This site requires JavaScript to be enabled
An updated version of this article is available

Set up Okta Verify for your HMS and HarvardKey account

3478 views

41.0 - Last modified on 06-08-2026 Revised by Julie Balise

40.0 - Last modified on 06-05-2026 Revised by Becka Buono

39.0 - Last modified on 05-13-2026 Revised by Joseph Casciano

38.0 - Last modified on 05-13-2026 Revised by Caroline Pereira

37.0 - Last modified on 05-06-2026 Revised by Julie Balise

36.0 - Last modified on 04-13-2026 Revised by Joseph Casciano

35.0 - Last modified on 02-27-2026 Revised by Joseph Casciano

34.0 - Last modified on 02-27-2026 Revised by Joseph Casciano

33.0 - Last modified on 02-25-2026 Revised by Joseph Casciano

32.0 - Last modified on 02-25-2026 Revised by Caroline Pereira

31.0 - Last modified on 02-24-2026 Revised by Caroline Pereira

30.0 - Last modified on 02-17-2026 Revised by Joseph Casciano

29.0 - Last modified on 06-02-2025 Revised by Lindsey Pockl

28.0 - Last modified on 04-08-2025 Revised by Lindsey Pockl

27.0 - Last modified on 03-28-2025 Revised by Joseph Casciano

26.0 - Last modified on 03-28-2025 Revised by Joseph Casciano

25.0 - Last modified on 03-25-2025 Revised by Joseph Casciano

24.0 - Last modified on 03-21-2025 Revised by Lindsey Pockl

23.0 - Last modified on 03-21-2025 Revised by Lindsey Pockl

22.0 - Last modified on 03-18-2025 Revised by Joseph Casciano

21.0 - Last modified on 02-20-2025 Revised by Joseph Casciano

20.0 - Last modified on 02-18-2025 Revised by Joseph Casciano

Set up the Okta Verify app to sign in to services protected by your HMS account using biometrics like Face ID, fingerprint, or PIN. Install on each device you use to access Harvard and HMS services (phone, computer, iPad).

If you already have Okta Verify set up on your devices and need to enable passwordless sign-in, skip to Enable Okta FastPass.

Table of Contents

Set up Okta Verify on your mobile device

We recommend setting up Okta Verify on your mobile device before setting it up on your computer.

Install Okta Verify

If you do not have Okta Verify installed, download and install it:

Note – If you encounter a We could not complete your purchase. error message, you must first update your operating system (OS) to a supported version. After updating your operating system, try downloading and installing Okta Verify again.

Configure Okta Verify on mobile devices

  1. Open the Okta Verify app.
  2. Follow the prompts to Get Started.
    Welcome to Okta Verify - Get Started
  3. When prompted for Ways to verify, select Add account.
  4. For Account Type, select Organization.
    Choose Account Type - Organization
  5. When prompted to Add Account from Another Device, select Skip.
    Add account from Another Device? Skip
  6. When prompted, Do You Have Your QR Code?, select No, Sign In Instead.
    Do you have a QR code? No, Sign In Instead

Connect your HMS account

  1. When prompted to Enter Your Organization's Sign-In URL, enter:
    • URL (HMS account): login.hms.harvard.edu
    Enter Your Organization's Sign-In URL
  2. Select Next.
  3. When prompted with Harvard Medical School Sign In, enter your HMS account ID (typically in the format ABC123).
    Note – If you do not know your HMS account ID, you can find it on the HMS IT Service Portal. Select your profile avatar from the menu, then select Profile. Your ID is displayed on your User Profile, in the About section under HMS ID.
    Sign In with your HMS account ID or Affiliate email address
  4. When prompted, enter your HMS account password.
    Verify it's you with a security method - Select Password
  5. Select Verify.
  6. When prompted to Verify with Universal Duo, select Verify.
    Verify with Universal Duo
  7. Approve the Duo push notification sent to your device.
  8. When prompted to Enable Face ID or Passcode Confirmation, select Enable.
    Enable Face ID of Passcode Confirmation?
  9. When prompted again, select Allow.
  10. When the app displays Account Added, select Done.
    Account added

Connect your HarvardKey account

  1. When prompted to Enter Your Organization's Sign-In URL, enter:
    • URL (HarvardKey): login.harvard.edu
    Enter Your Organization's Sign-In URL - HarvardKey
  2. Select Next.
  3. When prompted with HarvardKey Sign In, enter your HarvardKey account name (typically in the format firstname_lastname@hms.harvard.edu).
    HarvardKey Sign In
  4. When prompted, enter your HarvardKey account password.
  5. Select Verify.
  6. When prompted to Verify with Universal Duo, select Verify.
  7. Approve the Duo push notification sent to your device.
  8. When prompted to Enable Face ID or Passcode Confirmation, select Enable.

