Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
configure_mfa [2022/05/04 15:46]
rosterberg
configure_mfa [2024/01/08 17:23] (current)
rosterberg
Line 5: Line 5:
 ===== MFA Methods Available ===== ===== MFA Methods Available =====
  
-The available methods for multi-factor authentication (MFA) include+Your primary ​multi-factor authentication (MFA) method must be an authentication app or one-time password keyfob token
-  * Use of an authenticator app on your mobile device. We strongly recommend the Microsoft Authenticator App, but you may use any standard ​authenticator ​app of your choice. +  * **Microsoft Authenticator App** (recommended and supported) 
-  * Verification code sent via SMS to your phone +  * Google Authenticator (limited support) 
-  * Verification code sent to non-Olin email address +  * Authy Authenticator (limited support) 
-  * Verification call to your personal phone and/or office phone+  * LastPass Authenticator (limited support) 
 +  * 1Password Authenticator (limited support) 
 +  * Keyfob hardware ​authenticator ​token (limited quantities available via the IT Help Desk) 
 + 
 +Other authentication methods that may be configured include: 
 +  * Verification code sent via SMS to your phone (only as backup authentication method) 
 +  * Verification call to your personal phone and/or office phone (only as a backup authentication method) 
 +  * Security questions (only as secondary authentication for self-service password reset) 
 +  * Verification code sent to a personal email address (only as secondary authentication for self-service password reset)
  
 We recommend configuring more than one verification method for added convenience if a verification method is unavailable (for example, if your mobile device battery has died). We recommend configuring more than one verification method for added convenience if a verification method is unavailable (for example, if your mobile device battery has died).
Line 17: Line 25:
 [[microsoft_authen_app_install|Microsoft Authenticator App Installation]] [[microsoft_authen_app_install|Microsoft Authenticator App Installation]]
  
-===== Setup MFA with Microsoft 365 =====+===== Setup Microsoft Authenticator App with Microsoft 365 =====
  
-  * {{ :​m365-setup-mfa-screen.png?​nolink&​300|}}Navigate ​to the Security Info area of the Microsoft My Sign-Ins page ([[https://​mysignins.microsoft.com/​security-info]])+  * {{ :​m365-setup-mfa-screen.png?​nolink&​400|}}//On your computer//, navigate ​to the Security Info area of the Microsoft My Sign-Ins page ([[https://​mysignins.microsoft.com/​security-info]])
   * If necessary, login to your Olin account   * If necessary, login to your Olin account
 +  * Check that the Olin College logo appears in the top-left corner of the screen. If you do not see the Olin College logo, you may have signed-in to a non-Olin account. Logout and start again.
   * Click **+ Add sign-in method**   * Click **+ Add sign-in method**
-  * Select **Authenticator App** from the menu, and click **Add**. ​Then follow ​the prompts ​on the screen. +  * Select **Authenticator App** from the menu, and click **Add**. ​ 
-  * We recommend adding other sign-in methods, such as a mobile phoneyour office phone, and non-Olin personal email address.+  * The next screen says **Start by getting ​the app** with a link to install the app (for your phone). Since you have already installed the Microsoft Authenticator App on your phone, click **Next**. 
 +  * //On your computer//, ​the next screen ​says **Set up your account** 
 +  * {{ :​mfa-authen-app-add-button.png?​nolink&​200|}}//​On your phone or tablet//, open the Microsoft Authenticator App. Press the **+** (plus) icon in the top right corner of the screen to add an account. 
 +  * {{ :​mfa-app-add-work-or-school-account.png?​nolink&​200|}}//​On your phone or tablet//, then select **Work or school account**. 
 + 
 +
 + 
 +
 + 
 +
 + 
 +  * {{ :​mfa-scan-qr-code.png?​nolink&​200|}}//​On your computer//, click **Next**. You should see the **Scan the QR code** screen, along with a square QR code pattern. 
 + 
 +
 + 
 + 
 +
 + 
 +  * {{ :​mfa-app-scan-qr-code-button.png?​nolink&​200|}}//​On your phone or tablet//, you will be prompted to select //Sign in// or //Scan QR code//. Press **Scan QR Code**. You will see a camera preview on your device screen. 
 +  * //Using your phone or tablet//, point the camera at the QR code on your computer screen. 
 +  * After you scan the code, your phone or tablet will turn off the camera preview, and you will see the main Microsoft Authenticator screen. You will see an entry for **Olin College of Engineering** with your login account shown. 
 +  * //On your computer//, click **Next**. You will be prompted **Let'​s try it out** with instructions to approve the notification that was sent. 
 +  * //On your phone or tablet//, you will see a prompt to **Approve sign-in?** Press **Approve**. 
 +  * //On your computer//, you should see **Notification approved**. Click **Next**. 
 +  * You're all done! On your computer screen, you should see **Microsoft Authenticator** listed along with the name of your phone or tablet. 
 + 
 +===== Setup Other Authentication Methods ===== 
 + 
 +  * We recommend adding other sign-in methods, such as a mobile phone and your office phone
 +  * We have limited number of hardware "key fob" tokens that can be used with multi-factor authenticationPlease contact the IT Help Desk for more information. 
 + 
 +===== Set the Default Sign-In Method ===== 
   * After adding your sign-in methods, check the **Default sign-in method** shown near the top of the page. We recommend setting this to be **Microsoft Authenticator - notification**. Click **Change** to change the default if necessary.   * After adding your sign-in methods, check the **Default sign-in method** shown near the top of the page. We recommend setting this to be **Microsoft Authenticator - notification**. Click **Change** to change the default if necessary.
  
-===== Using MFA =====+===== Using other Authenticator Apps ===== 
 + 
 +We strongly recommend using the Microsoft Authenticator App for Olin multi-factor authentication. If you have experience using other authenticator apps (such as Google Authenticator,​ Authy by Twilio, etc.), you may do so. Follow the instructions above to add an authenticator app. On the screen that says **Start by getting the app**, select **I want to use a different authenticator app**. Then follow the prompts to add a software token to your authenticator app. 
 + 
 +===== Using Multi-Factor Authentication ​=====
  
 All applications that use Olin single sign-on through the Microsoft 365 login screen are subject to multi-factor authentication (MFA). For most applications,​ you will be required to authenticate via MFA based on automatic risk assessment done by the Microsoft authentication engine. In most cases, when using Olin email and other services, members of the community will only need to provide MFA authentication occasionally,​ particularly when using services from a new location (such as a coffee shop, or when traveling). All applications that use Olin single sign-on through the Microsoft 365 login screen are subject to multi-factor authentication (MFA). For most applications,​ you will be required to authenticate via MFA based on automatic risk assessment done by the Microsoft authentication engine. In most cases, when using Olin email and other services, members of the community will only need to provide MFA authentication occasionally,​ particularly when using services from a new location (such as a coffee shop, or when traveling).
  
 For required technical security, use of the Olin VPN requires multi-factor authentication each time you login. For required technical security, use of the Olin VPN requires multi-factor authentication each time you login.