This site requires JavaScript to be enabled
An updated version of this article is available

Set up Okta Verify for your HMS and HarvardKey account

49 views

41.0 - Last modified on 06-08-2026 Revised by Julie Balise

40.0 - Last modified on 06-05-2026 Revised by Becka Buono

39.0 - Last modified on 05-13-2026 Revised by Joseph Casciano

38.0 - Last modified on 05-13-2026 Revised by Caroline Pereira

37.0 - Last modified on 05-06-2026 Revised by Julie Balise

36.0 - Last modified on 04-13-2026 Revised by Joseph Casciano

35.0 - Last modified on 02-27-2026 Revised by Joseph Casciano

34.0 - Last modified on 02-27-2026 Revised by Joseph Casciano

33.0 - Last modified on 02-25-2026 Revised by Joseph Casciano

32.0 - Last modified on 02-25-2026 Revised by Caroline Pereira

31.0 - Last modified on 02-24-2026 Revised by Caroline Pereira

30.0 - Last modified on 02-17-2026 Revised by Joseph Casciano

29.0 - Last modified on 06-02-2025 Revised by Lindsey Pockl

28.0 - Last modified on 04-08-2025 Revised by Lindsey Pockl

27.0 - Last modified on 03-28-2025 Revised by Joseph Casciano

26.0 - Last modified on 03-28-2025 Revised by Joseph Casciano

25.0 - Last modified on 03-25-2025 Revised by Joseph Casciano

24.0 - Last modified on 03-21-2025 Revised by Lindsey Pockl

23.0 - Last modified on 03-21-2025 Revised by Lindsey Pockl

22.0 - Last modified on 03-18-2025 Revised by Joseph Casciano

21.0 - Last modified on 02-20-2025 Revised by Joseph Casciano

20.0 - Last modified on 02-18-2025 Revised by Joseph Casciano

Set up the Okta Verify app to sign in to services protected by your HMS account using biometrics like Face ID, fingerprint, or PIN. Install on each device you use to access Harvard and HMS services (phone, computer, iPad).

If you already have Okta Verify set up on your devices and need to enable passwordless sign-in, skip to Enable Okta FastPass.

Table of Contents

Set up Okta Verify on your mobile device

We recommend setting up Okta Verify on your mobile device before setting it up on your computer.

Install Okta Verify

If you do not have Okta Verify installed, download and install it:

Note – If you encounter a We could not complete your purchase. error message, you must first update your operating system (OS) to a supported version. After updating your operating system, try downloading and installing Okta Verify again.

Configure Okta Verify on mobile devices

  1. Open the Okta Verify app.
  2. Follow the prompts to Get Started.
  3. When prompted for Ways to verify, select Add account.
  4. For Account Type, select Organization.
  5. When prompted to Add Account from Another Device, select Skip.
  6. When prompted, Do You Have Your QR Code?, select No, Sign In Instead.

Connect your HMS account

  1. When prompted to Enter Your Organization's Sign-In URL, enter:
    • URL (HMS account): login.hms.harvard.edu
  2. Select Next.
  3. When prompted with Harvard Medical School Sign In, enter your HMS account ID (typically in the format ABC123).
    Note – If you do not know your HMS account ID, you can find it on the HMS IT Service Portal. Select your profile avatar from the menu, then select Profile. Your ID is displayed on your User Profile, in the About section under HMS ID.
  4. When prompted, enter your HMS account password.
  5. Select Verify.
  6. When prompted to Verify with Universal Duo, select Verify.
  7. Approve the Duo push notification sent to your device.

Connect your HarvardKey account

  1. When prompted to Enter Your Organization's Sign-In URL, enter:
    • URL (HarvardKey): login.harvard.edu
  2. Select Next.
  3. When prompted with HarvardKey Sign In, enter your HarvardKey account name (typically in the format firstname_lastname@hms.harvard.edu).
  4. When prompted, enter your HarvardKey account password.
  5. Select Verify.
  6. When prompted to Verify with Okta Verify push notification, select Verify.
  7. Approve the Okta Verify push notification sent to your device.

Enable push notifications

  1. When prompted to Allow Push Notifications?, select Allow.
  2. When prompted again about push notifications, select Allow.
  3. When prompted to Enable Face ID or Passcode Confirmation, select Enable.
  4. When prompted again, select Allow.
  5. When the app displays Account Added, select Done.

Okta Verify is set up on your mobile device. Next, set up Okta Verify on your computer.

Set up Okta Verify on your computer

Follow these instructions to install and configure Okta Verify on your Windows or macOS computer.

