myAuth FAQs

myAuth is a new, multi-factor authentication application supported by DMDC to provide enhanced protection of your data. myAuth utilizes high levels of security to create a safe and convenient sign-on.

myAuth has completed the pilot phase and will continue to partner with additional DOD applications. As more applications are added, you will be able to access all your regular DOD sites with one sign-in through your myAuth account. You can still use your DS Logon account to access applications that are not using myAuth yet.

myAuth is set up for the use of CACs, but not other types of PIV cards. Additional PIV functionality is expected to be added. If you do not have a CAC, you can create a username and password to log in to myAuth.

For your protection, myAuth will not sign you in if your username is entered incorrectly, or your security methods are entered incorrectly. You can click Back to sign in on any of the login screens to return to the initial screen. Try logging in again:

• Double-check that you entered your username correctly. Your username is included in the myAuth welcome email.
• Ensure that your password is entered correctly. You can click the'eye' icon to display the password characters and ensure that it is correct.
• For your security, if you fail authentication too many times, your account will be locked. You can follow the directions on the screen to unlock your account.

For your protection, your session will end after a period of inactivity. If you are getting logged out of the system frequently, confirm that you are not connecting with a commercial (non-DOD/non-DMDC) VPN. It is recommended to not use commercial VPNs to access myAuth.

Your myAuth username is same as the email address that you entered when setting up your myAuth account. Check your email, including trash and spam or junk mail folders, for an email with the subject line “Welcome to myAuth.” Your username is included in the email. If you no longer have the email, you can create a new account (see Creating a New myAuth Account).

Users with a DS Logon account have already completed the identity verification process. myAuth is set up so that new users can quickly and easily verify their identity through DS Logon and create a myAuth account without repeating the process.

View a detailed walkthrough of the remote proofing process (see DS Logon Remote Identity Proofing) and Remote Proofing FAQs for additional information.

Some users will not be able to verify their identity remotely due to their devices or a lack of credit history. For those users, in-person proofing at a RAPIDS office is the best option. Contact a RAPIDS office to confirm what will be required (typically two [2] forms of ID). 

Logging in from the regular DS Logon page will not connect you to myAuth. Go to the myAuth website to connect your DS Logon identity verification. Log into DS Logon as you normally would. When you are authenticated, you should see a myAuth screen that prompts you to enter your email. If you see your DS Logon dashboard instead, try closing your browser and pasting the myAuth website link (https://myaccess.dmdc.osd.mil/identitymanagement/api/auth/myauth) into a new tab.

For security purposes, DS Logon accounts may be deactivated, suspended, or locked. Depending on the error message you see, try the following:

• Deactivated: Accounts that have not been used in 180 days are automatically deactivated to prevent unauthorized access. You will see Error Code 5 when you try to log in.
  1. On the myAuth login page, click Create New DS Logon Account, and complete the identity verification process (see Creating a New DS Logon Account and the DS Logon FAQs for additional information).
  2. Once you have authenticated, you will automatically be directed to the myAuth account process.
• Suspended: An account can be suspended due to incorrect password attempts. You will see Error Code 8 when you try to log in.
  1. Click Unsuspend my Account in the error message.
  2. Enter your PII to confirm your identity.
  3. Answer the challenge questions correctly.  
  4. Change your password.
  5. Update your challenge questions.
  6. Click Continue.
  7. Create a new myAuth account and connect your DS Logon identity verification (see Creating a New myAuth Account).
• Locked: DS Logon accounts can be locked to protect user security, including unusual activity.
  1. Contact the DMDC CCC to request instructions on how to have your account unlocked.
  2. You may be asked to contact the VA if the CCC is unable to remove a lock placed by the VA. The CCC will provide you with the necessary information.

Yes. If you choose to use your DEERS email address as your myAuth email address, all myAuth notifications will be sent to this email. Please note that myAuth requires a unique email address for all accounts; email addresses shared between family members will not work for multiple myAuth accounts. If you are about to separate or retire, it is recommended that you use a personal email to maintain your access.

Yes. If you use an email address for myAuth that is different than your DEERS official email address, you will receive myAuth notifications at that address. DMDC will continue to send benefits-related information to your official DEERS email address.

If you started to create a myAuth account but did not complete the process, your email username is already set up. The account creation process may not have been completed, or another person, such as a family member, may have created an account using the email address.

1. Check your email. Look in the trash and spam or junk mail folders for an email titled “Welcome to myAuth.” That email has a link that will let you complete the process.
2. If you share your email address with anyone else, like a child or a spouse, check to see if they already used the email address to create their own myAuth account. You may need to use a different email to create your own account.

Yes, for the purpose of one-time account creation. Once you have created your myAuth account and set up Smart Card Authentication, you will be able to log in using just your CAC.