Enable push notifications

  1. When prompted to Allow Push Notifications?, select Allow.
  2. When prompted again about push notifications, select Allow.

Okta Verify is set up on your mobile device. Next, set up Okta Verify on your computer.

Set up Okta Verify on your computer

Follow these instructions to install and configure Okta Verify on your Windows or macOS computer.

Install Okta Verify

All Harvard-managed computers have the Okta Verify application. If you cannot find it or are working on a personal computer, download and install it:

Note – If you encounter a We could not complete your purchase. error message, you must first update your operating system (OS) to a supported version. After updating your operating system, try downloading and installing Okta Verify again.

Configure Okta Verify

  1. Open the Okta Verify app on your computer.
  2. Follow the prompts to Get Started.
    Welcome to Okta Verify - Get Started
  3. When prompted for a New account, enter:
    • HMS account URL: login.hms.harvard.edu
    • HarvardKey URL: login.harvard.edu
    New Account - HMS accountNew Account - HarvardKey 
  4. Select Next.
  5. When the sign-in page opens, enter your HMS account ID or your HarvardKey account ID (typically in the format ABC123).
    Note – If you do not know your HMS account ID, you can find it on the HMS IT Service Portal. Select your profile avatar from the menu, then select Profile. Your ID is displayed on your User Profile, in the About section under HMS ID.
  6. Select Next.
  7. When prompted to Verify it's you with a security method, select Password. Enter your HarvardKey or HMS account password. Do not select "Okta Verify: Use Okta FastPass" at this step.
    Verify it's you with a security method - Password
  8. When prompted again to Verify it's you with a security method, select Okta Verify: Get a push notification or Okta Verify: Enter a code. Do not select "Okta Verify: Use Okta FastPass" at this step.
    Verify it's you with a security method - Okta push or code
  9. Approve the push notification on your mobile device using the Okta Verify app.
  10. When prompted for Windows HelloTouch ID, or password confirmation, select Enable.
    Enable Touch ID or password confirmation? - Enable

When Okta Verify confirms Account added, your account appears in the Okta Verify app.

Alternative: Add from a mobile device

If you have already set up Okta Verify on your mobile device, you can add your account to your computer from your phone:

Note – Bluetooth must be enabled on both your phone and your computer for this method to work.

  1. Open Okta Verify on your computer and select Get Started.
  2. Select Add Account from Another Device.
  3. On your phone, open Okta Verify and select the organization profile:
    • HMS: login.hms.harvard.edu
    • HarvardKey: login.harvard.edu
  4. Select Add Account to Another Device.
  5. Enter the 8-digit code from your phone into the computer app.
  6. Enable Touch ID, Windows Hello, or PIN authentication when prompted.

Enable Okta FastPass for passwordless sign-in

Okta FastPass is a feature within the Okta Verify app that replaces the password-and-push-notification step when you sign in. FastPass uses a secure key stored on your device combined with biometrics (Face ID, fingerprint, or Windows Hello) or a PIN to verify your identity. Because authentication is tied to your specific device, it cannot be intercepted or replayed.

FastPass is available for both HMS account and HarvardKey sign-in. Complete the steps below on each computer you use to access Harvard and HMS services.

Before you enable FastPass

Confirm the following on the device where you want passwordless sign-in:

If any of these are missing, complete the mobile device setup and computer setup sections first.

Enable FastPass on your mobile device

  1. Ensure your mobile device has appropriate features enabled to use FastPass.
  2. Open the Okta Verify app.
  3. Tap your account, which appears as your Harvard email address.
  4. In the Account Details screen, under Security toggle on:
    • Android: Screen lock confirmation or Face ID. If this is already toggled on, no further steps are needed for this account on your mobile device.
    • iOS: Face ID or Passcode Confirmation. If this is already toggled on, no further steps are needed for this account on your mobile device.
  5. Verify your identity when prompted.
  6. The next time you access HarvardKey-protected resources on this device, select "Okta Verify > Use Okta FastPass" to sign in with your fingerprint, face, or PIN.
  7. Future sign-in attempts default to the last used method.

