Information ServicesMulti-Factor Authentication (MFA)

Information and advice on Multi-Factor Authentication (MFA)

The University uses Multi-Factor Authentication (MFA) for access to services such as email off-campus. This page contains more information on the service and the steps that you should take before setting up MFA.

MFA is live for all DS accounts by default. You'll most likely be prompted to sign up for MFA right away when accessing your account for the first time. If you are not prompted or appear not to be on MFA, your account will be MFA enabled shortly. You should register.

Setup

MFA provides an additional layer of security. It adds an extra step to the login process, requiring you to confirm your identity via a mobile device.

If you use mobile banking, you'll most likely have come across Multi-Factor Authentication already. You may need to enter your login details and then use your device to generate a code to verify your identity. This will give you access to your account.

MFA adds an additional layer of security by requiring an extra login step to validate your login. This extra step makes it significantly more difficult for an attacker to access your account, even if they manage to discover your username and password.

This extra login step is called your Second Factor, is usually carried out using a mobile device and can be configured in the following ways:

  • a push notification through the Microsoft Authenticator app; this is the most secure and convenient method and is recommended by Information Services
  • a text message to your phone, containing a six digit code; this option is intended for those without a device capable of installing the Authenticator app

MFA is active in the University so there are a few steps you must take to ensure you are able to authenticate and access your account:

  • for Android phones, navigate to the Playstore, for iOS phones, navigate to the App store; then search for Microsoft Authenticator, click install
  • open the Authenticator App
  • if you are prompted about Data Privacy, click OK, then skip all steps until you have the option to add your first account
  • you have now installed the Authenticator app; you can now continue on to the MFA User Registration

Registration

To use MFA, generally, you'll need a mobile device which you can register and use as your 'second-factor' for logging in.

Download the Microsoft Authenticator app

If you're using a smartphone, you should download the Microsoft Authenticator App. This is the easiest way to use MFA and the method Information Services recommends. 

  1. The first step in the registration process is to visit MFA setup on your desktop.
  2. You'll then be prompted to login; enter your email and Click Next
  3. you'll now be asked for credentials, Enter your password and click Sign in
  4. you'll now be prompted to provide additional information, Click Next

Add your account to the app

If you haven't installed the Microsoft authenticator app on your phone go back to the home screen and follow the guide. Otherwise, Click Next:

  1. In the Authenticator App, click ADD ACCOUNT.
  2. In the Authenticator App, choose Work or school account.
  3. If you receive a permission prompt, click Allow.
  4. Once you have completed the above steps on the Authenticator App, in the MFA Wizard, click Next.
  5. In the Authenticator App, Scan the QR Code. In the MFA Wizard, click Next.
  6. Click Approve on your phone screen.
  7. Once the Notification is approved successfully, click Next
  8. You have now set up the authenticator app as your second method of authentication. click Done.

Set up additional methods of authentication

You'll now be taken to your security info page. This is where you can set up additional methods of authentication. We recommend adding your mobile in case something happens to your authenticator app. Click Add Method:

  1. From the dropdown, Select Phone and click Add.
  2. Enter your mobile phone number and click Next.
  3. You'll now be sent a 6-digit code to your mobile, enter it here and click Next.
  4. SMS should now be verified, click Done.
  5. you'll now be taken back to security info. To change your default sign-in method, click Change.
  6. From the dropdown, Select Microsoft Authenticator notification and click Confirm.
  7. You have now registered your information for MFA.
  8. Once you are registered for MFA, you can manage your authentication methods at My Sign Ins.

FAQs

Even if you've registered, MFA will not be active until your local IT support team has enabled it.

The rollout will be on a department-by-department basis. Any information on when it will be active should be available from your local IT support team.

Some departments will be enabled for MFA much later than others.

