Staff MFA Help page #
This page has been prepared for staff in readiness for MFA and Password Reset to be moved from PingID to Microsoft on Friday, 12th June.
This page provides guidance for students when using MFA, how you can set up MFA, and a FAQ (frequently asked questions).
You will be prompted to set up MFA when you access your staff network account from a personal device, or access certain services on a University computer.
When you have authenticated using your password, Microsoft will ask you to provide additional information.
You can visit the following link at any time to set up or manage MFA:
https://mysignins.microsoft.com/security-info
You will be given an option of how you want to enrol with MFA, this will be a choice of using
- Authenticator App
- Registering a telephone number – for authentication by SMS or Phone Call
For step by step instructions for each – please view the help sections further down.
Your chosen MFA method will also be used as a secure way for managing your University password. This will include resetting your password and unlocking your account.
The video below provided by Microsoft explains the steps to get MFA set up on your account:
Enrolling with the Microsoft Authenticator App
This page contains guidance on using an Authenticator App as a method for MFA.
There are various Authenticator Apps available on both the Apple App Store and Google Play Store. The University recommends using the Microsoft Authenticator App.
You may wish to use an Authenticator App which you already have set up on your device, which you are already familiar with. Whilst this should work, the University is unable to support all Authenticator Apps available, and therefore guidance and help may be limited.
The University would also advise against using an Authenticator App which has not been published by a reputable company (eg Microsoft, Google, etc)
- Download and install the Microsoft Authenticator App from the Google Play Store or Apple App Store.
- Once installed, enrol with MFA by visiting https://mysignins.microsoft.com/security-info. This is best to do from a web browser on a computer, but can also be done from your personal device.
You will be asked for your email address, followed by your password. At the next screen, click ‘Next’: - You will be presented with the screen below where you will be given a choice of how to enrol. Choose ‘Mobile App’:
If you do not want to receive notifications when signing in, select ‘Use Verification Code’ Now select ‘Set Up’. - Follow the instructions on the screen that follows, it will look similar to this:
Once you have completed the steps in your Authenticator App, click ‘Next’. - The browser where you started the enrolment process should now look like below:
Select ‘Next’ - You will then be asked to authenticate using the app. Open this on your device, and select ‘Approve’ when prompted to authenticate.
- You are now set up. When activated, you will be asked to authenticate using your authenticator app when presented with the following:
Removing the Authenticator App
There may be a time where you need to remove the Authenticator App and your information from MFA.
1. Navigate to https://mysignins.microsoft.com/security-info and authenticate with your account information.
2. Your security information will be shown like in the image below:
Choose ‘Delete’ next to the device you no longer wish to use. Review the guidance when prompted and select ‘Ok’.
3. Now you can navigate to your Authenticator app on your device, and remove your account.
Enrolling with a telephone number
This page contains guidance on using a telephone number as a method for MFA.
We recommend using an Authenticator app for MFA, however we would also recommend registering a telephone number as a backup method, in case your Authenticator app becomes unavailable.
- Visit https://mysignins.microsoft.com/security-info. This is best to do from a web browser on a computer but can also be done from your personal device.
You will be asked for your email address, followed by your password.
If you have not yet registered, at the next screen, click ‘Next’
Otherwise, if you see the following screen, click ‘Add sign-in method’ - Choose ‘Phone’ from the ‘Add a method’ drop down list
- From the next screen select an appropriate area code for where the number is located, enter your telephone number, followed by the way in which you would like to receive your code (or One Time Passcode). Click ‘Next’ when ready.
- You will be sent a 6 digit code to your phone number by either SMS or Phone call. Enter this code into your web browser like below
Click ‘Next’ can you should receive a message to say that your phone has been registered. - If you are presented with a screen asking for an ‘App password’ you can skip this step by clicking ‘Done’
- You can now repeat the process to register a backup telephone number.
When will I be prompted to authenticate with MFA?
Most online threats come from external sources. When a University network account is accessed, it is often difficult to determine if the authentication attempt is genuine.
You will be prompted to complete MFA when accessing your University provided Office 365 email account, after you have authenticated with your password.
This will include access through a web browser and using Microsoft apps for iOS or Android, such as Outlook, Teams, or OneDrive.
Some University services that authenticate through Office 365 will require MFA. This includes services such as Careers, SAM or Resource Booker
Once I have set up MFA, how do I manage my enrolments?
Navigate to https://mysignins.microsoft.com/security-info and sign in using your University provided account information and password, and complete MFA.
From here you will be able to view your enrolled methods:
How do I register an alternative, backup method?
Navigate to https://mysignins.microsoft.com/security-info and sign in using your University account information, and complete MFA.
From the Security Info screen, select ‘Add sign-in method’ and follow the prompts to add a new sign-in method.
Accessibility
The University sign-in and MFA experience have been designed to work with assistive technologies for a range of device types. If you have a specific accessibility requirements which you wish to discuss in relation to MFA, please get in touch with the SIZ at help@chi.ac.uk.
For those that are visually impaired and rely on the accessibility options on your device, we would recommend registering for MFA by enrolling with a telephone number. This way you can receive the One Time Passcode (OTP) by a telephone call or by SMS. The instructions can be found earlier on this web page.
FAQ
I never use a personal device, should I enrol?
Yes. MFA will significantly improve the security of your staff network account, and it is highly recommended that you enrol, even if you do not use a personal device.
Can I register my University email address as an enrolment method?
No. MFA is designed to protect your University email account, and if you’re prompted to authenticate with MFA you will be unable to access your University email account to get access to the One Time Passcode (OTP).
I have started using MFA with another service related to my role at the University but is provided externally (eg. HESA) Do I still have to enrol?
Yes. Whilst you may have set up MFA with an external service provider, you will still be required to set up MFA on your University network account specifically.
Can I proceed without enrolling?
No. IT Services strongly recommends enrolling with MFA without delay to ensure that your account is protected.
Furthermore, should you not enrol, you may not be able to access all University online services.
I manage a generic account; will I need to set up MFA for this account too?
No. Generic and Shared Accounts are secured in other ways.
I facilitate access to guest, contractors, or collaborative partner students. How will they be affected?
They too will require MFA and there is a separate guidance page available on the Help website.
How often will I be prompted to authenticate?
University services accessed through a web browser will time out after 4 hours of inactivity, this is the same for authenticating with your password or with MFA. Mobile Apps (For example, Microsoft Outlook for Mobile) have a longer inactivity timeout set by the application vendor, and will not require authentication as frequently as access through a web browser.
What if I’m prompted for MFA, and I don’t have my authentication method with me?
It is highly recommended that you enrol at least two devices with MFA. Guidance on managing your enrolment methods can be found above under the section entitled ‘How do I register an alternative, backup method?’