Multifactor authentication (MFA) is an extra layer of security for your ACE account that requires you to provide extra verification to verify your identity when signing in with your ACE account. By requiring extra verification to sign in, it makes it difficult for unauthorized users to access your personal information and university resources.
Get Help with MFA from Scarlet
How MFA Works
When you sign in with your ACE account, you sign in with your ACE username and password. Your ACE username and password is something that you know. However, in the event your ACE username and/or password is compromised, someone else can log in using your account.
MFA works to stop this by verifying who you are using something that you have, such as a smartphone or security key. When you sign in to your ACE account, you'll be asked to then verify it is actually you signing in by responding to a prompt on your smartphone, receiving a text message or phone call, or using a security key. This is referred to as satisfying MFA.
Something you know (your ACE credentials) and something you have (a device that you typically have with you) are the two factors that make multifactor authentication possible, and keeps your ACE account secure.
Choosing your Second Factor
ACE offers multiple options to use for your second factor to complete extra verification.
You must have this factor available any time you sign into your ACE account. Select an option that you can always keep with you. You can set up multiple factors.
| Factor |
How it Works |
Timing |
Requirements |
Okta Verify
(Recommended) |
Sends a push notification to your smartphone to complete verification
Supports offline authentication. Our Okta Verify EZ-Enroll tool can help simplify this process, check out the tool here: https://it.unlv.edu/multifactor-authentication/okta-verify |
Near-instant |
Smartphone with iOS 14+ or Android 8+
Free Okta Verify App
Tablets not supported |
| SMS Authentication |
Sends a numerical code to your registered phone number |
Up to a few minutes to receive the message |
Any mobile device that can receive text messages
Cellular connection
Message rates may apply |
| Voice Call Authentication |
Calls you and provides instructions over the phone |
Up to a few minutes to receive the message |
Any telephone that can receive phone calls
Cellular or telephone connection
Phone rates may apply |
| Security Key or Biometric Authenticator |
A Security Key is a special USB key you'll insert or tap on your device when prompted.
Supports offline authentication |
Instant |
Any FIDO2 Security Key. See setup instructions below for more information. |
Security Keys and Biometric Authentication will not work in Respondus Lockdown Browser
Respondus Lockdown Browser does not support the use of security keys and biometric authentication (Windows Hello and Face ID / Touch ID).
As a workaround, students will need to setup Okta Verify, SMS Authentication, or Voice Call Authentication in the ACE Dashboard from a normal browser, and then login to Lockdown Browser.
Students who cannot setup another method will need to call the IT Help Desk for assistance.
OIT recommends all customers set up Okta Verify and SMS Authentication if they are able to do so.
Setting Up MFA
Updating MFA Settings
To update your MFA settings (such as changing your phone number or Okta Verify app) you'll need to log in to the ACE Dashboard first to start the process.
Launch ACE Dashboard Settings
- On your computer or mobile device, go to ace.unlv.edu and sign in with your ACE Account. If you forgot your ACE username or password, you can attempt self-service recovery by selecting Need help signing in?, or contact the IT Help Desk.
- On the ACE Dashboard, select your name in the upper right.
- Select Settings.
- Select Edit Profile. If you do not see Edit Profile, continue to the next step.
- You may be prompted to sign in again. Enter your password, then select Verify.
- You may be prompted to satisfy MFA before you can change methods. If you cannot complete MFA, contact the IT Help Desk.
- Navigate down to Extra Verification.
- If you need to replace a factor, such as changing your phone number, or setting up a new device with Okta Verify, select Remove for that option. Then select Set up to begin the setup process.
- If you are setting up a new factor, select Set up for that factor.
- Set up your chosen factor with the applicable instructions below.
- Once you have completed your changes, you may sign out and/or close the ACE dashboard.
Setting Up Factors
Once the enrollment process starts, follow the on-screen instructions to enroll in MFA, or select the factor you are enrolling in below.
Okta Verify will send a "yes/no" push notification on your mobile device to confirm your authentication attempt. Since internet access is not required, Okta Verify’s offline mode allows you to provide a factor with a limited connection.
- Under Okta Verify, select Setup.
- Select your device type.
- Download Okta Verify
from the App Store (for iOS) or Google Play (for Android).
- Open Okta Verify on your mobile device.
- Tap Add Account.
- Tap Organization.
- Return to your computer, verify you have selected iPhone or Android, then select Next.
- A QR code will appear on your computer.
On your mobile device, tap Yes, Ready To Scan, and point your camera at the QR code displayed in the browser on your computer.
- If prompted, allow push notifications on your device so that you can approve future sign-in notifications without opening the Okta Verify app.
- If prompted, enable biometrics (such as Face ID or Touch ID). Tap Enable or Allow.
- Tap Done to complete the account enrollment.
- Return to the enrollment web page on your computer.
- Once the app has finished downloading, go back to the setup wizard (usually in your web browser).
- Verify iPhone or Android is selected, then select Next.
