This is a manual on how to login through Okta portals without a phone.
Install pass-otp.
If you already have multifactor authentication set up, start with step 1.
Otherwise, login up to the point where it asks you to "Set up (two-|multi)factor authentication", and go to step 4.
- Login to your organisation's Okta settings. The url is typically of the
form
https://OKTA_HOME_PAGE/enduser/settings.
For example,
- The University of Sydney: https://sso.sydney.edu.au/enduser/settings
- Garvan: https://garvan.okta.com/enduser/settings
If you know any others, please let me know.
-
Scroll to "Extra Verification". This is typically at the bottom on the right.
-
If you already have Okta Verify or Google Authenticator set up with your organisation, remove it.
-
Retrieve the secret one-time password (OTP) key.
-
Click "Set up" next to "Okta Verify".
-
If a button appears, click it. It may say "Configure factor" or "Set up".
-
Click "iPhone" or "Android". It doesn't matter which one you pick, you won't be needing a phone.
-
Click "Next".
-
Click "Can't scan?".
-
Click the first dropdown menu and select "Setup manually without push notification".
-
Copy the greyed out secret key to your clipboard.
-
-
Create the OTP generator by running the following command, replacing
OTP_NAMEwith a name of your choosing. Paste the secret key when prompted.
pass otp insert -esi byebyeokta OTP_NAME- Generate the OTP by running the following command.
pass otp OTP_NAMECopy the output. Alternatively, use the -c option to copy it directly.
pass otp -c OTP_NAME-
Enter the OTP.
-
Click "Next".
-
Paste the number in the "Enter Code" text box.
-
Click "Verify" to finish the setup.
-
You may have to click "Finish" as well.
-
-
Now, whenever you are required to enter the OTP code in the future, simply generate it by following step 6.
Add the secret key to a OTP authenticator app. This is useful if you need to
use a different computer and don't have access to one which you set up
pass-otp with.
-
Find a way to add a new account by entering the secret key manually into the app. For the Okta Verify app, do the following. The steps are similar for the Google Authenticator app.
-
Press the "+" button in the top-right corner.
-
Press "Other".
-
Press "Enter Key Manually".
-
Type an Account Name of your choosing.
-
Type in the secret key. If you have lost the key, run the following command to retrieve it.
pass OTP_NAME | awk -F '[=&]' '{print $2}'
- Press "Done".
-
-
Confirm you get the same codes on your phone as when following step 6. If not, you may have misspelled the secret key, in which case try again.
-
If you have an old account on a OTP authenticator app which you removed in step 3 you can remove it from the app.
The goal is to auto fill and submit once prompted to enter the OTP code.
If you know a neat way of doing this in Chrome or Firefox, please let me know.
For qutebrowser, consider binding a key chain to the submit_otp_qute.sh
userscript.
- Copy the script from this repository to your qutebrowser userscripts.
git clone git@github.com:sashajenner/byebyeokta.git
mkdir -p ~/.local/share/qutebrowser/userscripts
cp byebyeokta/submit_otp_qute.sh ~/.local/share/qutebrowser/userscripts- You can bind it to
,pby using the following command in qutebrowser.
:bind ,p spawn --userscript submit_otp_qute.sh OTP_NAME
- Test it out. Navigate to a page which requires you to enter the OTP code. In
normal mode type
,por enter the following command.
:spawn --userscript submit_otp_qute.sh OTP_NAME