Okta Frequently Asked Questions (FAQs)


Information4.1 Technology is partnering with the Information Security team to introduce Okta, a new, state-of-the-art multi-factor authentication (MFA) solution for business-critical networks and applications such as Oracle and Office365. This will help to protect SG’s confidential and proprietary information from outside threats.

The questions and answers in this bulletin explain multi-factor authentication, introduce Okta, and describe the variety of ways
users can access the platform.

 

1.0 What is multi-factor authentication (MFA)?

MFA is an industry standard for confirming a user's claimed identity by using something they know, i.e. a password, and a second factor incorporating either something they have, e.g. a mobile device, or something inherently unique to that individual, e.g. a fingerprint. An MFA event occurs when a user logs into a critical application or company network over virtual private network (VPN) while away from the office.


2.0 What is Okta?

Okta is the world's leading provider of identity management. It is a single, integrated platform that offers secure access to enterprise applications and information via multi-factor authentication.


2.1 What browsers are supported by Okta?

Okta supports Chrome, Safari, and Internet Explorer 10 or higher.


2.2 What are the authentication methods offered by Okta?

All SG employees will enroll in one or more of the authentication methods seen below.



2.2.a How do I register for more than one factor for Okta MFA?

Login to https://login.scientificgames.com/

Click on user profile, go to settings, click Edit Profile and re-login, then scroll down to Extra Verification and click Setup next to the factor you want to add and following instructions to finalize process.

If you have any questions or concerns, please contact Service Desk (1-866-357-9893) or email service.desk@scientificgames.com

2.2.b How do I reset Okta MFA or register on a new device?

Please contact Service Desk (1-866-357-9893) or email service.desk@scientificgames.com

 

2.3 Which authentication methods will be available to me?

Our Information Security team has created sets of authentication options for employees based on their respective levels of access to secured information, Table 1.

Table 1 Authentication options by user group

2.4 How will the adoption of Okta affect me as an end user?

You will use your SG email address as your username and your SG network password when logging in to Okta.
You will be prompted to complete MFA every time you log on via a virtual private network (VPN).
Certain applications, e.g. Oracle EBS, and Blackline, will require MFA one every 12 hours.


2.5 How do I enroll in Okta?

All users will receive an email from Corporate Communications during the enrollment period. If you do not see one in your inbox, check your spam folder. The setup instructions from Okta are outlined starting Section 6.0


3.0 What are my options for accessing Okta?

The sections below provide instructions for the various ways you can log on to Okta.


3.1 Accessing Through a Web Browser

1. Open a web browser and visit the https://login.scientificgames.com for logging in to SG’s Okta portal.
2. If prompted, type your SG email address in the Username field and your SG network password in the Password field.
3. Click the downward-pointing arrow to the right of the symbol featuring the blue check mark.

4. Click one of the available options on the Select an authentication factor drop-down menu.


3.2 Accessing the Network via Cisco AnyConnect VPN

1. Open Cisco AnyConnect Secure Mobility Client.
2. Type your SG email address in the Username field and your SG network password in the Password field.

3. In the Cisco AnyConnect dialog, type the number corresponding with one of the available authentication methods in
the Answer field and click Continue.

4. Complete the necessary steps for the authentication method you chose in step 3.

NOTE

If you have not enrolled in Okta

Cisco VPN will provide popup window to guide you through the enrollment steps.

OR

you can enroll here: https://login.scientificgames.com


3.3 Accessing the Network via OpenVPN or WatchGuard

Digital Users: The only authentication method available seeking VPN access via OpenVPN is 1 – Okta Verify Push.

However, Digital users can enroll into other Okta MFA options while accessing Okta portal and enterprise apps therein.

Please use email address and network password.

SciGames users will continue using their native second authentication method (YubiKey) for VPN access.

However, SciGames users SHOULD enroll into one of the Okta authentication methods to access the Okta portal after logging in to their OpenVPN.

Please use email address and network password.

SciGames Austria: The only authentication method available seeking VPN access via WatchGuard is 1 – Okta Verify Push.

However, SciGames Austrian users can enroll into other Okta MFA options while accessing Okta portal and enterprise apps therein.

Please use email address and network password.

