Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 133 Current »

Introduction

Multi-factor Authentication (MFA) is an authentication method that requires you to provide two or more verification factors to gain access to a resource. Organizations such as banks, credit card companies, and governments all around the world use MFA to secure digital assets, information and user identities to protect customer/user credentials from unauthorized use.

Royal Roads University has adopted Microsoft 365 MFA for Webmail, Remote Desktop (for staff only) and Office 365 (Currently only for people outside Canada, but soon coming to all accounts August 2024). You only have to set this up once and it will work for all the applications listed.

MFA requires the Microsoft Authenticator app to be installed on a mobile device or to have an RRU FOB. It is STRONGLY recommended that you follow these instructions on a Computer with your mobile phone or FOB in hand. This will help make the procedure go a lot smoother.

If you do not have a mobile device that you can use for this purpose, please contact the RRU Help Desk.

You MUST be in Canada when setting up MFA. If you are not in Canada, please contact the RRU Help Desk before you try to setup MFA. (If Computer Services has directed you to this site, and they are aware you are outside of Canada, you may proceed). Alternatively, if you have a VPN running, this must be connected to a Canadian server before you begin the procedure below.

Who needs to set up MFA?

Everyone who will access a protected RRU resource.

Not all resources are protected yet, but this changes frequently. We highly recommend that you set up MFA so that you don’t experience an interruption in service.

You will need to know your UPN

Do NOT use your RRU email address to log in. Use your UPN to log in. The UPN is often referred to as the Microsoft username, Office 365 username, RRU longform username, and perhaps others. Regardless of how people refer to it, it’s your Moodle username with ‘@royalroads.ca’ added, like b12smith@royalroads.ca)

You will use your usual RRU password (the one you use for Moodle) Not sure what it is because your browser/computer remembers your password?

If you already have the an authenticator app installed on your phone, make sure it is the Microsoft Authenticator. There are no ads and no fees to use this app. If you are using the wrong app, this process will not work.

How to set up MFA preferences

Step 1 for everyone: log into your Microsoft profile

 Click here to expand this section for instructions for how to log into your Microsoft profile
  • On a computer, please go to http://myprofile.microsoft.com

    • You might go straight into your Microsoft Profile without any login requirement. If so, skip to step 2.

  • Otherwise, the prompt will asks for an email address but don’t enter that.
    Instead, enter your UPN (NOT your email address) and click Next

image-20240119-233643.png
  • Enter your password and click the Sign in button (same password as Moodle)

image-20240119-233714.png

At this step, if you are prompted for additional authentication beyond your password, you will need to contact Computer Services. It could mean that your account was already partially setup so we might need to reset your account authentication to be able to proceed.

Step 2 for everyone: view your Security info

 Click here to expand this section for instructions on how to view and update your Security information
  • Once you have signed in, on your computer, you’ll see a screen similar to this. Click the UPDATE INFO link on the Security info card.

image-20240801-201549.png

If the account showing is not your RRU account, open a Private (Firefox), Inprivate (Edge) or Incognito (Chrome) window and log into http://myprofile.microsoft.com/ again with your RRU credentials (i.e. b12smith@royalroads.ca) and password. (You can open these windows from the browser menu button).

  • If this is your first time here, your default security method is “Password”, as shown below:

image-20240122-160555.png
  • If you’ve set up MFA previously, you may have a different default and you may have additional sign in methods showing here next to ‘Password’.

Step 3: set up a method/preferences

 This is it! Click here to expand this section for instructions on how to set up your 2nd factor authentication method (includes installing the MS Authenticator app).

Alternate Procedure - If you have a RRU FOB, then please follow Step 3 - Setup a method/preferences - FOB Setup instead.

To set up the MS Authenticator app as your 2nd method, on your computer:

Watch this 3 minute video and/or follow the instructions below it:

set up the MS Auth app as 2nd factor.mp4
  • click + Add sign-in method

  • click the down arrow to the right of ‘Choose a method’

  • click on Authenticator app

  • Finally, click Add.

image-20240122-160825.png
  • On your computer you’ll be prompted to get the Microsoft Authenticator app. If you installed the app already, click Next.

image-20240122-161436.png

Did not install app yet?

If you do not have the app, please point your mobile phone camera to the appropriate QR code below.

The app is FREE. Make sure you download the Microsoft Authenticator (the icon looks like the icon in the screen shot above). Your store may “recommend” a different authenticator at the top of the list, however you should download the Microsoft Authenticator for the procedure to work. These other apps can charge a fee to use it.

image-20240627-200307.png

Install the app and now you can click Next on your computer

(For advanced users only, you can also use another authenticator if you are familiar with it, like the Google authenticator)

  • You should now see the “Set up your account” screen. Please do the following on your phone before you hit next:

image-20240202-210544.png
  • On your Phone open the Authenticator app

  • Click on the plus sign to add a new account

  • Choose “work or school” account

If you are using an iPhone, you may get a message asking if you have a backup.
Find out what to do before you continue.

