Versions Compared

Old Version 78

changes.mady.by.user Douglas 2brown

Saved on

compared with

New Version Current

changes.mady.by.user Douglas 2brown

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Multi-factor Authentication (MFA) is an authentication method that requires you to provide two or more verification factors to gain access to a resource. Organizations such as banks, credit card companies, and governments all around the world use MFA to secure digital assets, information and user identities to protect customer/user credentials from unauthorized use.

Royal Roads University has adopted Microsoft 365 MFA for Webmail, Remote Desktop (for staff only) and Office 365 (Currently only for people outside Canada, but soon coming to all accounts August 2024). You only have to set this up once and it will work for all the applications listed.

Info

MFA requires the Microsoft Authenticator app to be installed on a mobile device or to have an RRU FOB. It is STRONGLY recommended that you follow these instructions on a Computer with your mobile phone or FOB in hand. This will help make the procedure go a lot smoother.

If you do not have a mobile device that you can use for this purpose, please contact the RRU Help Desk.

You MUST be in Canada when setting up MFA. If you are not in Canada, please contact the RRU Help Desk before you try to setup MFA. (If Computer Services has directed you to this site, and they are aware you are outside of Canada, you may proceed). Alternatively, if you have a VPN running, this must be connected to a Canadian server before you begin the procedure below.

Table of Contents

Who needs to set up MFA?

Everyone who will access a protected RRU resource.

Not all resources are protected yet, but this changes frequently. We highly recommend that you set up MFA so that you don’t experience an interruption in service.

...

You will need to know

...

...

your UPN

Tip

Do NOT use your RRU email address to log in. Use your UPN to log in. The UPN is often referred to as the Microsoft username, Office 365 username, RRU longform username, and perhaps others. Regardless of how people refer to it, it’s your Moodle username with ‘@royalroads.ca’ added, like b12smith@royalroads.ca)

...

You will use your usual RRU password (the one you use for Moodle) Not sure what it is because your browser/computer remembers your password?

If you already have the

...

an authenticator app installed on your phone, make sure

...

Info

Note: There are some scenarios where you need to use a Security key instead of using the MS Authenticator app. These are USB keys that you carry around with you. You must have it to 2nd factor authenticate when required. There is no workaround that can be implemented at the Helpdesk if you don’t have your Security Key.

If you chose this, you will have filled out a form asking us to send you a USB key. Wait for it to arrive via internal mail before you continueit is the Microsoft Authenticator. There are no ads and no fees to use this app. If you are using the wrong app, this process will not work.

How to set up MFA preferences

Step 1 for everyone: log into your Microsoft profile

Expand
titleExpand Click here to expand this section for instructions for how to log into your Microsoft profile
Go The prompt

    • You might go straight into your Microsoft Profile without any login requirement. If so, skip to step 2.

  • Otherwise, the prompt will asks for an email address but don’t enter that.
    Instead, enter your UPN (NOT your email address) and click Next

image-20240119-233643.png

  • Enter your password and click the Sign in button (same password as Moodle)

image-20240119-233714.pngYou might go straight into your Microsoft Profile without any login requirement. If so, just proceed to the next step
Info

At this step, if you are prompted for additional authentication beyond your password, you will need to contact Computer Services. It could mean that your account was already partially setup so we might need to reset your account authentication to be able to proceed.

Step 2 for everyone: view your Security info

Expand
titleLook inside Click here to expand this section for instructions on how to view and update your Security information

  • Once you have signed in, on your computer, you’ll see a screen similar to this. Click the UPDATE INFO link on the Security info card.

image-20240122-160438.pngImage Removed

image-20240801-201549.pngImage Added
Info

If the account showing is not your RRU account, open a Private (Firefox), Inprivate (Edge) or Incognito (Chrome) window and log into http://myprofile.microsoft.com/ again with your RRU credentials (i.e. b12smith@royalroads.ca) and password. (You can open these windows from the browser menu button).

  • If this is your first time here, your default security method is “Password”, as shown below:

image-20240122-160555.png

  • If you’ve set up MFA previously, you may have a different default and you may have additional sign in methods showing here next to ‘Password’.

Step 3

...

: set up a method/preferences

We recommend that everyone uses for your 2nd factor.

But employees who come to campus can opt to use a ‘Security key’. If this is you and if you received your security key in internal mail, follow the instructions for how to set up a security key as your 2nd factor, then move on to Step 4 below. Otherwise, go back to the 'What you need to know/do…” section above to request a key.

Only employees who come to campus can choose ‘Security key’. Everyone else must choose the MS Authenticator app and continue with this Step 3.

  • On your computer you’ll be prompted to get the Microsoft Authenticator app. If you installed the app already, click Next.

image-20240122-161436.png
Expand
titleThis is it! Expand Click here to expand this section for instructions on how to set up your 2nd factor authentication method .
Info
(includes installing the MS Authenticator app
).
Info

Alternate Procedure - If you have a RRU FOB, then please follow Step 3 - Setup a method/preferences - FOB Setup instead.

