If you know your current UtahID password and you want to reset it, you can simply log in to UtahID, go to Change Password in the Security tab, confirm your current password, and type in a new password.
If you’ve forgotten your password, first go to the UtahID login page and select Forgot Password. You’ll be asked to type in your username/email and your last name. You can receive a one-time passcode (OTP) in a few ways, depending on the contact information you set up in your profile:
If you are locked out of your UtahID account, the first lockout is ten minutes, the second lockout is thirty minutes, and the third lockout is ninety minutes.
No; to ensure the security of your identity and credentials, the DTS Help Desk will no longer be able to reset passwords. Instead, we have multiple options to reset your password, and if you are unable to reset your password using those options, you’ll need to create a new UtahID.
You may be required to reset your password depending on the services you access.
Yes. For security and account maintenance, including password recovery, it is a requirement to validate your email address to set up a UtahID account.
Yes. For security and account maintenance, including password recovery, you are required to validate an entered mobile phone number to receive text messages.
Two-factor, or multifactor, authentication is using two or more different factors to achieve authentication. Factors include:
Source(s): NIST SP 800-53 Rev. 4 under Multifactor Authentication. See Authenticator.
General Troubleshooting Tip: If you are receiving errors when trying to use the UtahID Authenticator app or if the notification is not being triggered, generally restarting your iPhone will resolve the issue. Otherwise, please read through the FAQ for other tips and resolutions.
After entering your UtahID username and password, you will be presented with the below screen:
At this same time, you will receive a notification on your mobile device from the UtahID Authenticator app. Click on the “Accept” button to continue the login process.
No it cannot. A UtahID account can only have a single installation of the UtahID Authenticator app tied to it.
If a notification is not popping up on your mobile device, try going directly into the app and follow these steps (The below screenshots are from the iPhone app. The Android app may look slightly different):
If the notification displayed in the above screenshots is not being displayed in the app, first close the app on your mobile device. Then back on the login screen, click “Start Over” to re-enter your username and password.
If you’ve uninstalled and reinstalled the app, that is the most likely cause of your UtahID no longer being displayed. To add it back, follow these steps:
IMPORTANT: When re-registering the UtahID Authenticator app, you will be given a new set of Recovery Codes. Remember to save these Recovery Codes, and replace your old set of codes.
Typically, restarting your iPhone will resolve this. After a restart, try logging in again and you should receive the 2FA notification.
When initially installing the UtahID Authenticator, depending on the model of your iPhone you will be asked if you also want to enable Face ID or Touch ID when using the app. If you enable either of these features, then in addition to tapping “Accept”, you will also need to authenticate on your iPhone by either using Face ID (allowing the iPhone camera to recognize your face), or Touch ID (tapping your fingerprint on the Home button) to continue.
Push authentication has to be registered individually in each environment. This is due to how the application interacts with the messaging services and the authentication environment.
You should be prompted to register a device when logging into the AT and DEV environments if Push is the only thing on your production account.
If you do not see a prompt, then to manually register a device in AT or Dev you can do the following:
You can do this for both AT and DEV if you want to use push with both of those environments.
After entering your username and password, you’ll see the below prompt. If you haven’t already inserted the Yubikey into a USB port, do so now, then press it to activate.
DTS will be maintaining an inventory of Yubikeys through a subscription service.
The instructions are documented here: https://idhelp.utah.gov/2fa-removing.html#yubikey Please note that user can only remove a Yubikey from their own UtahID account. At this time there is not an Administrator option to do so.
Yes. The employee should first remove the Yubikey option from their UtahID. The instructions are documented here: https://idhelp.utah.gov/2fa-removing.html#yubikey.
However, if they fail to do so, the Yubikey can still be registered by the new employee. The instructions are documented here: https://idhelp.utah.gov/2fa-yubikey.html.
NO. After inserting the Yubikey, if you are asked to update the stored password in your browser, DO NOT allow the browser to do so. It will actually replace your stored UtahID password. Since this new password does not match your actual UtahID password, you will receive the “Your User Name and/or Password are incorrect.” error message, and continued attempts to use this incorrect password will lock you out.
The Yubikey key works across multiple environments. The authentication process will be no different between AT and Production environments.
When registering the UtahID Authenticator app or Yubikey, you’ll be presented with 10 one-time use recovery codes to be used in this scenario. Save them in a place where you do not need your mobile phone or UtahID in order to access them. Printing a copy is also recommended. These recovery codes can be used to login if your mobile phone or Yubikey are unavailable. Be aware that each code can only be used once. It is very important to have access to your recovery codes, as it will be the easiest method to access your account.
After entering your username and password, you will be presented with the option to “respond on your mobile device” or to sign in “using a security key”:
Yes. Login to id.utah.gov, and select “Security”. Scroll down to the “Multi-Factor” section, and follow the instructions listed under “Recovery Codes”.
When presented with the option to “respond on your mobile device” or to sign in “using a security key”:
You’ll access the delegated Gmail account the same way, and 2FA will not be required.
However, if the owner of that delegated account needs to log in directly, for example to change the password, they will need to use 2FA. If the owner of the account is using the UtahID Authenticator app, they can add that account to the app. If the owner of the account is using a Yubikey, they can add that account to the Yubikey as well.
This is most likely due to your workstation being set to the wrong time. Once the time has been corrected, you should be able to login without issue.
Short for Two-Factor Authentication
Push Notification Authentication enables authentication by sending a push notification directly to a secure application on the user’s device, alerting them that an authentication attempt is taking place. The UtahID Authenticator app is a Push solution.
When registering a Push or WebAuthn device a set of 10 codes are generated which are a one time use code and can be used in place of the device or app if needed. If you save these codes, please save in a secure place as they are as important as securing your token or mobile device
A physical device attached to your computer that enables authentication when the user attempts to login. The physical device that will be used by DHS staff is the Yubikey 5 NFC.
WebAuthn allows users to login to internet accounts using their preferred device (i.e. token, fob, etc). Web services and apps using WebAuthn provide an easier login experience via biometrics, mobile devices and/or FIDO security keys with much higher security over passwords alone. Yubikey is a WebAuthn solution.
It depends on your cell phone carrier. Contact your provider for more information on this.
Updating your home address in UtahID will not change your address anywhere else at this time. Please contact the agencies you do business with in order to submit address changes
If your email is not accessible, you will be required to create a new UtahID with a different email address.
Toll Free: 800-678-3440
Salt Lake Area: 801- 538-3440