- A QR code will appear.
Select Can't scan?
- A screen will display asking to send an activation link via SMS. Enter your phone number and select Send.
- A text message will then be sent to the phone number provided. Select the link sent to you.
- If prompted, select Allow or Open Okta Verify.
- Okta Verify should automatically open. Follow the on-screen instructions to finish enrollment.
- If prompted, allow push notifications on your device so that you can approve future sign-in notifications without opening the Okta Verify app.
- If prompted, enable biometrics (such as Face ID or Touch ID). Tap Enable or Allow.
- Return to the enrollment web page (usually in your web browser).
The enrollment page will automatically advance once Okta Verify has been registered. Enrollment in Okta Verify is now complete.
We strongly recommend also setting up SMS Authentication as a backup to Okta Verify.
SMS Authentication will send verification codes via text message to your mobile device. We recommend all users have SMS Authentication set up.
- Under SMS Authentication, select Setup.
- Select your country code, enter your phone number, then select Send code.
- Wait for the SMS code to arrive on your device.
- When it arrives, enter the code in Enter Code.
- Select Verify.
The enrollment page will automatically advance once SMS Authentication has been registered. Enrollment in SMS Authentication is now complete.
Voice Call Authentication should only be used when you do not have a device that can use Okta Verify or SMS Authentication. Phone Authentication requires that you be near the phone to receive the phone call and follow the instructions.
Voice Call Authentication works by calling your phone and following the instructions to complete MFA.
- Under Voice Call Authentication, select Setup.
- Enter your phone number, then select Call.
- You will then receive a phone call and be given a code. Enter this code in Enter Code, then select Verify.
The enrollment page will automatically advance once Voice Call Authentication has been registered. Enrollment in Voice Call Authentication is now complete.
Security Keys and Biometric Authentication will not work in Respondus Lockdown Browser
Respondus Lockdown Browser does not support the use of security keys and biometric authentication (Windows Hello and Face ID / Touch ID).
As a workaround, students will need to setup Okta Verify, SMS Authentication, or Voice Call Authentication in the ACE Dashboard from a normal browser, and then login to Lockdown Browser.
Students who cannot setup another method will need to call the IT Help Desk for assistance.
Using a Security Key or Biometric Authenticator allows you to satisfy MFA without using a phone at all. A Security Key is a special USB key you'll insert or tap on your device when prompted. Any FIDO2 certified security key is compatible.
If you setup a Security Key or Biometric Authenticator, OIT strongly recommends enabling SMS Authentication to prevent being locked out in case you lose or forget your security key.
Compatible Security Key
OIT recommends the purchase of the YubiKey 5 Series. Because you must either plug the device in to a USB port, or tap it against an NFC-comptaible device, be sure to select a security key with the correct connection type for your device.
If you plan on using campus computers, we recommend having a security key that works with USB-A ports:
Setting up a Security Key
- Under Security Key or Biometric Authenticator, select Setup.
- Select Enroll.
- Once you select Enroll, your device will walk you though the process to setup your security key. Be sure to select the options to setup a security key, as your device may prompt with multiple options. Your device will also prompt you when to insert or tap your security key.
The enrollment page will automatically advance once the security key has been registered. Enrollment for Security Key or Biometric Authenticator is now complete.
You may add additional security keys or biometric authenticators though the ACE Dashboard, similar to setting up another factor, like SMS Authentication.
Signing in with MFA
When signing in with ACE, you'll be automatically prompted to sign in with MFA when needed. This may not happen at every sign in, but you will be prompted if you log in to a new device. Make sure to always keep your second factors (such as your phone or security key) handy.
If you are prompted to satisfy MFA, you'll see a prompt with the last method you used to sign in. For example, you'll see this for Okta Verify:
If you want to switch how you are prompted, select Menu to the right of the icon:
Then, select the factor you wish to use. Only factors you have set up will display.
If your mobile device cannot connect to the Internet or receive SMS or Phone calls, you can either use a manual code from Okta Verify, or a Security Key (if enrolled).
For Okta Verify
- Verify Okta Verify is displayed as your authentication method. You should see the Send Push button.
- If it does not appear, select the drow-down menu, then select Okta Verify
- Below Send Push, select Or enter code.
- On your phone, open Okta Verify.
- Locate the entry for nshe-unlv.okta.com and confirm your ACE username is shown.
- Enter the six digit code shown below your ACE username in the Enter Code box on your computer.
- Select Verify.
For Security Keys
- Verify Security Key or Biometric Authenticator is displayed as your authentication method.
- If it does not appear, select the drow-down menu, then select Security Key or Biometric Authenticator.
- Follow the instructions on your device to insert or tap your security key.
Need Additional Help?
If you are locked out of your ACE account, you must
call the IT Help Desk. The IT Help Desk cannot reset MFA over email.
For additional assistance, please visit the Accounts, Access, and Identity Knowledge Base for additional articles or select a Related Service to submit a support ticket. You can also contact the IT Help Desk.