Difference between revisions of "Multi-Factor Authentication - User Guide/FAQ"
m |
m (Spelling, grammar, punctuation (I didnt finish). Corrected Multi-factor to Multifactor in some places.) (Tag: VisualEditor) |
||
(7 intermediate revisions by 3 users not shown) | |||
Line 2: | Line 2: | ||
Multi-factor authentication, commonly referred to as MFA, is a method for securing an account with multiple means of verifying your identity. | Multi-factor authentication, commonly referred to as MFA, is a method for securing an account with multiple means of verifying your identity. | ||
|content= | |content= | ||
− | |||
− | |||
=== Can I use my personal smartphone, tablet, or mobile phone for MFA? === | === Can I use my personal smartphone, tablet, or mobile phone for MFA? === | ||
− | + | Yes! The university values personal choice and recognizes the convenience of using a personal device for MFA. The Microsoft Authenticator we will primarily be using runs on both iOS and Android. | |
=== Can employees use a personal device for MFA, even for conducting university business? === | === Can employees use a personal device for MFA, even for conducting university business? === | ||
− | Yes! Employees can use | + | Yes! Employees can use personal devices for MFA, even for university business. |
=== How can I troubleshoot my MFA access? === | === How can I troubleshoot my MFA access? === | ||
− | + | To troubleshoot your MFA access, please ensure your Microsoft Authenticator app is adequately set up and your device is connected to the internet. If issues persist, contact the Technology Support Center at support@evergreen.edu or request help at help.evergreen.edu. | |
− | If | + | |
− | === Will my | + | === Will my device be subject to a public records request because it is used for MFA? === |
− | No. If you use the Microsoft Authenticator app, there will be no record on your device. All authentication records are stored in the Microsoft Azure cloud, and any information on your | + | No. If you use the Microsoft Authenticator app, there will be no record on your device. All authentication records are stored in the Microsoft Azure cloud, and any information on your devices would be redundant. |
− | === Why is the Microsoft Authenticator app requesting a 4-digit | + | === Why is the Microsoft Authenticator app requesting a 4-digit PIN or Face ID? === |
− | Microsoft Authenticator enables app lock by default. App lock uses your phone's security features. So, in addition to unlocking your phone, you must also unlock the Microsoft Authenticator app. For example, if you use a 4-digit | + | Microsoft Authenticator enables app lock by default. App lock uses your phone's security features. So, in addition to unlocking your phone, you must also unlock the Microsoft Authenticator app. For example, if you use a 4-digit PIN to secure your phone, you must use that same 4-digit PIN to unlock the Authenticator app. Similarly, if you use an Apple phone and have Face ID enabled, it will require that. |
You may disable Microsoft's Authenticator app lock by following these steps: | You may disable Microsoft's Authenticator app lock by following these steps: | ||
Line 28: | Line 25: | ||
=== Why does my Authenticator app display advertisements? === | === Why does my Authenticator app display advertisements? === | ||
− | If your | + | If your authenticator app displays advertisements, you are using a third-party authenticator app. Evergreen strongly recommends that Greener community members use the [https://www.microsoft.com/en-us/security/mobile-authenticator-app#primaryR3 Microsoft Authenticator app]. '' The Microsoft Authenticator app does not display advertisements. '' |
− | You may view our [[Microsoft Authenticator Setup|Microsoft Authenticator Setup]] guide. This guide will | + | You may view our [[Microsoft Authenticator Setup|Microsoft Authenticator Setup]] guide. This guide will walk you through adding a different method, such as the Microsoft Authenticator app, and removing the third-party authenticator app. |
=== What applications require MFA? === | === What applications require MFA? === | ||
− | * Initially only my.evergreen.edu for faculty will require it. | + | * Initially, only my.evergreen.edu for faculty will require it. |
− | Eventually most applications including the following will require it. | + | Eventually, most applications, including the following, will require it. |
* Canvas | * Canvas | ||
* Microsoft Office products | * Microsoft Office products | ||
− | * And several of our web-based | + | * Banner |
+ | * And several of our other web-based applications | ||
=== How often do I have to re-authenticate? === | === How often do I have to re-authenticate? === | ||
− | You may be prompted more frequently if you use VPN, | + | You may be prompted more frequently if you use a VPN, use multiple computers, or frequently clear your browser cache. |
− | === I | + | === I have nothing confidential in my account; why should I care about MFA? === |
− | Most attackers are interested in using your username and password to send | + | Most attackers are interested in using your username and password to send hundreds or thousands of phishing messages to other faculty, staff, and students to compromise their computers and gain access to sensitive information. Another common tactic is for hackers to alter your direct deposit information to deposit your paycheck or financial aid into their account instead of yours. |
=== What are the benefits of using MFA? === | === What are the benefits of using MFA? === | ||
