you have completed your changes, you may sign out and/or close the ACE dashboard.
Setting Up Factors
Once the enrollment process starts, follow the on-screen instructions to enroll in MFA, or select the factor you are enrolling in below.
Okta Verify will send a "yes/no" push notification on your mobile deviceto confirm your authentication attempt. Since internet access is not required, Okta Verify’s offline mode allows you to provide a factor with a limited connection.
- Under OktaVerify, selectSetup.
- Select your device type.
- DownloadOktaVerifyfrom the App Store (for iOS) or Google Play (for Android).
from the - Open Okta Verify on your mobile device.
- Tap Add Account.
- Tap Organization.
- Return to your computer, verify you have selected iPhoneor Android, then selectNext.
- A QR code will appear on your computer.
On your mobile device, tap Yes, Ready To Scan, and point your camera at the QR code displayed in the browser on your computer.
- If prompted, allow push notifications on your device so that you can approve future sign-in notifications without opening the Okta Verify app.
- If prompted, enable biometrics (such as Face ID or Touch ID). Tap EnableorAllow.
- Tap Done to complete the account enrollment.
- Return to the enrollment web page on your computer.
- Once the app has finished downloading, go back to the setup wizard (usually in your web browser).
- VerifyiPhoneorAndroidis selected, then selectNext.
- A QR code will appear.
SelectCan't scan?
- A screen will display asking to send an activation link via SMS. Enter your phone number and selectSend.
- A text message will then be sent to the phone number provided. Select the link sent to you.
- If prompted, select AlloworOpen Okta Verify.
- Okta Verify should automatically open. Follow the on-screen instructions to finish enrollment.
- If prompted, allow push notifications on your device so that you can approve future sign-in notifications without opening the Okta Verify app.
- If prompted, enable biometrics (such as Face ID or Touch ID). Tap EnableorAllow.
- Return to the enrollment web page (usually in your web browser).
The enrollment page will automatically advance once OktaVerify has been registered. Enrollment in OktaVerify is now complete.
Voice Call Authenticationshould only be used when you do not have a device that can use Okta Verify or SMS Authentication. Phone Authentication requires that you be near the phone to receive the phone call and follow the instructions.
Voice Call Authentication works by calling your phone and following the instructions to complete MFA.
- Under Voice Call Authentication, selectSetup.
- Enter your phone number, then selectCall.
- You will then receive a phone call and be given a code. Enter this code inEnter Code, then selectVerify.
The enrollment page will automatically advance once Voice Call Authenticationhas been registered. Enrollment in Voice Call Authentication is now complete.
Security Keys and Biometric Authentication will not work in Respondus Lockdown Browser
Respondus Lockdown Browser does not support the use of security keys and biometric authentication(Windows Hello and Face ID / Touch ID).
As a workaround, students will need to setupOkta Verify, SMS Authentication, or Voice Call Authenticationin the ACE Dashboard from a normal browser, and then login to Lockdown Browser.
Students who cannot setup another method will need to call the IT Help Desk for assistance.
Using aSecurity Key or Biometric Authenticator allows you to satisfy MFA without using a phone at all.ASecurity Keyis a special USB key you'll insert or tap on your device when prompted. Any FIDO2 certified security key is compatible.
If you setupa Security Key or Biometric Authenticator, OIT strongly recommends enabling SMS Authentication to prevent being locked out in case you lose or forget your security key.
Compatible Security Key
OIT recommends the purchase of theYubiKey 5 Series. Because you must either plug the device in to a USB port, or tap it against an NFC-comptaible device, be sure to select a security key with the correct connection type for your device.
If you plan on using campus computers, we recommend having a security key that works with USB-A ports:
Setting up a Security Key
- UnderSecurity Key or Biometric Authenticator, selectSetup.
- SelectEnroll.
- Once you selectEnroll, your device will walk you though the process to setup your security key.Be sure to select the options to setup a security key,as your device may prompt with multiple options. Your device will also prompt you when to insert or tap your security key.
The enrollment page will automatically advance once the security keyhas been registered. Enrollment forSecurity Key or Biometric Authenticator is now complete.
You may add additional security keys or biometric authenticators though the ACE Dashboard, similar to setting up another factor, like SMS Authentication.
Signing in with MFA
When signing in with ACE, you'll be automatically prompted to sign in with MFA when needed. This may not happen at every sign in,but you will be prompted if you log in to a new device.Make sure to always keep your second factors(such as your phone or security key) handy.
If you are prompted to satisfy MFA, you'll see a prompt with the last method you used to sign in. For example, you'll see this for Okta Verify:
If you want to switch how you are prompted, selectMenuto the right of the icon:
Then, select the factor you wish to use. Only factors you have set up will display.
When signing in, ACE may not automatically send a push notification or code, espcially when signing in on a new device. You may need to selectSendfor ACE to send apush notification or code.
- For Okta Verify, select Send Push.
If your mobile device cannot connect to the Internet, you can either use a manual code from Okta Verify, or a Security Key(if enrolled).
For Okta Verify
- VerifyOkta Verifyis displayed as your authentication method. You should see theSend Pushbutton.
- If it does not appear, select the drow-down menu, then selectOkta Verify
- Below Send Push, selectOr enter code.
- On your phone, open Okta Verify.
- Locate the entry fornshe-unlv.okta.comand confirm your ACE username is shown.
- Enter the six digit code shown below your ACE username in theEnter Codebox on your computer.
- SelectVerify.
For Security Keys
- VerifySecurity Key or Biometric Authenticatoris displayed as your authentication method.
- If it does not appear, select the drow-down menu, then selectSecurity Key or Biometric Authenticator.
- Follow the instructions on your device to insert or tap your security key.
Need Additional Help?
If you are locked out of your ACE account, you must call the IT Help Desk. The IT Help Desk cannot reset MFA over email.
For additional assistance, please visit theAccounts, Access, and Identity Knowledge Basefor additional articles or select a Related Service to submit a support ticket. You can also contact the IT Help Desk.
