|
|
(23 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | __NOTOC__
| + | moved to primary article |
− | {{TwoColumn|lead=
| + | |
− | Multifactor authentication, commonly referred to as MFA, is a method for securing an account with multiple means of verifying your identity.
| + | |
− | |content=
| + | |
− | | + | |
− | We can use this 'Discussion Space' to draft the next iteration of this documentation.
| + | |
− | | + | |
− | ==Frequently Asked Questions.==
| + | |
− | === What is multifactor authentication and why is it necessary? ===
| + | |
− | Multifactor authentication will use what you know, such as a password, and what you have, such as the Microsoft Authenticator app, as two different forms of authentication. Having multiple requirements to verify identity when logging into services is the best form of protection against phishing attacks that have become much more common in the last few years. Multifactor authentication can protect access to your account, personal information, and college data in the event that your password is obtained by a malicious actor.
| + | |
− | | + | |
− | == General Multifactor Authentication Questions ==
| + | |
− | | + | |
− | === Is MFA Required? ===
| + | |
− | MFA is expected to be required by the end of the 2024/2025 academic year. A roll-out project will begin in Fall of 2024, which will, by the end of the year, require all students, faculty, and staff to register at least one MFA method. We are encouraging users to opt-in to MFA now; otherwise, it will be enforced on all accounts at a later date. Certain group will be required to use MFA for certain applications at each stage of the roll out. Eventually you will need to use MFA for everything you use your Evergreen account for.
| + | |
− | | + | |
− | === Will I be prompted for MFA on campus? ===
| + | |
− | Initially in most cases, you will be prompted for MFA on campus. We hope to use your location (physical presence on campus) as a second means of authentication. Several other projects are ongoing that will allow us to do this but until they are complete we will not have this ability. Some applications on campus that provide access to sensitive information may still require the use of your authenticator.
| + | |
− | | + | |
− | === What applications require MFA? ===
| + | |
− | Many online services accessed through your web browser from off-campus that use your universal account for sign-in will require the use of MFA. This includes Office 365, Zoom, Canvas, and others. Additionally, services and programs that house or facilitate access to sensitive information will require MFA at all times.
| + | |
− | | + | |
− | === I don't have access to one of my authentication methods and I have an urgent need for access ===
| + | |
− | If you do not have access to any of your authentication methods and you need access urgently, a temporary access pass can be issued. A temporary access pass isn't intended to be used as a main method of authentication but is instead an option for accessing your account in an emergency when you are unable to access your previously configured methods. You may receive a pass by contacting The Support Center. We will work with you on its usage, its limitations, and assisting you with establishing a long-term authentication solution upon granting a temporary access pass.
| + | |
− | | + | |
− | === Do I have to authenticate with MFA every time I log in? ===
| + | |
− | NEEDS WORK AND CHOICES
| + | |
− | Typically, no. MFA is required when you sign into a new device, application, or service. You can expect to be prompted for MFA at least every 90 days or sooner.
| + | |
− | | + | |
− | There are some use cases that may require more frequent authentication with MFA. Signing in on an incognito tab on a web browser will require MFA as it is seen as a new device. Some applications with access to sensitive information may require MFA once every few hours. There are also cases where suspicious login activity or location may require you to sign into your account with MFA again. When changing your password, including when it expires, you will always be prompted for MFA.
| + | |
− | | + | |
− | === What can I use as a second factor for MFA? ===
| + | |
− | The Microsoft Authenticator app for smart devices is recommended as your primary second factor of authentication. It is the most convenient, robust, and reliable method of authentication. For instructions on how to set up the app, please review the [[Microsoft Authenticator Setup.|Microsoft Authenticator Setup]].
| + | |
− | | + | |
− | NEEDS WORK AND CHOICES
| + | |
− | Other options include receiving a text message or phone call. This is less secure and may be subject to availability issues dependent on your mobile service.
| + | |
− | | + | |
− | Lastly, there is the option for a security key (FIDO2 key). A security key is a piece of hardware, typically a USB device, that plugs into your computer and is used as a means to verify your physical presence during login. Each key is unique and must be paired with your account before use. You may see references to the key as a FIDO2 key, named for the security platform it interacts with.
| + | |
− | | + | |
− | There are some limitations on factors that cannot be used. You will be unable to use your office phone number as the phone system uses Microsoft Teams, which is protected by MFA. You also will be unable to use the alternative email address associated with your account. While this email address can be used for password reset requests, it is unable to be used for MFA.
| + | |
− | | + | |
− | For more details on alternative options, please review our [[Alternative Authentication Methods]] article.
| + | |
− | | + | |
− | === Can I use multiple forms of MFA at the same time? ===
| + | |
− | Yes. Having multiple forms configured is advantageous as you can use one form as a backup if your primary form fails. You will only be required to provide one of your available methods when prompted for MFA and can choose which method when prompted.