− | The main benefit of using | + | The main benefit of using multifactor authentication is a significant increase in the protection of your account. If you receive a security code or push notification when you are not trying to log in to your account, you'll immediately know that someone else is attempting to do so. If this does happen, you should [[Forgot_My_Password|change your password]] and call the Technology Support Center at (360) 867-6627 or support@evergreen.edu. Alternatively, you may submit a help request at help.evergreen.edu. |
− | * Two-factor adds an extra barrier between your personal information and malicious people. | + | * Two-factor adds an extra barrier between your personal information and malicious people, emphasizing the importance of protecting your personal and sensitive information. |
* Two-factor can help keep attackers from accessing your email, documents, financial, personal, and health information, or research data. | * Two-factor can help keep attackers from accessing your email, documents, financial, personal, and health information, or research data. | ||
* Two-factor reduces the risk of hackers using your Evergreen account to perform harmful activities. | * Two-factor reduces the risk of hackers using your Evergreen account to perform harmful activities. | ||
* Two-factor helps protect Evergreens systems. | * Two-factor helps protect Evergreens systems. | ||
− | |||
=== Will I be prompted for MFA on campus? === | === Will I be prompted for MFA on campus? === | ||
− | Initially, in most cases, you will be prompted for MFA on campus. We hope to use your location (physical presence on campus) as a second means of authentication. Several other ongoing projects will allow us to do this, but we will not have this ability until they are complete. Some applications on campus that provide access to sensitive information may still require | + | Initially, in most cases, you will be prompted for MFA on campus. We hope to use your location (physical presence on campus) as a second means of authentication. Several other ongoing projects will allow us to do this, but we will not have this ability until they are complete. Some applications on campus that provide access to sensitive information may still require you to use MFA. |
− | === I don't have access to one of my authentication methods and I have an urgent need for access === | + | === I don't have access to one of my authentication methods, and I have an urgent need for access === |
− | If you do not have access to any | + | If you do not have access to any authentication methods and need access urgently, a temporary access pass can be issued. A temporary access pass isn't intended as a primary authentication method. Still, it is an option for accessing your account in an emergency when you cannot access your previously configured methods. You may receive a pass by contacting The Technology Support Center. We will work with you on its usage and limitations and assist you with establishing a long-term authentication solution upon granting a temporary access pass. The TSC will require you to prove that you are in fact you though various means before issuing a temporary access pass. |
=== What can I use as a second factor for MFA? === | === What can I use as a second factor for MFA? === | ||
− | The Microsoft Authenticator app for smart devices is recommended as your primary second factor | + | The Microsoft Authenticator app for smart devices is recommended as your primary second authentication factor. It is the most convenient, robust, and reliable method. For instructions on how to set up the app, please review the [[Microsoft Authenticator Setup|Microsoft Authenticator Setup]]. |
− | + | Please review our [[MFA - Alternative Authentication Methods]] article for details on alternative options. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
=== Can I use multiple forms of MFA at the same time? === | === Can I use multiple forms of MFA at the same time? === | ||
− | Yes. Having multiple forms configured is advantageous as you can use one form as a backup if your primary form fails. You will only be required to provide one of your available methods when prompted for MFA and can choose which method when prompted. | + | Yes. Having multiple forms configured is advantageous as you can use one form as a backup if your primary form fails. You will only be required to provide one of your available methods when prompted for MFA and can choose which method when prompted. If you have an older phone that you level stored in a safe location you can also install and setup Microsoft Authenticator it so that you have a backup device just in case. |
=== Will MFA work on my phone if I lose cell service and wireless networking? === | === Will MFA work on my phone if I lose cell service and wireless networking? === | ||
− | Yes. If you have installed the Microsoft Authenticator app on your mobile device, you can open the app, tap on your account, and view a one-time password code. You can use this code just like | + | Yes. If you have installed the Microsoft Authenticator app on your mobile device, you can open the app, tap on your account, and view a one-time password code. You can use this code just like an SMS text message. When authenticating, you may have to choose "Sign in another way" after entering your password and being prompted for MFA. This code is generated using your device's time, so it will work as long as your device's time is accurate within 30 seconds. |
− | + | ||
− | + | ||
− | + | ||
+ | If your only configured method is receiving a text message or phone call, you will need to contact the [https://www.evergreen.edu/offices-services/technology-support-center Technology Support Center] for a temporary access pass. | ||