 

3.4 Remotely via Okta Mobile

Okta Mobile allows users to access enterprise applications from their mobile devices with a 4-digit pin code. It provides a high level of security while also offering users the convenience of a single login. Refer to section 7.0 for setup instructions.

 


4.0 How does it affect Vendors accessing internal applications using SG provisioned VPN?

All vendors have to enroll into Okta (see Table-1 in FAQ) in order to access SG enterprise applications or while using SG

 

4.1 What if, if the VPN I am using is not listed in the FAQs?

You will not be prompted for Okta MFA. However, it is mandatory to enroll into Okta in order to access SG Enterprise applications. \

If the VPN you are using is not listed in FAQ’s and is not managed by Corporate IT, the owner of that VPN (Any division) should reach out to Okta team ASAP via a ServiceDesk ticket. Okta team will work with you to on-board VPN accordingly.

 

4.2 How do I enroll in additional authentication options?

1. Log on to the Okta portal https://login.scientificgames.com
2. Click the downward-pointing arrow to the right of your name and click Settings.

3. Click on EDIT profile if the setup option below is grayed out.

4. Scroll down to the Extra Verification section.

5. Select the authentication method you want to set up and follow the instructions on your screen.


4.3 Which applications will require MFA?

Office 365 | Oracle EBS  | Blackline | Bluejeans | Pro Lease | Rally | Concur | Jira | Jira ServiceDesk | Oracle Configurator | Oracle Planner | Shuffle Flex (Internal)

For most applications, the session will be valid for 12 hours and will not be promoted for MFA. Office 365 sessions will be valid for 60 days unless the user logs out of Outlook or changes their network password.


4.3.1 O365 Application Access

SG Users (excluding Digital) will notice the following change in behavior while accessing O365 applications such as Outlook, Skype, and Teams etc…

Once Okta is federated with Office 365 change federation, all Users will be asked to entered credentials, as authentication topology change.

1. Working outside office network – Not connected to Corporate VPN:

User will be prompted to enter credentials along with MFA initial

User will be prompted to enter credentials along with MFA every 12 hours thereafter

User accessing via Browser will also be impacted in same way.

2. Working outside office network-Connected to Corporate VPN:

User will be treated as in-office network.

No Credentials pop-up will happen.( may have to re-lauch application after connecting to VPN)

3. Working inside office network

No Credentials will be asked login


Additional Questions:

4. Will I be asked to login on my Mobile device?

Mobile devices are excluded from all of the above policies. You will be prompted to enter credentials only when you change your password.

5. Will I be asked to enter credentials once I reach home from Office?

Yes, you will be prompted to enter credentials. Ideally, users are encouraged to login to VPN and then relaunch all applications to avoid any login prompts.

6. I normally work from home, what should I do?

If you work from home all the time, we recommend you connect to VPN first and then launch all Office apps to avoid credential popup.

7. Skype for Business ,Yammer, Teams are not taking password after 12 hours, what should I do?

If any applications do not work as expected after 12 hours please sign-out from application and re-open that should fix the issue or quit all applications , connect to VPN and launch the application.

8. I do not see any of my mapped mailboxes when I go through Login Portal and use Outlook from there.

Please note that, when you use the browser version of Outlook via the portal, you will not see mapped mailboxes. The browser version is for emails only. Use the Outlook client in order to see all the mapped mailboxes

 

SG Digital Users will notice the following change in behavior while accessing O365 applications such as Outlook, Skype, and Teams etc…

9. Accessing from inside the network (Office or VPN)

Users are required to enter their Okta credentials (SG Digital Email as username and Network password for Password) with no MFA

10. Accessing from outside the network:

Users are required to enter their Okta credentials (SG Digital Email as username and Network password for Password) and perform MFA

11. Accessing using Mobile phone

Users are required to perform MFA only when they reset their network passwords

 

4.3.2 Oracle EBS Application Access

Users are required to perform Multi-Factor Authentication Once Every 12 hours while accessing the application as mandated by Corporate Security team

SG Users (Excluding SG Digital)

1. Accessing Via the Okta Portal:

When the user goes to Okta portal they will be automatically logged into Okta.