To set up the MS Authenticator app as your 2nd method, on your computer:

Watch this 3 minute video and/or follow the instructions below it:

set up the MS Auth app as 2nd factor.mp4

  • click + Add sign-in method

  • click the down arrow to the right of ‘Choose a method’

  • click on Authenticator app

  • Finally, click Add.

image-20240122-160825.pngYou’ll be
    Info

    Note:

    Do not choose a ‘phone’ option. These be phased out by Microsoft. They will be removed from this options list as soon as we are able to do so without breaking existing setups.

    Panel
    panelIconIdatlassian-info
    panelIcon:info:
    bgColor#E3FCEF

    Did not install app yet?

    If you do not have the app, please point your mobile phone camera to the appropriate QR code below:

    image-20240528-172721.pngImage Removed

    .

    The app is FREE. Make sure you download the Microsoft Authenticator (the icon looks like the icon in the screen shot above). Your store may “recommend” a different authenticator at the top of the list, however you should download the Microsoft Authenticator for the procedure to work. These other apps can charge a fee to use it.

    image-20240627-200307.pngImage Added

    Install the app and now you can click Next on your computer

    (For advanced users only, you can also use another authenticator if you are familiar with it, like the Google authenticator)

    • You should now see the “Set up your account” screen. Please do the following on your phone before you hit next:

    image-20240202-210544.png

    • Open On your Phone open the Authenticator app

    • Click on the plus sign to add a new account

    • Choose “work or school” account

    Info

    If you are using an iPhone, you may get a message asking if you have a backup.
    Find out what to do before you continue.

    • Choose to Scan a QR code

    • Now hit Next on your computer
      Please note that it is very important that you allow notifications from the Authenticator. So if prompted you must click “Allow”

    • On your computer screen you should now see a QR code similar to the window below:

    image-20240122-161658.png

    • Hold your phone up to view the QR code.

    • It will take only a

    minute

    • fraction of a second for the set up to complete and when it does, you should see your account showing in the MS Authenticator app on your phone.

    Info

    In some cases, on an iPhone, if the app was previously installed you might now get a warning about notifications. Your options will be “setup later” or “settings.

    • Click Settings

    • Select Notifications

    • Enable Allow notifications

    • Return to the Authenticator app

    • Back on your computer Microsoft Profile, click Next.

    • Your account will test the app. A number will be displayed on your computer. Enter it into your Authenticator app on your phone and click Yes to confirm it is you.

    • You will then be prompted on your phone to authenticate that you own the phone.

    Back

    • This could be with your face, your finger or your phone lock screen code. Do that now.

    • Once you approve the authentication on your phone, on your computer you should see a confirmation it was approved in your Microsoft profile, click Next

    And

    • On you computer, your updated security information should look like this, with the Microsoft Authenticator app showing as your second sign-in method:

    image-20240122-162426.png

    • Close the browser window if your only sign-in methods are password and either MS Authenticator or Security Key. If you have “phone call” as another sign-in method, you’ll need to delete that using the optional instructions in step 4

    .

    • , otherwise…

    • YOU ARE DONE! When you next access a resource from RRU, you may be prompted to authenticate using the app. Follow the instructions when required.

    Info

    You won’t always be asked to MFA because:

    • not Not all RRU resources are MFA protected at this time

    • the The rules behind the scenes dictate how frequently and in what circumstances you are asked to MFA.

      • Currently the default is you will be prompted about every 12 hours to authenticate in Canada

      • RRU computers might require less authentication in the future

      • Computer outside Canada might require more frequent authentication in the future

    Step 4 for everyone: ensure your 2nd choice authentication method is not ‘phone’

    Expand
    titleMicrosoft will soon remove all phone-related options from their list of acceptable 2nd factor authentication options. Please ensure you're not using "phone" as a default to avoid interruptions in service. Expand these instructions for the details.
    Info

    In step 3, if you had only ‘password’ showing as your sign in method, you can skip step 4.

    While signed in to

    (Welcome back if you have setup your FOB)

    While still on the https://myprofile.microsoft.com and while looking at the security Info card (refer to Step1 above if you need help getting back here):

    • Click the ‘Change’ link

    • Click the down arrow to view a list of options

    • Click on ‘App the appropriate default method

      • For cellphone users using the Microsoft Authenticator app choose App based authentication -

      notification’

      • notification as shown in the picture

      if you’re using the MS Authenticator app.

      • If you’re an employee using a hardware token, choose that option instead.

      • For FOB users using the FOB you just setup choose App based authentication or hardware token - code as shown in the picture

    • Click the blue ‘Confirm’ button

    image-20240202-212714.png

    ...

    Info

    No, you won’t always be asked to MFA because:

    • not all RRU resources are MFA protected at this time

    • the rules behind the scenes dictate how frequently and in what circumstances you are asked to MFA

    • Currently the default settings are once every 12 hours. You may be required to MFA less on an RRU computer in the future.

    Do you have more questions not answered here?

    More information can be found on this FAQ page.

    Bonus:

    ...

    Back to where you came from?

    Everyone - About Office 365 for RRU Staff, Faculty and Students

    Students - Webmail access for Students

    Staff/Faculty/Associate Faculty - /wiki/spaces/ITKNOW/pages/5838261

    Staff/Faculty only - /wiki/spaces/ITKNOW/pages/5837595 (must login to see this content)