Having a username and password also allows you to maintain access to your myAuth account after separation of service or when you do not have access to a CAC reader.

• Emails typically take less than one (1) minute to arrive. Occasionally, emails will take up to 20 minutes to arrive.
• Check your trash and spam or junk mail folders. The subject line will read “Welcome to myAuth.”
• Add noreply@okta.mil to your trusted senders or contact list in your email settings to ensure that myAuth notifications are delivered to your inbox.
• It is possible that the email address had an error or typo. Follow the instructions to create a new myAuth account using your DS Logon (see Confirm Your Identity with DS Logon). After you are authenticated, you will be asked to enter an email address. Enter your email address and the myAuth email will be sent to you. If you receive an error message that there is already an account with that email, see the "I see an error that says there might already be an account with my email. What can I do?” FAQ above.
  • If you share the email account with anyone, such as a spouse, check if they already created an account with your shared email. If they did, you can create an account with the same process using a different email address.
• This email is valid for seven (7) days. If it has been longer than (7) days, please contact the CCC to have the welcome email resent.

Yes, myAuth is designed to be safe and secure to protect your information. myAuth uses the latest industry standard fraud detection and prevention tools. Consequently, to protect your identity and information, myAuth may require you to log in with more secure methods if it determines that your log in request is at a higher risk of being fraudulent.

Maintaining the privacy of your personal data is a shared priority for you and myAuth. For the security of your information, myAuth requires additional security methods to protect your account.

In addition to providing your username and password, you will be required to provide a second security method, such as a code or push notification using the free Okta Verify app, or OTP via email. The extra step keeps your information secure while giving you SSO access to various apps.

Having additional security methods in place helps you recover your account if your password is forgotten or stolen.

To link your CAC to your myAuth account, you should be logged in. In your user dashboard, click your name in the top right corner and click Settings. In the Security Methods box, click Set up next to the Smart Card Authenticator option. Insert your CAC and select the appropriate certificate in the pop-up window. You will now be able to choose Smart Card to authenticate from the login screen on future sign-ins.

From the app store on your device, search for Okta Verify.

• Choose Okta Verify and NOT Okta Mobile or Okta Personal. There is no cost to download Okta Verify.

If you are not able to scan the QR code to set up Okta Verify, you can click Can’t Scan under the QR code. You will be given the option to set up Okta Verify with email. Select Email me a setup link and click Next. You will receive an email with a link. Click the Activate Okta Verify Push link. See Authenticating Using Security Methods for additional information.

Yes, you can use a tablet to log in with Okta Verify. The Okta Verify app can be downloaded on devices using Android, iOS, and iPadOS operating systems. Chrome, Safari, and Firefox are all supported browsers. If you are having trouble downloading the free Okta Verify app, check that you are using the latest versions of your operating system and browser.

You can easily add Okta Verify from your user dashboard. When you are logged into your myAuth dashboard, click your name in the top right corner and click Settings. In the Security Methods box, click Set up next to the Okta Verify option. The system will prompt you to enter a security method to verify your identity. Once you have entered a security method (email passcode, CAC authentication, or password), click Set up when presented with the Okta Verify option. 

To proceed, you will need to download the free Okta Verify app on your device. You can search for Okta Verify in your device’s app store and download the app. Once the download is complete, open the Okta Verify app on your device and complete the setup (see Step 3 - Set up Your Security Methods).

If you have face or fingerprint recognition (such as Face ID) set up with Okta Verify on your device, Okta Verify will cloak the numbers until you successfully complete the face or fingerprint verification. Once your phone has completed the check, the numbers will be displayed.

It is possible Okta Verify might not be set up correctly on your device. You can remove Okta Verify from your security methods and try setting it up again (see Removing Security Methods). You can log in using Email OTP and password for your security methods. Click Verify with something else if they are not presented as options.

You can also check the health of your device within the Okta Verify app to ensure that your device is secure and up to date. Click the icon in the top right of the app to access Settings and click Device health. 

If your device passes all checks, each security requirement has a green check mark. You will see suggestions on the Device health screen to resolve any issues that were identified.

Yes. If you did not choose to set up Face ID during the Okta Verify setup, you can add it later. Open the Okta Verify app and click on the myAuth account. You will be directed to the Account Details screen.

Under Security, you can toggle Face ID or Passcode Confirmation on. You will need to verify your identity to complete the setup. The Okta Verify app will present a code that you will enter on the following myAuth screen to complete the setup.

You can use the Email OTP security method (see Authenticate with Email OTP) to log in and change your security methods. In your Settings, you can add Okta Verify to a new device (see Adding a Security Method) any time you are logged into myAuth. You can also remove Okta Verify (see Removing Security Methods) from your myAuth security methods completely or just from selected devices if you no longer have access to that device.