Once logged into Okta portal, users will be prompted for Okta MFA while accessing Oracle EBS

2. Accessing Via the EBS Bookmark or Link:

User will be prompted for Okta MFA

3. What happens to Oracle One Login?

Users should no longer use OneLogin but can continue to use bookmarks as they are unchanged

 

SG Digital Users

4. Accessing Via the Okta Portal:

When the user goes to Okta portal they will be directed to Okta login screen. Use SGDigital email as the Username and the network password for Password.

Once logged into Okta portal, users will be prompted for Okta MFA while accessing Oracle EBS

5. Accessing Via the EBS Bookmark or Link:

User will be directed to Okta login screen. Use SGDigital email as the Username and the network password for Password.

User will be prompted for MFA

6. What happens to Oracle One Login?

Users should no longer use One login for EBS but can continue to use bookmarks as they are unchanged

In general, Select the checkbox ‘Do not challenge me on this device for the next 24 hours’. This will stop the user from repeated Okta prompt while accessing Oracle for 24 hours. 

 

4.3.3 - How-to Sign into BlueJeans with Okta 

There are 3 possible methods on how you may need to sign back into BlueJeans due to Okta.  Use the method that is true for you.  If you need assistance, please submit a ticket or contact the ServiceDesk for immediate assistance.

Method 1 - BlueJeans Add-in Sign in for Outlook

Check to see if you are signed into BlueJeans

1. Click on the Schedule down arrow button from the Home tab.

2. If the Add-in shows you are signed in already as in example image, there is no need for you to do anything further.

3. If the Add-in shows you are not signed into your BlueJeans account, please go to the next step.

Sign into the BlueJeans Add-in

1. On the Upper left hand side of Outlook, click on the BlueJeans Schedule arrow down button

2. Click on Sign In

If you are prompted to sign into the BlueJeans Add-In from Outlook

1. Sign in using your Corporate Email Address into the Username or email address field

2. Press the Next button

Sign into the Okta prompt

1. Sign-in using your Corporate Email Address and Network Password.

2. You are now signed into BlueJeans from Okta

Method 2 - BlueJeans Add in Sign in for O365

From your calendar in Outlook, click on New Appointment

Click on the BlueJeans Settings button to see if you are signed into the BlueJeans Add-in

1. If the right side of the Appointment window shows you are already signed in as shown in example image, there is no need for you to do anything further.

2. If the Add-in shows you are not signed into your BlueJeans account, please go to the next step.

Click on the BlueJeans Sign In button on the right hand side of the Appointment window

BlueJeans window prompt

1. Sign in using your Corporate Email Address into the Username or email address field

2. Press the Next button. Note that sometimes when your Email address is recognized by the system, you will automatically go into the next window without having to press the Next button.

Sign into the Okta prompt

1. Sign-in using your Corporate Email Address and Network Password.

You are now signed into your BlueJeans account. 

You can verify you are signed in if you can see your Corporate Email address under My Account from the BlueJeans Window.

There is no need to click on the Save button on the bottom of the window. The Save button is meant to be pushed if you make any changes such as muting team members on entry or other options within that window.

Method 3 - BlueJeans Sign in from Outlook online https://outlook.office.com/

Check to see if you are signed into BlueJeans

1. From your calendar, click on the New event button.

2. Click on the more options button (3 vertical dots icon).

3. Slide your mouse over BlueJeans Meetings

4. Click on Settings

If you see the Sign in button continue going forward with the how-to, otherwise you are already signed into your BlueJeans account

1. Click on the Sign In button

2. If you are prompted to allow BlueJeans to display a new window, click on Allow

BlueJeans window prompts

1. Sign in using your Corporate Email Address into the Username or email address field

2. Press the Next button. Note that sometimes when your Email address is recognized by the system, you will automatically go into the next window without having to press the Next button.

Sign into the Okta prompt

1. Sign-in using your Corporate Email Address and Network Password.

You are now signed into your BlueJeans account. 

You can verify you are signed in if you can see your Corporate Email address under My Account from the BlueJeans Window.

There is no need to click on the Save button on the bottom of the window. The Save button is meant to be pushed if you make any changes such as muting team members on entry or other options within that window.