Enable FastPass on your computer

If you have not already done so, set up Okta Verify on your computer. FastPass requires a biometric method or device PIN on your computer. Set up one of the following verification methods if you have not already.

Verification methods for Windows

Follow the instructions to configure Windows Hello, ensuring that the PIN, facial recognition, or fingerprint recognition are enabled. Then:

  1. Open the Okta Verify app.
  2. Select your HarvardKey or HMS account.
  3. Select the toggle to turn Windows Hello confirmation on and follow the instructions. If this is already toggled on, no further steps are needed for this account on your Windows computer.
  4. If you are asked to verify your identity:
    • Do not select Okta FastPass. Instead, use your HarvardKey or HMS password, an Okta Verify code, or an Okta Verify push notification.
    • If you selected Okta Verify code or Okta Verify push notification, use your mobile device to complete this step.
    • Multiple verifications may be required.
  5. The next time you access HarvardKey-protected resources on this device, select "Okta Verify > Use Okta FastPass" to sign in with your fingerprint, face, or PIN.
  6. Future sign-in attempts default to the last used method.
  7. Repeat the steps for the account not selected in step 2.

Verification methods for macOS

Mac users have two options for verification: fingerprint recognition or their computer’s password. If using the computer’s password, no additional setup steps are required. To use fingerprint recognition, configure Touch ID on Mac. Then:

  1. Open the Okta Verify app.
  2. Select your HarvardKey or HMS account.
  3. Find the Face ID or Passcode Confirmation and turn the toggle switch to On. If this is already toggled on, no further steps are needed for this account on your Mac.
  4. Select Enable in the prompt.
  5. Verify your identity using the available methods, when prompted.
    • Do not select Okta FastPass. Instead, use your HarvardKey or HMS password, an Okta Verify code, or an Okta Verify push notification.
    • If you selected Okta Verify code or Okta Verify push notification, use your mobile device to complete this step.
    • Multiple verifications may be required.
  6. The next time you access HarvardKey-protected resources on this device, select "Okta Verify > Use Okta FastPass" to sign in with your fingerprint or password.
  7. Future sign-in attempts default to the last used method.
  8. Repeat the steps for the account not selected in step 2.

Verify device readiness

After you enable FastPass for HarvardKey, confirm that your device is ready for passwordless authentication:

  1. Open the device passwordless readiness check.
  2. If your device is correctly set up, the message Success! This device is using passwordless! appears.
  3. If the check does not pass, follow the on-screen prompts to enable biometrics or a PIN.
  4. Confirm that both login.harvard.edu and login.hms.harvard.edu are added in Okta Verify.

Note – For additional troubleshooting steps, see the device readiness troubleshooting article on the Harvard IT Service Portal.

Sign in with FastPass

After you complete the setup steps above, FastPass handles authentication when you sign in to a service protected by your HMS or HarvardKey account:

  1. Navigate to the sign-in page for the service you want to access.
  2. Okta Verify may authenticate you automatically in the background. If it does, you are signed in with no further action.
  3. If automatic authentication does not occur, select Sign in with Okta FastPass on the sign-in page.
  4. Confirm your identity with Touch ID, Face ID, Windows Hello, or your PIN when prompted.

Okta FastPass becomes the default sign-in method for your device. You do not need to enter your password.

Set up HarvardKey passkeys for shared computers

  1. Follow these instructions to turn on Bluetooth on your phone and computer:
  2. Go to the Okta account settings at login.harvard.edu.
  3. Sign in with your HarvardKey credentials.
  4. Select Manage security methods.
  5. Next to Security Key or Biometric Authenticator, select Set up or Set up another.
  6. When Okta prompts you, authenticate with the security method you last used.
  7. On the Set up security methods prompt, select Set up under Security Key or Biometric Authenticator.
  8. Save the passkey to your phone.
Affected products  HMS OKTA
Revised by Joseph Casciano
Last modified 4 weeks ago