− | === What if I | + | === What if I cannot access my primary MFA device and get prompted for MFA? === |
− | + | If you have configured a [[MFA - Alternative Authentication Methods]] method, you may choose to sign in another way during MFA. If you do not have an alternate method configured, you must contact [https://www.evergreen.edu/offices-services/technology-support-center Technolgy Support Center] for assistance. | |
− | If you have configured a [[MFA - Alternative Authentication Methods]] method, you may choose to sign in another way during MFA. If you do not have an alternate method configured, you | + | |
=== Are there problems with MFA when traveling? === | === Are there problems with MFA when traveling? === | ||
If you plan to travel, you should configure the Microsoft Authenticator app on a smart device. The authenticator app contains functionality for displaying a rotating code that does not require cellular or internet connectivity to function. | If you plan to travel, you should configure the Microsoft Authenticator app on a smart device. The authenticator app contains functionality for displaying a rotating code that does not require cellular or internet connectivity to function. | ||
− | |||
− | |||
− | |||
=== How can I get MFA support? === | === How can I get MFA support? === | ||
− | Technical support for MFA is available from | + | Technical support for MFA is available from the Technology Support Center during business hours or from your technical support staff. |
+ | |||
+ | |||
+ | ===How will the college launch MFA?=== | ||
+ | Evergreen is implementing multifactor authentication (MFA) to strengthen the security of our digital systems and protect sensitive information. With the increasing sophistication of cyber threats, relying solely on passwords leaves accounts vulnerable to unauthorized access. The primary method for MFA will be through the Microsoft Authenticator app, which provides a second layer of verification to ensure that accounts remain secure even if a password is compromised. This transition is a vital part of our broader initiative to safeguard the college’s data, protect our personal information, and maintain the privacy and integrity of our academic and administrative systems. | ||
+ | |||
+ | The rollout of MFA will extend to staff in the upcoming Winter quarter, ensuring all administrative personnel benefit from the same enhanced security measures. This phased approach allows the college to provide tailored support and training to each group, ensuring a smooth transition. Following the successful implementation for staff, MFA will be introduced to students in the Spring quarter. By staggering the rollout, we aim to minimize disruption while prioritizing the protection of all users and their access to critical resources. Clear communication, training, and resources will be available to guide everyone through the process. | ||
== Common Problems == | == Common Problems == | ||
+ | |||
+ | ===I am buying a new phone. How do I am sure that I can still use MFA=== | ||
+ | Follow the instructions for setting up MFA on your new phone before you reset or otherwise get rid of your old phone. [[Microsoft Authenticator Setup|Microsoft Authenticator Setup]] You can actually have several devices setup with the Authenticator app at once. This will make it easy for you to switch to your new phone. | ||
=== I am getting prompted for MFA at every logon. === | === I am getting prompted for MFA at every logon. === | ||
− | This problem may be due to a browser setting. Check to see if your browser is set to clear cookies every time it is closed. This will cause this behavior. Using incognito browsing will also prompt for MFA each time you log in | + | This problem may be due to a browser setting. Check to see if your browser is set to clear cookies every time it is closed. This setting will cause this behavior. Using incognito browsing will also prompt for MFA each time you log in. |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
=== I did not get a push notification from the Microsoft Authenticator app. === | === I did not get a push notification from the Microsoft Authenticator app. === | ||
− | You must have internet service for the push notification to work. Having your phone on Do Not Disturb | + | You must have internet service for the push notification to work. Having your phone on Do Not Disturb or Focused mode may also prevent the notification from being displayed. Occasionally, you may need to manually open the Microsoft Authenticator app first for the popup to appear. |
− | If you still | + | If you still have not received the push notification, you may sign in another way from the authentication prompt. You can then choose to use a verification code. To retrieve the code, open the Microsoft Authenticator app and tap on your account. You will see a six-digit code that rotates every 30 seconds that will be used to verify your identity. |
If you continue to have trouble authenticating, please contact the [https://www.evergreen.edu/offices-services/technology-support-center Technology Support Center]. | If you continue to have trouble authenticating, please contact the [https://www.evergreen.edu/offices-services/technology-support-center Technology Support Center]. | ||
Line 118: | Line 108: | ||
}} | }} | ||
+ | |||
+ | [[Category:MFA]] |
Latest revision as of 15:44, 3 October 2024
Multi-factor authentication, commonly referred to as MFA, is a method for securing an account with multiple means of verifying your identity.
