Generate Secret Key Skip to main content
https://support.okta.com/help/answers?id=9062a000000qunzqa0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Frankie ChanFrankie Chan 

Generate Secret Key

Hi Everyone,

I have a question - whether Okta administrator can generate secret key for Okta Verify for a normal user? The fact that the user cannot login with a desktop but has an urge to set up the app. Is that possible?

Warm regards,
Frankie
Evan AlterEvan Alter (Okta, Inc.)
Frankie -
What is your use case? What are you trying to achieve?

Can you hep me understand what you mean by a normal user who cannot login with a desktop but wants to setup the app?

Thanks.

Evan Alter
Technical Support Engineer
Okta Global Customer Care
Evan AlterEvan Alter (Okta, Inc.)
Frankie -
Did you receive our last post? What is your use case? What are you trying to achieve?

Can you hep me understand what you mean by a normal user who cannot login with a desktop but wants to setup the app?

Thanks.

Evan Alter
Technical Support Engineer
Okta Global Customer Care
Frankie ChanFrankie Chan
Hi Evan,

My situation is - when you have to set up the Okta Verify app, you need to first login your Okta on a desktop and then click "Set-up" at the profile settings. While my client is not able to do that and have the urge to enroll the device to Okta with the Secret Key. 

I'm wonder if there's any chance to enroll a mobile device to Okta Verify App without logging in once at Okta from any other devices.
James BrischJames Brisch
Hi Frankie!

It seems like you stumped the Okta wizards with this question.  (no offense to the Okta wizards, please do not smite me!)

From what I have encountered within my own organization, there is no functionality that allows anyone besides the recipient of the "welcome aboard" email to configure multifactor on a device.  HOWEVER, if you (the presumed admin in this scenario) were to configure the user's account for them AND had access to their MFA device, you could configure their MFA, BUT you would need to do the entire on-boarding process for them as well.  This would include setting their login picture, password, and security question.  Is it possible to do this?  Yes.  Should you do this?  Absolutely not.  For one, it's more work for you, the already overworked admin.  For two, they would immediately need to reset all of their authentication methods to remain secure.  And finally, the sheer logistical nightmare of getting a user to give you their (presumed) phone while you set up their account, just to reset all of their authentication methods other than MFA.  It would be a severely time consuming process if done at scale, or worse yet, if the described user was at a remote location.

The answer is relatively simple.  Tell the user, "In order to continue providing a secure authentication process, it is not possible for an Okta admin to configure your multifactor for you.  I apologize for the inconvenience."

I hope you found this helpful, in spite of the time it took for me to provide you with an answer.