Middlebury

Difference between revisions of "Multi-Factor Authentication"

(Heading level changes)
m
 
(91 intermediate revisions by 3 users not shown)
Line 1: Line 1:
  
If you are unfamiliar with the concept of multi-factor authentication, visit our [[Multi-Factor_Authentication_Overview|overview page]] to learn more.
+
If you are unfamiliar with the concept of multi-factor authentication (MFA), please visit our [[Multi-Factor_Authentication_Overview|overview page]] to learn the basics first before continuing.
  
== What should I do to prepare for MFA? ==
+
=== What should I do to prepare for MFA? ===
  
Check out our [[Multi-Factor_Authentication_Readiness|readiness info page]] for details. You'll learn useful '''tips''' and find details about '''how to sign up''' when you're all set to go.
+
Check out our [[Multi-Factor_Authentication_Readiness|readiness info page]] for details. You'll learn useful '''tips''' to help ensure your Multi-Factor Authentication setup goes smoothly.
  
 
 
 
 
 +
 +
=== Should I get the Microsoft Authenticator App? ===
 +
 +
'''YES!  '''Use of this app is the recommended way to work with your MFA account challenges and provides the smoothest experience for travelers.  Visit our [https://mediawiki.middlebury.edu/LIS/Microsoft_Authenticator_App MS Authenticator App wiki page] to learn how to download the app and get it set up.
  
 
 
 
 
  
== How do I set up Multi-Factor Authentication? ==
+
=== How do I set up MFA? ===
  
Upon receipt of your Multi-Factor Authentication sign-up request, ITS will enable MFA on your account, then send you a “Middlebury Multi-Factor Authentication Enrollment” email containing a link to Microsoft’s MFA Setup page. Follow the instructions presented to set up authentication methods you wish to use with your account.
+
ITS enables MFA on new accounts and sends a “Middlebury Multi-Factor Authentication Enrollment” email containing links to Microsoft’s MFA Setup page and our [http://go.middlebury.edu/mfaguide Security Info Quick Setup] guide. Follow the instructions presented to set up authentication methods you wish to use with your account.
  
 
'''Important:'''
 
'''Important:'''
  
*ITS must first enable MFA on your account '''before '''you proceed with the setup!
 
 
*Any device you wish to configure to use MFA must have a working network connection at the time of setup.  
 
*Any device you wish to configure to use MFA must have a working network connection at the time of setup.  
 
*By clicking the "Set it up now" button, you are activating Multi-Factor Authentication and you must complete the setup process or you may be unable to access your account, including your email.  
 
*By clicking the "Set it up now" button, you are activating Multi-Factor Authentication and you must complete the setup process or you may be unable to access your account, including your email.  
Line 22: Line 25:
 
 
 
 
  
== Which setup method should I choose? ==
+
=== Which MFA setup method should I choose? ===
 +
 
 +
Here are descriptions of the most common scenarios, along with our MFA setup recommendations for each one.  Please visit our [[Multi-Factor_Authentication_Verification_Methods|MFA verification wiki page]] for additional details about specific options.
  
=== <span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre; white-space:pre-wrap">* I have a Smartphone - and I travel internationally and/or travel in areas without cellular coverage.</span> ===
+
'''Scenario A:&nbsp; I have a Smartphone -- and I travel internationally and/or travel in areas without cellular coverage.'''
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Choose Microsoft's Authenticator app with a code.</span>
+
*<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Choose Microsoft's Authenticator app with a <u>code</u>.</span>  
  
 
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas without consistent network access. When presented with an MFA challenge you will need to input the code displayed by the Authenticator app to complete your login.</span>
 
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas without consistent network access. When presented with an MFA challenge you will need to input the code displayed by the Authenticator app to complete your login.</span>
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Network access is NOT required for the MS Authentication app to provide you with a code.</span>
+
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Network access is <u>NOT</u> required for the MS Authentication app to provide you with a '''code'''.</span>
  
 
&nbsp;
 
&nbsp;
  
=== <span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal; font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">* I have a Smartphone - and I rarely travel in areas without cellular coverage.</span> ===
+
'''Scenario B:&nbsp; I have a Smartphone -- and I ''rarely ''travel in areas without cellular coverage.'''
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Choose Microsoft's Authenticator app with notifications.</span>
+
*<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Choose Microsoft's Authenticator app with <u>notifications</u>.</span>  
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">This method is recommended when having a device that supports Microsoft's Authenticator app and you will be in areas with consistent network access. When presented with an MFA challenge you will need to click Approve on the device to complete your login. Caution! Only click Approve when you have signed into a service you anticipate will trigger an authentication challenge.</span>
+
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas with consistent network access. When presented with an MFA challenge you will need to click '''Approve''' on your device to complete your login. '''Caution! '''Only click Approve when you have signed into a service you anticipate will trigger an authentication challenge.</span>
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Network access cellular or wifi IS required for the MS Authentication app to provide a notification.</span>
+
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Network access cellular or wifi <u>IS</u> required for the MS Authentication app to provide a '''notification'''.</span>
  