Can I use my personal smartphone, tablet, or mobile phone for MFA?
Yes! The university values personal choice and recognizes the convenience of using a personal device for MFA. The Microsoft Authenticator we will primarily be using runs on both iOS and Android.
Can employees use a personal device for MFA, even for conducting university business?
Yes! Employees can use personal devices for MFA, even for university business.
How can I troubleshoot my MFA access?
To troubleshoot your MFA access, please ensure your Microsoft Authenticator app is adequately set up and your device is connected to the internet. If issues persist, contact the Technology Support Center at support@evergreen.edu or request help at help.evergreen.edu.
Will my device be subject to a public records request because it is used for MFA?
No. If you use the Microsoft Authenticator app, there will be no record on your device. All authentication records are stored in the Microsoft Azure cloud, and any information on your devices would be redundant.
Why is the Microsoft Authenticator app requesting a 4-digit PIN or Face ID?
Microsoft Authenticator enables app lock by default. App lock uses your phone's security features. So, in addition to unlocking your phone, you must also unlock the Microsoft Authenticator app. For example, if you use a 4-digit PIN to secure your phone, you must use that same 4-digit PIN to unlock the Authenticator app. Similarly, if you use an Apple phone and have Face ID enabled, it will require that.
You may disable Microsoft's Authenticator app lock by following these steps:
- Open the Microsoft Authenticator app.
- In the top right-hand corner, select three horizontal dots.
- Select Settings.
- Under Security, toggle App Lock to off.
Why does my Authenticator app display advertisements?
If your authenticator app displays advertisements, you are using a third-party authenticator app. Evergreen strongly recommends that Greener community members use the Microsoft Authenticator app. The Microsoft Authenticator app does not display advertisements.
You may view our Microsoft Authenticator Setup guide. This guide will walk you through adding a different method, such as the Microsoft Authenticator app, and removing the third-party authenticator app.
What applications require MFA?
- Initially, only my.evergreen.edu for faculty will require it.
Eventually, most applications, including the following, will require it.
- Canvas
- Microsoft Office products
- Banner
- And several of our other web-based applications
How often do I have to re-authenticate?
You may be prompted more frequently if you use a VPN, use multiple computers, or frequently clear your browser cache.
I have nothing confidential in my account; why should I care about MFA?
Most attackers are interested in using your username and password to send hundreds or thousands of phishing messages to other faculty, staff, and students to compromise their computers and gain access to sensitive information. Another common tactic is for hackers to alter your direct deposit information to deposit your paycheck or financial aid into their account instead of yours.
What are the benefits of using MFA?
The main benefit of using multifactor authentication is a significant increase in the protection of your account. If you receive a security code or push notification when you are not trying to log in to your account, you'll immediately know that someone else is attempting to do so. If this does happen, you should change your password and call the Technology Support Center at (360) 867-6627 or support@evergreen.edu. Alternatively, you may submit a help request at help.evergreen.edu.
- Two-factor adds an extra barrier between your personal information and malicious people, emphasizing the importance of protecting your personal and sensitive information.
- Two-factor can help keep attackers from accessing your email, documents, financial, personal, and health information, or research data.
- Two-factor reduces the risk of hackers using your Evergreen account to perform harmful activities.
- Two-factor helps protect Evergreens systems.
Will I be prompted for MFA on campus?
Initially, in most cases, you will be prompted for MFA on campus. We hope to use your location (physical presence on campus) as a second means of authentication. Several other ongoing projects will allow us to do this, but we will not have this ability until they are complete. Some applications on campus that provide access to sensitive information may still require you to use MFA.