  • Choose to Scan a QR code

  • Now hit Next on your computer
    Please note that it is very important that you allow notifications from the Authenticator. So if prompted you must click “Allow”

  • On your computer screen you should now see a QR code similar to the window below:

image-20240122-161658.png
  • Hold your phone up to view the QR code.

  • It will take only a fraction of a second for the set up to complete and when it does, you should see your account showing in the MS Authenticator app on your phone.

In some cases, on an iPhone, if the app was previously installed you might now get a warning about notifications. Your options will be “setup later” or “settings.

  • Click Settings

  • Select Notifications

  • Enable Allow notifications

  • Return to the Authenticator app

  • Back on your computer Microsoft Profile, click Next.

  • Your account will test the app. A number will be displayed on your computer. Enter it into your Authenticator app on your phone and click Yes to confirm it is you.

  • You will then be prompted on your phone to authenticate that you own the phone. This could be with your face, your finger or your phone lock screen code. Do that now.

  • Once you approve the authentication on your phone, on your computer you should see a confirmation it was approved in your Microsoft profile, click Next

  • On you computer, your updated security information should look like this, with the Microsoft Authenticator app showing as your second sign-in method:

image-20240122-162426.png
  • Close the browser window if your only sign-in methods are password and either MS Authenticator or Security Key. If you have “phone call” as another sign-in method, you’ll need to delete that using the optional instructions in step 4, otherwise…

  • YOU ARE DONE! When you next access a resource from RRU, you may be prompted to authenticate using the app. Follow the instructions when required.

You won’t always be asked to MFA because:

  • Not all RRU resources are MFA protected at this time

  • The rules behind the scenes dictate how frequently and in what circumstances you are asked to MFA.

    • Currently the default is you will be prompted about every 12 hours to authenticate in Canada

    • RRU computers might require less authentication in the future

    • Computer outside Canada might require more frequent authentication in the future

Step 4 for everyone: ensure your 2nd choice authentication method is not ‘phone’

 Microsoft will soon remove all phone-related options from their list of acceptable 2nd factor authentication options. Please ensure you're not using "phone" as a default to avoid interruptions in service. Expand these instructions for the details.

(Welcome back if you have setup your FOB)

While still on the https://myprofile.microsoft.com and while looking at the security Info card (refer to Step1 above if you need help getting back here):

  • Click the ‘Change’ link

  • Click the down arrow to view a list of options

  • Click on the appropriate default method

    • For cellphone users using the Microsoft Authenticator app choose App based authentication - notification as shown in the picture

    • For FOB users using the FOB you just setup choose App based authentication or hardware token - code as shown in the picture

  • Click the blue ‘Confirm’ button

image-20240202-212714.png

Step 5 for everyone: delete unnecessary authentication methods (recommended, but optional)

 It's a good idea to clean up your authentication methods. Microsoft will soon remove "phone" as an option. Removing it now will prevent you from selecting it later and potentially experiencing an interruption in service when Microsoft discontinues that option.

In step 3, if you had only ‘password’ showing as your sign in method, you can skip step 5.

While signed in to https://myprofile.microsoft.com and while looking at the security card (refer to Step1 above if you need help getting back here):

  • Click on the method you wish to delete (we’re deleting the phone method in the picture shown)

image-20240202-213211.png
  • Click the ‘Delete’ link to the right of the method to be deleted

  • Ensure you’re on the correct line, then answer OK:

image-20240202-213138.png
  • Done

Will you have to MFA often?

No, you won’t always be asked to MFA because:

  • you WILL have to repeat the steps if you get a new mobile device (Best to have the old phone handy when you redo the setup)

  • not all RRU resources are MFA protected at this time

  • the rules behind the scenes dictate how frequently and in what circumstances you are asked to MFA

  • Currently the default settings are once every 12 hours. You may be required to MFA less on an RRU computer in the future.

Do you have more questions not answered here?

More information can be found on this FAQ page.

Bonus: Back to where you came from?

Everyone - About Office 365 for RRU Staff, Faculty and Students

Students - Webmail access for Students

Staff/Faculty/Associate Faculty - /wiki/spaces/ITKNOW/pages/5838261

Staff/Faculty only - /wiki/spaces/ITKNOW/pages/5837595 (must login to see this content)

  • No labels