RRU MFA enrollment for everyone

Introduction

Multi-factor Authentication (MFA) is an authentication method that requires you to provide two or more verification factors to gain access to a resource. Organizations such as banks, credit card companies, and governments all around the world use MFA to secure digital assets, information and user identities to protect customer/user credentials from unauthorized use.

Royal Roads University has adopted Microsoft 365 MFA.

 

Who needs to set up MFA?

Everyone who will access a protected RRU resource.

Not all resources are protected yet, but this changes frequently. We highly recommend that you set up MFA so that you don’t experience an interruption in service.

What you need to know/do before you begin

Note: The UPN is often referred to as the Microsoft username, Office 365 username, RRU longform username, and perhaps others. Regardless of how people refer to it, it’s your username with ‘@royalroads.ca’ added, like b12smith@royalroads.ca)

  • Your usual RRU password

  • If you already have the Microsoft Authenticator app installed on your phone, make sure it’s current.

Note: There are some scenarios where you need to use a Security key instead of using the MS Authenticator app. These are USB keys that you carry around with you. You must have it to 2nd factor authenticate when required. There is no workaround that can be implemented at the Helpdesk if you don’t have your Security Key.

If you chose this, you will have filled out a form asking us to send you a USB key. Wait for it to arrive via internal mail before you continue.

How to set up MFA

Step 1 for everyone: log into your Microsoft profile

Go to http://myprofile.microsoft.com

The prompt asks for an email address but don’t enter that.
Instead, enter your UPN and click Next

image-20240119-233643.png

Enter your password and click the Sign in button

image-20240119-233714.png

You might go straight into your Microsoft Profile without any login requirement. If so, just proceed to the next step.

Step 2 for everyone: view your Security info

Once you have signed in, you’ll see a screen similar to this. Click the UPDATE INFO link on the Security info card.

If this is your first time here, your default security method is “Password”, as shown below:

If you’ve set up MFA previously, you may have a different default and you may have additional sign in methods showing here next to ‘Password’.

Step 3 for everyone: set up a 2nd method

We recommend that everyone uses the MS Authenticator app for your 2nd factor.

But employees who come to campus can opt to use a ‘Security key’. If this is you and if you received your security key in internal mail, follow the instructions for how to set up a security key as your 2nd factor, then move on to Step 4 below. Otherwise, go back to the 'What you need to know/do…” section above to request a key.

Only employees who come to campus can choose ‘Security key’. Everyone else must choose the MS Authenticator app and continue with this Step 3.

To set up the MS Authenticator app as your 2nd method:

Watch this 3 minute video and/or follow the instructions below it:

  1. click + Add sign-in method

  2. click the down arrow to the right of ‘Choose a method’

  3. click on Authenticator app

Finally, click Add.

Note:

Do not choose a ‘phone’ option. These be phased out by Microsoft. They will be removed from this options list as soon as we are able to do so without breaking existing setups.

You’ll be prompted to get the Microsoft Authenticator app. If you installed the app earlier, click Next.

If you haven’t installed the app on your phone, do that now using the Download now link shown on the screen below. Scroll down the page a little bit if necessary and scan the QR code reader to download on your phone from the Google Play store or the App Store. Click Next.

The app is downloaded. You’ve clicked next.

It’s time to set up your MS Authenticator app account (blue instructions below) before you hit next:

Please note that it is very important that you allow notifications from the Authenticator. So if prompted you must click “Allow”

Continue following instructions:

In the Authenticator app, click the + or click Add account.

Choose Work or school account.

Select Scan QR Code.

Hold your phone up to view the QR code.

It will take only a minute for the set up to complete and when it does, you should see your account showing in the MS Authenticator app on your phone.

Back on your Microsoft Profile, click Next.

Your account will test the app. A number will be displayed on your computer. Enter it into your Authenticator app on your phone and click Yes to confirm it is you.

Back in your Microsoft profile, click Next

And your updated security information should look like this, with the Microsoft Authenticator app showing as your second sign-in method:

Close the browser window if your only sign-in methods are password and either MS Authenticator or Security Key. If you have “phone call” as another sign-in method, you’ll need to delete that using the optional instructions in step 4.

When you next access a resource from RRU, you may be prompted to authenticate using the app. Follow the instructions when required.

Step 4 for everyone: ensure your 2nd choice authentication method is not ‘phone’

While signed in to https://myprofile.microsoft.com and while looking at the security card (refer to Step1 above if you need help getting back here):

  • Click the ‘Change’ link

  • Click the down arrow to view a list of options

  • Click on ‘App based authentication - notification’ as shown in the picture if you’re using the MS Authenticator app.

    • If you’re an employee using a hardware token, choose that option instead.

  • Click the blue ‘Confirm’ button

Step 5 for everyone: delete unnecessary authentication methods (recommended, but optional)

While signed in to https://myprofile.microsoft.com and while looking at the security card (refer to Step1 above if you need help getting back here):

  • Click on the method you wish to delete (we’re deleting the phone method in the picture shown)

  • Click the ‘Delete’ link to the right of the method to be deleted

  • Ensure you’re on the correct line, then answer OK:

  • Done

 

Will you have to MFA often?

Do you have more questions not answered here?

More information can be found on this FAQ page.

Bonus: Connecting to the remote desktop (not applicable for students)

New Remote Desktop Connection - IT Knowledgebase - RRU IT Services (royalroads.ca)

 

How to Contact the Computer Services Department


Submit a ticket
To submit a ticket, you will be required to log in using your FULL Royal Roads email address (detailed instructions here)
New! If you do not have a full RRU email address (students not currently in a credit program and/or visitors), you can create a portal account using your personal email address.
Email us at IT Customer Service
Contact Form
Phone: 250-391-2659 Toll Free: 1-866-808-5429
Come visit us in the Sequoia Building
Hours of Operation