Install Okta Verify

If you do not have Okta Verify installed, download and install it:

Note – If you encounter a We could not complete your purchase. error message, you must first update your operating system (OS) to a supported version. After updating your operating system, try downloading and installing Okta Verify again.

Configure Okta Verify

  1. Open the Okta Verify app on your computer.
  2. Follow the prompts to Get Started.
  3. When prompted for a New account, enter:
    • HMS account URL: login.hms.harvard.edu
    • HarvardKey URL: login.harvard.edu
  4. Select Next.
  5. When the sign-in page opens, enter your HMS account ID or your HarvardKey account ID (typically in the format ABC123).
    Note – If you do not know your HMS account ID, you can find it on the HMS IT Service Portal. Select your profile avatar from the menu, then select Profile. Your ID is displayed on your User Profile, in the About section under HMS ID.
  6. Select Next.
  7. When prompted to Verify it's you with a security method, select Okta Verify: Get a push notification.
  8. Approve the push notification on your mobile device using the Okta Verify app.
  9. When prompted for Windows Hello confirmation or Touch ID confirmation, select Enable.

When Okta Verify confirms Account added, your account appears in the Okta Verify app.

Alternative: Add from a mobile device

If you have already set up Okta Verify on your mobile device, you can add your account to your computer from your phone:

  1. Open Okta Verify on your computer and select Get Started.
  2. Select Add Account from Another Device.
  3. On your phone, open Okta Verify and select the organization profile:
    • HMS: login.hms.harvard.edu
    • HarvardKey: login.harvard.edu
  4. Select Add Account to Another Device.
  5. Enter the 8-digit code from your phone into the computer app.
  6. Enable Touch ID, Windows Hello, or PIN authentication when prompted.

Enable Okta FastPass for passwordless sign-in

Okta FastPass is a feature within the Okta Verify app that replaces the password-and-push-notification step when you sign in. FastPass uses a secure key stored on your device combined with biometrics (Face ID, fingerprint, or Windows Hello) or a PIN to verify your identity. Because authentication is tied to your specific device, it cannot be intercepted or replayed.

FastPass is available for both HMS account and HarvardKey sign-in. Complete the steps below on each computer you use to access Harvard and HMS services.

Before you enable FastPass

Confirm the following on the device where you want passwordless sign-in:

If any of these are missing, complete the mobile device setup and computer setup sections first.

Enable biometrics on your computer

FastPass requires a biometric method or device PIN on your computer. Set up one of the following if you have not already.

If you encounter issues setting up Windows Hello or Touch ID, submit a ticket and request assistance from the Identity and Access Management team.

Windows Hello

Follow the instructions to configure Windows Hello, ensuring that the PIN, facial recognition, and fingerprint recognition are enabled.

If sign-in options are unavailable in Windows Settings when configuring Windows Hello:

  1. Press Win + R, type gpedit.msc, and press Enter.
  2. Navigate to Computer Configuration > Administrative Templates > System > Logon.
  3. Open Turn on convenience PIN sign-in and select Enabled.
  4. Navigate to Computer Configuration > Administrative Templates > Windows Components > Biometrics.
  5. Open all four settings in this folder and set them to Enabled.
  6. Try again by following the instructions to configure Windows Hello.

Touch ID for macOS

Follow the instructions to use Touch ID on Mac.

Verify device readiness

After you enable biometrics, confirm that your device is ready for passwordless authentication:

  1. Open the device passwordless readiness check.
  2. If your device is correctly set up, the message Success! This device is using passwordless! appears.
  3. If the check does not pass, follow the on-screen prompts to enable biometrics or a PIN.
  4. Confirm that both login.harvard.edu and login.hms.harvard.edu are added in Okta Verify.

Note – For additional troubleshooting steps, see the device readiness troubleshooting article on the Harvard IT Service Portal.

Sign in with FastPass

After you complete the setup steps above, FastPass handles authentication when you sign in to a service protected by your HMS or HarvardKey account:

  1. Navigate to the sign-in page for the service you want to access.
  2. Okta Verify may authenticate you automatically in the background. If it does, you are signed in with no further action.
  3. If automatic authentication does not occur, select Sign in with Okta FastPass on the sign-in page.
  4. Confirm your identity with Touch ID, Face ID, Windows Hello, or your PIN when prompted.

Okta FastPass becomes the default sign-in method for your device. You do not need to enter your password.

Affected products  HMS OKTA
Revised by Joseph Casciano
Last modified 3 months ago