 

4.3.4 How-to Sign into the BlueJeans app with Okta for Mobile

If you need assistance, please submit a ticket or contact the ServiceDesk for immediate assistance.

1. Open the BlueJeans app and touch the Sign In link at the bottom of the screen

2. Type in your Corporate Email address into the Email or Username field

3. If you typed in your Corporate Email address correctly and it is recognized by the system, the app will automatically go into the next window without having to press the Sign In button.

4. Press Continue

5. Login using your corporate email address and network password

6. Select Office 365 Calendar

7. Press continue

8. You will see your calendar come up when once your account is signed in

9. You can go one-step further to verify you are signed in by touching the ME button on the bottom right hand side of the screen. Your profile with your personal meeting id will display

 

4.3.4 How-to sign into the BlueJeans desktop app with Okta

1. Open the BlueJeans app

2. Enter your Corporate Email address in the Enter your username or email address field

3. Sign in using your Corporate Email Address into the Username or email address field

4. Press the Next button. Note that sometimes when your Email address is recognized by the system, you will automatically go into the next window without having to press the Next button.

5. Once your account authenticates, the window will change to show you that you are now signed into the BlueJeans desktop app

6. Select Outlook and then press Continue

7. Your calendar will now be connected to the BlueJeans app

 

4.4 What is the process to ON-BOARD an application into Okta portal for MFA?

Initiate a ServiceDesk ticket. SG Okta team will work with you to on-board your application for MFA

 

4.5 How does it affect me if I am using my personal laptop to access SG applications?

SG security team has to provide clearance in order for you to use personal laptop to access SG property [OR] You will have to request for SG laptop
You will have to enroll into MFA in order to access enterprise applications. (Section 4.2)

 

4.6 What will happen to Oracle OneLogin?

Okta MFA will replace Oracle OneLogin.


4.7 How do I reset my network password?

Although Okta maintains all Active Directory passwords, you will have to follow the existing process for all password reset requests. If you currently initiate a Service Desk ticket, continue to do the same.


4.8 Who will get YubiKey?

YubiKey provides more stricter Muti-Factor authentication for users that accesses secured information or production servers etc…(Ex: Executives, Systems teams etc..). For general population, this is optional and they should enroll into other MFA options presented to them.


4.9 What do I do if I lose my Yubikey?

Immediately report the loss to your manager and create a Service Desk ticket.


5.0 Can I install Okta Verify on two mobile devices?

No. If you want to switch Okta Verify from one device to another, create a Service Desk ticket. After an Okta Admin deactivates your old device, you can set up Okta Verify on your new device.


5.1 What should I do if I lose my mobile device?

Immediately report the loss to your manager and create a Service Desk ticket.


5.2 Who should I contact if I experience any issues with Okta?

Please reach out to your local helpdesk and raise a ticket for Okta support team. For emergency issues, you can reach out Corporate-OktaSupport@scientificgames.com

 

6.0 Setup Instructions for Okta Authentication Options

All users will receive an email from corporate communications during the enrollment period. If you do not see one in your inbox, check your spam folder.

The setup instructions for Okta’s authentication options are very straightforward and should be easy to follow. All SG employees should enroll in one or more of the following options.

NOTEThe MFA options presented to and required of you will depend on the sensitivity of the company information to which you have access.

6.1 Okta Verify Setup

SG strongly recommends using Okta Verify as your primary authentication method. Okta Verify is fast, easier to use than other methods, and provides automatic Push authentication prompts.

1. Open a web browser and visit https://login.scientificgames.com.
2. On the Okta Sign in screen, type your SG credentials in the Username (corporate email), Network Password and click Sign in.

3. On the Set up multifactor authentication screen, click Configure factor under the Okta Verify section.

4. On the Setup Okta Verify screen, click the appropriate icon for your mobile device under the Select your device type subsection.

5. Click Next.
6. On your mobile device, open:

a. The Apple App Store if you have an iOS device.
b. The Google Play Store if you have an Android device.

7. Search for and install Okta Verify.

8. Open Okta Verify on your mobile device.
9. On the Welcome to Okta Verify screen, tap Add Account.
10. Use your mobile device to scan the barcode on your computer screen.