Okta FastPass is part of the free Okta Verify app and allows passwordless authentication. You automatically have access to FastPass once you download the Okta Verify app and enroll your myAuth account. You must have the Okta Verify app installed on the device you are using to log in for FastPass to work. The Face ID or Passcode Verification setting must be enabled in the Okta Verify app for passwordless authentication to work. Users logging in with FastPass without Face ID or Passcode Verification enabled will still need to enter a password to authenticate (see Login with Okta FastPass).

Click Allow to ensure that FastPass will work with the newest version of Chrome. This one-time action is due to an update in Chrome. This process is secure and only communicates with the device where Okta Verify is installed. myAuth will not look for or connect to any other device on your local network. If you already clicked Block, you can take the following steps to ensure that you can authenticate with FastPass:

1. While on the myAuth sign-in page, click the icon (padlock or tune icon) on the left side of the address bar. 
2. Select Site Settings to open the Site Settings menu.
   • For Chrome on Mac or Windows: Click Privacy & Security.
   • For Chrome on Android: Click Permissions.
3. Find the setting for Local Network Access.
4. Use the toggle or drop-down menu to change the permission from Block to Allow.
5. Refresh the page. Okta FastPass should now work correctly.

• FastPass users accessing myAuth with Google Chrome browser on a Mac, Windows, or Android device will see this pop-up and be required to allow the one-time connection. Users who are using iOS/iPhone or a different browser, such as Edge, will not be affected.

Your username is the same as the email you entered during account creation. Users can change their primary email address (the address that will receive notifications from myAuth) without affecting the username. Users cannot change their username at this time.

Users are required to update their password every 60 days. You can change your password in the myAuth dashboard. See Updating Your Password for instructions. Please note that passwords cannot be changed more than once every 24 hours.

Yes. Changing your email address will not change your username at this time. Any notifications from myAuth will go to the primary email address on file. See Updating Your Email for instructions.

Before you transition out of the military, you will want to complete the following:

• Make sure your primary email address is one that you will be able to access after separation. If your primary email address ends with “.mil” you can update it to a personal email address. Your username does not need to be updated. You can keep your existing username, even if it is a .mil email address.
• If you having been using your CAC to log in to myAuth, consider adding Okta Verify as a security method. By downloading the free Okta Verify app, you will be able to log into myAuth using a convenient OTP, push notification, or FastPass.

If you see activity that you do not recognize, it is recommended that you immediately update your password (see Updating Your Password for instructions). Review your MFA security methods under Settings and make sure that they are up to date. Verify that your contact information (such as phone number and email addresses) has not changed.

You can also click Sign out in the End All Sessions box in your Settings. This will log your account out of any open sessions across any devices, including your current session, that have accessed your account.

If you suspect fraudulent activity, you can report the activity to suspend your account. This will prevent all account access, including your own. To report a fraudulent Sign-In and suspend all access to the account, click the Report button in the Report to Admin column. To report a fraudulent Security Event and suspend all access to the account, click the blue dots in the top right of the event’s box. This will open a panel with additional details and a Report button.

To recover an account that has been hacked or hijacked or suspended in error, please call the DMDC CCC. After confirming your identity, an operator will be able to help you unsuspend your account or close out the compromised account and create a new account.

myAuth will send automated emails regarding account actions that you have taken that could affect your account access (such as when you change your email or update your password). Any time you receive an email with activity that you do not recognize, you can secure your account by logging in, clicking on your name in the top right corner, and going to Settings. You can take the following actions:

• Update your password
• Make sure your contact information is accurate
• Review your security methods to make sure they are up to date

If you receive a suspicious message or call, do not respond. Verify the contact information of the organization and contact them directly.

Never give out your password or personal information to unsolicited messages or calls.

Remember that DOD, DMDC, and myAuth will never:

• Call to ask you to respond to a text or for your password
• Contact you to take control of your computer

Your account will be locked after too many failed sign-in attempts. Any time this happens, you will receive an email. Click the Unlock Account button in the email. You will be prompted to enter security methods and unlock the account. None of your information or applications will be changed while your account is locked.

To recover an account that has been hacked or hijacked, please call the DMDC CCC. After confirming your identity, an operator will be able to help you close out the compromised account and create a new account.

Your account may be in "Suspended" status. Please call the DMDC CCC. After confirming your identity, an operator will be able to help you. Please note that passwords cannot be changed more than once every 24 hours.

myAuth supports the latest versions of Android, iOS, and iPadOS, macOS, and Windows operating systems. The latest versions of Chrome, Safari, Edge, and Firefox are all supported browsers. If you are having trouble accessing your myAuth account, check that you are using the latest versions of your operating system and browser.