I don't have access to one of my authentication methods, and I have an urgent need for access
If you do not have access to any authentication methods and need access urgently, a temporary access pass can be issued. A temporary access pass isn't intended as a primary authentication method. Still, it is an option for accessing your account in an emergency when you cannot access your previously configured methods. You may receive a pass by contacting The Technology Support Center. We will work with you on its usage and limitations and assist you with establishing a long-term authentication solution upon granting a temporary access pass. The TSC will require you to prove that you are in fact you though various means before issuing a temporary access pass.
What can I use as a second factor for MFA?
The Microsoft Authenticator app for smart devices is recommended as your primary second authentication factor. It is the most convenient, robust, and reliable method. For instructions on how to set up the app, please review the Microsoft Authenticator Setup.
Please review our MFA - Alternative Authentication Methods article for details on alternative options.
Can I use multiple forms of MFA at the same time?
Yes. Having multiple forms configured is advantageous as you can use one form as a backup if your primary form fails. You will only be required to provide one of your available methods when prompted for MFA and can choose which method when prompted. If you have an older phone that you level stored in a safe location you can also install and setup Microsoft Authenticator it so that you have a backup device just in case.
Will MFA work on my phone if I lose cell service and wireless networking?
Yes. If you have installed the Microsoft Authenticator app on your mobile device, you can open the app, tap on your account, and view a one-time password code. You can use this code just like an SMS text message. When authenticating, you may have to choose "Sign in another way" after entering your password and being prompted for MFA. This code is generated using your device's time, so it will work as long as your device's time is accurate within 30 seconds.
If your only configured method is receiving a text message or phone call, you will need to contact the Technology Support Center for a temporary access pass.
What if I cannot access my primary MFA device and get prompted for MFA?
If you have configured a MFA - Alternative Authentication Methods method, you may choose to sign in another way during MFA. If you do not have an alternate method configured, you must contact Technolgy Support Center for assistance.
Are there problems with MFA when traveling?
If you plan to travel, you should configure the Microsoft Authenticator app on a smart device. The authenticator app contains functionality for displaying a rotating code that does not require cellular or internet connectivity to function.
How can I get MFA support?
Technical support for MFA is available from the Technology Support Center during business hours or from your technical support staff.
How will the college launch MFA?
Evergreen is implementing multifactor authentication (MFA) to strengthen the security of our digital systems and protect sensitive information. With the increasing sophistication of cyber threats, relying solely on passwords leaves accounts vulnerable to unauthorized access. The primary method for MFA will be through the Microsoft Authenticator app, which provides a second layer of verification to ensure that accounts remain secure even if a password is compromised. This transition is a vital part of our broader initiative to safeguard the college’s data, protect our personal information, and maintain the privacy and integrity of our academic and administrative systems.
The rollout of MFA will extend to staff in the upcoming Winter quarter, ensuring all administrative personnel benefit from the same enhanced security measures. This phased approach allows the college to provide tailored support and training to each group, ensuring a smooth transition. Following the successful implementation for staff, MFA will be introduced to students in the Spring quarter. By staggering the rollout, we aim to minimize disruption while prioritizing the protection of all users and their access to critical resources. Clear communication, training, and resources will be available to guide everyone through the process.
Common Problems
I am buying a new phone. How do I am sure that I can still use MFA
Follow the instructions for setting up MFA on your new phone before you reset or otherwise get rid of your old phone. Microsoft Authenticator Setup You can actually have several devices setup with the Authenticator app at once. This will make it easy for you to switch to your new phone.
I am getting prompted for MFA at every logon.
This problem may be due to a browser setting. Check to see if your browser is set to clear cookies every time it is closed. This setting will cause this behavior. Using incognito browsing will also prompt for MFA each time you log in.
I did not get a push notification from the Microsoft Authenticator app.
You must have internet service for the push notification to work. Having your phone on Do Not Disturb or Focused mode may also prevent the notification from being displayed. Occasionally, you may need to manually open the Microsoft Authenticator app first for the popup to appear.
If you still have not received the push notification, you may sign in another way from the authentication prompt. You can then choose to use a verification code. To retrieve the code, open the Microsoft Authenticator app and tap on your account. You will see a six-digit code that rotates every 30 seconds that will be used to verify your identity.
If you continue to have trouble authenticating, please contact the Technology Support Center.