11. On the Setup Okta Verify screen, click Next.
An Okta Verify code appears on your mobile device.
12. Type the code from your mobile device in the field on the Setup Okta Verify screen and click Verify.
[OR]
13. Click on ‘SEND PUSH’ 
14. A pop-up (sample below) appears on your mobile phone. Click on ACCEPT.

 

6.2 SMS Authentication Setup

1. Complete step 1 and step 2 from the Okta Verify Setup section.
2. On the Set up multifactor authentication screen, click Setup under the SMS Authentication section.

3. On the Receive a code via SMS to authenticate screen, type your phone number in the Phone number field.

4. Click Send code.
5. On the Receive a code via SMS to authenticate screen, type the code that was sent to your mobile device in the Enter Code field.

6. Click Verify.

 

6.3 Voice Call Authentication Setup

1. Complete step 1 and step 2 from the Okta Verify Setup section.
2. On the Set up multifactor authentication screen, click Setup under the Voice Call Authentication section.

3. On the Follow phone call instructions to authenticate screen, enter your phone number in the Phone number field.

4. Click Call.
5. Answer the call you receive at the phone number you provided in step 3.
6. Type the code you receive from the phone call in the Enter Code field on the Follow phone call instructions to authenticate screen.

7. Click Verify.

 

6.4 Security Question Authentication Setup

1. Complete step 1 and step 2 from the Okta Verify Setup section.
2. On the Set up multifactor authentication screen, click Setup under the Security Question section.

3. On the Setup secret question authentication screen, select a question from the drop-down menu.

4. Type your response in the Answer field and click Save.

 

6.5 Remotely via OpenVPN

The only authentication method available to Digital users seeking VPN access via OpenVPN is 1 – Okta Push. Digital users can use any of the available authentication methods to access the Okta portal and enterprise apps therein.

SciGames users will continue using their native second authentication method (YubiKey) for VPN access. However, SciGames users should use one of the Okta authentication methods to access the Okta portal after logging in to the VPN.

 

6.6 Remotely via Web Browser

If you access any of SG’s enterprise apps via web browser from outside of the network, you will be prompted to complete one of your available authentication methods for accessing the Okta portal.

 

6.7 Remotely while Traveling without Network Connectivity

If you are traveling and your mobile device does not have network connectivity, you still have an authentication method available. The Okta Verify mobile app provides a six-digit, rotating code that can be used to access the Okta portal despite your mobile device being offline.

Follow the steps below to use your mobile device for MFA when it is offline.

1. Open a web browser and visit https://login.scientificgames.com.
2. Type your SG credentials in the Username and Password fields and click Sign in.
3. Select Okta Verify as your authentication factor and click Or Enter Code.

4. Open Okta Verify on your mobile device.
5. Type the six-digit code from the Okta Verify app in the Enter Code field.

Okta Mobile

Okta Mobile allows users to access enterprise applications from their mobile devices with a 4-digit pin code. It provides a high level of security while also offering users the convenience of a single login.

7.0 Setup Okta Mobile

1. Download and install Okta Mobile from the Apple App Store.
2. Open Okta Mobile on your mobile device.
3. Type scientificgames in the First Box (In case of Android) OR Enter URL https://login.scientificgames.com (in case of IOS

4. Type your SG credentials in the Username  (company email) and Password fields.
5. On the Setup a new Okta PIN screen, type a new four-digit PIN.

NOTEFingerprint optional

 

7.1 Launching Apps via Okta Mobile on iOS

1. To access apps via the built-in browser, tap the mobile menu button in the top-left corner of the screen.
2. Tap My Apps.
3. Tap the corresponding icon to access the apps you want to use.

NOTEApps are organized using the same tab system as on the traditional Okta interface.

 

7.3 Okta YubiKey Setup

1. Login to the Okta portal (https://login.scientificgames.com). 
2. Click the downward-pointing arrow to the right of your name and click Settings.

3. Click on EDIT profile

Enter Password and perform Okta Sign-in using already enrolled MFA type

4. Scroll down to the Extra Verification section


5. Select the authentication method YubiKey.


6. YubiKey verifies and logs into portal

 

7.4  Will there be an Okta desktop icon and bookmark pushed to my machine?

Yes, users will automatically have the icon/bookmark pushed to all users machines.