A1. Starting from 2023, all CityUHK staff and student accounts will be protected by MFA, except for the secondary accounts.
The University does not provide the MFA for the alumni accounts.
A2. Please refer to the CityUHK MFA page.
A3. Please refer to the CityUHK MFA page.
A4. For staff, Okta Verify (a mobile app) and SMS are the default options. For students, It is Okta Verify. We also recommend you to set up other alternative options such as Google Authenticator, CityUHK email, and voice call so that you can use these methods in some situations.
A5. You can visit the IT Service Desk to request for suspending MFA for your account for one day. However, it's advised to enroll multiple MFA methods to ensure you always have access.
A6. Okta Verify supports the most recent major releases of specific operating system platforms and web browser combinations. Please refer to this link for the latest information.
Time-sync in your mobile device is required for Okta Verify to work.
A7. Okta Verify (6-digit code mode) and Google Authenticator are both time-based MFA methods which don't need network access. It is recommended that you set up either one method in advance to prepare for this situation.
A8. No, the costs will not be charged to you, but we recommend users to use Okta Verify push notification rather than SMS as it's more secure and convenient.
A9. Okta Verify is recommended. You can also add your overseas number to your account profile to receive SMS for MFA. For more details, see this guide.
A10. If you forget to bring a mobile phone to the campus or working location, and you haven't registered for any MFA methods like email or voice call that don't require your mobile phone, you can use the Service Portal self-service function to temporarily disable your MFA for that day. Alternatively, you can contact the IT Service Desk for help. The support staff will ask you to prove your identity with your staff/student ID card and then temporarily disable the MFA for your account for that day.
However, if you have registered for email or voice call as alternative MFA methods, you can use them.
A11. Okta Verify can be registered on multiple mobile phones. Please refer to this link for the instruction to install Okta Verify on another phone. You can remove the registration for the old phone afterwards.
A12. You can download it from this link. After installing it, please follow the staff or student user guides to do the setup.
A13. There are limitations in the mobile or WiFi network in China. Okta Verification with push notification and access to Google services are unavailable.
When you are in China, if you are an iPhone user, you can still download and install Okta Verify from Apple App Store.
Users using Android/Harmony OS platform have to download the setup apk file from this link.
For both cases, you have to switch to using Okta Verify 6-digit code rather than push notification.
MFA with SMS should be fine in China.
A14. Log on to SSO home page (link: https://auth.cityu.edu.hk). Pull down the menu on the top right corner, choose "Settings". Find the "End All Sessions" and then click the "Sign out" button.
IT.ServiceDesk@cityu.edu.hk