| + | |
− | | + | |
− | === Will MFA work on my phone if I lose cell service and wireless networking? ===
| + | |
− | Yes. If you have installed the Microsoft Authenticator app on your mobile device, you can open the app, tap on your account, and view a one-time password code. You can use this code just like a code sent to you via SMS text message. When authenticating, you may have to choose the option to "Sign in another way" after entering your password and being prompted for MFA. This code is generated using the time of your device, so it will work as long as your device's time is accurate within 30 seconds.
| + | |
− | | + | |
− | If your only configured method is by receiving a text message or phone call, you will need to reach out to the [https://www.evergreen.edu/offices-services/technology-support-center Technology Support Center] for a temporary access pass.
| + | |
− | | + | |
− | Hardware security keys do not need access to the internet to function.
| + | |
− | | + | |
− | | + | |
− | === What if I do not have access to my device and get prompted for MFA? ===
| + | |
− | NEEDS WORK AND CHOICES
| + | |
− | If you have configured a [[[Alternative Authentication Methods]] method, you may choose to sign in another way during MFA. If you do not have an alternate method configured, you will have to contact [https://www.evergreen.edu/offices-services/technology-support-center Technolgy Support Center] for assistance.
| + | |
− | | + | |
− | === Are there problems with MFA when traveling? ===
| + | |
− | If you plan to travel, you will want to configure the Microsoft Authenticator app on a smart device. The authenticator app contains functionality for displaying a rotating code that does not require cellular or internet connectivity to function. You may also want to consider configuring a security key (FIDO2 key) as a backup when traveling abroad. For more details on alternative options, please review our [[Alternative Authentication Methods]] article.
| + | |
− | | + | |
− | === What if I don't want to use my cell phone or don't own a cell phone? ===
| + | |
− | Any smart device running Android or iOS can be configured to use the rotating one-time passcode (OTP) option from within the Microsoft Authenticator. This passcode does not require a cellular or internet connection to work and does not transmit or receive data. An old tablet or phone no longer in service can be used for the authenticator app.
| + | |
− | | + | |
− | If you do not have any smart devices, you may configure a security key (FIDO2 key) that will plug into a computer as a means of identification. More details on how to obtain a security key will be published prior to the requirement for MFA being set. For more details on alternative options, please review our [[Alternative Authentication Methods]] article.
| + | |
− | | + | |
− | === Will my personal device be subject to a public records request because it is used for MFA? ===
| + | |
− | No. All authentication records are stored in the Microsoft Azure cloud, and any information on your personal devices would be redundant. Also, if you use the Authenticator App, there will be no record stored on your device.
| + | |
− | | + | |
− | === How can I get MFA support? ===
| + | |
− | Technical support for MFA is available from The Support Center during their business hours or from your technical support staff.
| + | |
− | | + | |
− | == Common Problems ==
| + | |
− | | + | |
− | === I am getting prompted for MFA at every logon. ===
| + | |
− | This problem may be due to a browser setting. Check to see if your browser is set to clear cookies every time it is closed. This will cause this behavior. Using incognito browsing will also prompt for MFA each time you log in.
| + | |
− | | + | |
− | === I did not get an SMS text message with a code. ===
| + | |
− | The quick fix is to install and configure the [[Microsoft Authenticator Setup.|Microsoft Authenticator Setup]].
| + | |
− | | + | |
− | Verify that you can receive text messages to your phone by having a friend or co-worker text you. If you did not receive their texts, there is a problem with your phone or cell service. If not, you may still have a problem if you have configured your phone to block texts from unknown numbers. Using SMS (text messages) for MFA can result in intermittent yet persistent and difficult to diagnose problems. If you continue to have trouble authenticating, please contact the [https://atus.wwu.edu/help-desk ATUS Help Desk].
| + | |
− | | + | |
− | === I did not get a push notification from the Microsoft Authenticator app. ===
| + | |
− | You must have internet service for the push notification to work. Having your phone on Do Not Disturb, or Focused mode may also prevent the notification from being displayed. Occasionally, you may need to manually open the Microsoft Authenticator app first for the popup to appear.
| + | |
− | | + | |
− | If you still are not receiving the push notification, you may choose to sign in another way from the authentication prompt. You can then choose to use a verification code. To retrieve the code, open the Microsoft Authenticator app and tap on your account. You will see a six-digit code that rotates every 30 seconds that will be used to verify your identity.
| + | |
− | | + | |
− | If you continue to have trouble authenticating, please contact the [https://www.evergreen.edu/offices-services/technology-support-center Technology Support Center].
| + | |
− | | + | |
− | |sidebar=
| + | |
− | ====Sidebar information====
| + | |
− | {{Login Help FacStaff}}
| + | |
− | | + | |
− | ----
| + | |
− | {{GetHelp}}
| + | |
− | | + | |
− | }}
| + | |
− | [[Category:Page Layouts]]
| + | |