You'll have to authenticate:

  • off-campus only
  • the first time you use a new device
  • every 30 days after first use
  • you may be asked more frequently if logging on to web pages from a device configured to forget sessions
  • you'll not have to change your password every 30 days

MFA protects a growing range of services at the university, including Freshdesk, Zoom, email and OneDrive, however, you won’t see it every time you use one of these services and you'll only see it when off-campus.

iOS device requirements: Requires iOS 13.0 and watchOS 6.0 or later. Compatible with iPhone, iPad, and iPod touch.

Android Phones system requirements:

Outlook for Android can be installed on any of the supported Android versions that have an ARM-based or Intel x86 processor. This includes KitKat1 (4.4 - 4.4.4), Lollipop1 (5.0 – 5.1.1), Marshmallow (6.0 – 6.0.1), Nougat (7.0 – 7.1.2), Oreo (8.0 – 8.1), and Pie (9.0).

If you do not have a smartphone for the authenticator app, you can still use MFA. A text message to your phone, containing a six-digit code, which will allow you to log in.

To register for this method of MFA, visit MFA Set U. Here you can enter your mobile number as your chief method of authenticating.

If you would like to change your method of authenticating after registering, you can visit My Security Info.

For additional support or other options, contact your IT helpdesk.

Please see our MFA Additional Guide for further help.

For additional support or other options, contact IS Enquiries at help@strath.ac.uk 

A common fix for any problems with the authenticator app is to update your software. Ensure your device and all apps are up to date.

For more support on the authentication app, you can view the authenticator app set-up video, or you can visit Microsoft's support pages.

For any further assistance, contact your IT helpdesk.

Even in the absence of Wi-Fi and signal, you can still use the Microsoft Authenticator app to generate a "one-time passcode". This will grant you access to the service you are accessing:

  1. When you receive the MFA prompt click “Sign in another way”.
  2. Select “use a verification code from my mobile app”.
  3. A box will appear to type in a number code.
  4. On your phone, open the Microsoft Authenticator app.
  5. On the device you are trying to access on, type the passcode into the login box (before the code expires, you can see how long you have on the countdown timer) and click Verify.

If you have a mobile signal, but no internet, you can authenticate via SMS instead of using a push notification. That is why entering your mobile number as a method of authentication, in addition to the Authenticator App, is important.

  • To register your mobile number, visit MFA Set Up.
  • To change your method for authenticating or to opt for this type of authentication as default, visit My Security Info.

ou can change your settings by going to My Security Info we recommend that you at least have a phone number set up and also the authenticator app if possible. Setting up a phone number makes it easier to migrate phones when you get a new one.

Watch our MFA User Registration Walkthrough video on YouTube which includes changing the method of authenticating.

To avoid things like this getting in the way of you accessing work services, you can back-up your authenticator app.

If your authenticator app has not been backed up, contact your helpdesk for assistance with logging in.

At My Account on Microsoft you can view recent logins. You may see some application names that you are not used to seeing. This should not be a concern to you.

With MFA enabled the risk of anyone other than you logging in is massively reduced. Microsoft is continually monitoring the environment and raising suspicious activities to the University security team who investigate and act on any accounts they deem necessary.

As the page recommends it is worth checking that no other phone number is registered on your account. If you see a phone number you are not familiar with, please contact your helpdesk.

If your email app no longer works on your phone, see the MFA phone troubleshooting guide.

If your contacts are no longer syncing on your phone, please see our MFA phone troubleshooting guide.

On a personal PC, you should use webmail by accessing Office. If it is a university PC, please contact your local helpdesk.

If you are experiencing a problem with Skype for Business and are repeatedly asked to authenticate, download and apply the following registration fix, SkypeMFAFix.

If the issue persists, contact your helpdesk.

In the first instance please reboot your PC and your phone to help clear down sessions. If issues persist please contact your helpdesk.

If you have accessibility issues, or other reasons why you can not use MFA, you can place a request to be exempt with your helpdesk. The Helpdesk has procedures in place to seek authorisation from your Head of Department.

After being enabled on MFA, some users have found when they organised a meeting on Zoom, the meeting did not appear on their outlook calendar.

If this happens to you, you can re-establish the link between both calendars at Zoom.