 
&nbsp;
 
&nbsp;
  
=== <span style="font-size:11pt; font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">* Flip or Feature phone.</span> ===
+
'''Scenario C:&nbsp; I have a Flip or Feature phone.'''
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Phone - Call or Text.</span>
+
*<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Choose Phone then specify Call or Text.</span>  
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Recommended when having a device that doesn’t support the Microsoft Authenticator app. When presented with an MFA Challenge will be necessary to receive a phone call and press # or receive SMS text message to enter provided code to complete login.</span>
+
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">This method is recommended when you have a device that doesn’t support the Microsoft Authenticator app. When presented with an MFA challenge you will have to receive a phone call then press '''#''', or else receive an SMS text message then enter the provided code, in order to complete your login.</span>
  
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Doesn't support travel to areas without cellular coverage.</span>
+
<span style="font-size:11pt;  font-family:Arial;  color:#000000;  background-color:transparent;  font-weight:400;  font-style:normal;  font-variant:normal;  text-decoration:none;  vertical-align:baseline;  white-space:pre;  white-space:pre-wrap">Travel to areas without cellular coverage is '''not '''supported by this method.</span>&nbsp;
  
=== What are the Multi-Factor Authentication verification options? ===
+
&nbsp;
  
There are several different options for completing Multi-Factor Authentication verification. Choose the one that makes the most sense for your situation and follow the on-screen instructions.
+
=== How do I use Multi-factor Authentication once I have it set up? ===
  
Please note that the Microsoft Authenticator app is the recommended choice for Multi-Factor Authentication verification. You install this app on your mobile device. The Microsoft Authenticator App offers two verification methods, “Notify me through app” and “Use verification code from app”.
+
Once you complete your MFA set up, here is what to expect:
  
====== Notify me through app ======
+
When you log in to an MFA-protected service (such as Webmail or Google) there is one additional step. After correctly entering your Middlebury email address and password at the login screen of the service you wish to access, you will be prompted to verify your login request.&nbsp; This could be in the form of a phone call, text message, or mobile app notification or code, depending on the option you specified during the setup process.
  
Notify me through app is Microsoft's recommended option. It's the simplest way to complete verification. You enter your Middlebury email address and password at an online service’s login screen and then you receive a push notification to the Microsoft Authenticator app on your mobile device prompting you to “allow” or “deny” the authentication request. Please be careful not to allow login attempts that you did not initiate.
+
*For example, if you chose the "Notify me through the app" option, you would enter your Middlebury email address and password at the online service’s login screen, then you would receive a notification from the Microsoft Authenticator app on your mobile device prompting you to “Approve" or “Deny” the login request.  
  
====== Use verification code from app ======
+
'''Important notes:'''
  
You enter your Middlebury email address and password at an online service’s login screen and then you are prompted to enter the code displayed in the Microsoft Authenticator app.
+
*During the login process you can click the checkbox to '''remember my device for 30 days'''. With this setting enabled, you may not be prompted again for Multi-Factor Authentication from that application on that device for another thirty days.&nbsp; Please note that some services will prompt for authentication <u>every</u> time, regardless.
 +
*'''Caution!&nbsp; Only approve verification requests that you initiate!'''&nbsp; This is relevant to the "Notify me through app" and "Call my authentication phone" verification options. Imagine an online criminal has your password and is trying to access your account. Once Multi-Factor Authentication has been enabled for your account, this access attempt would generate a login verification request. If you approved this verification request, the criminal would be able to access your account!&nbsp;&nbsp;
  
Please note: Once you have the app installed, you can use the verification codes generated by the app to login, anytime, from anyplace. The app generates verification codes even if your phone is does not have cellular service, say because you are travelling abroad.
+
&nbsp;
  
====== Text code to my authentication phone ======
 
  
You enter your Middlebury email address and password at an online service’s login screen and then you are prompted to enter the code that the Multi-Factor Authentication service has texted to your mobile phone.
+
=== How do I set up MFA to access Oracle or Blackbaud? ===
  
====== Call my authentication phone ======
+
Oracle and Blackbaud accounts are provided by the Green Mountain Higher Education Consortium ('''GMHEC) '''rather than Middlebury, and they require a <u>separate</u> MFA setup.
  
You enter your Middlebury email address and password at an online service’s login screen and then you receive an automated call to either your primary or alternate telephone number prompting you to “verify“ the authentication request by pressing the "#" key on your phone.
+
If you are off-campus and you already have MFA protection set up for your Middlebury account, you will be prompted to enroll in GMHEC's multi-factor authentication (MFA) if you haven’t done so.&nbsp; See “[http://go.middlebury.edu/gmhecmfaguide/ Enrolling in GMHEC Multi-Factor Authentication]” for information. &nbsp;
  
*This option may be preferable for individuals with limited texting plans, no home computer or device, or those who may not have a mobile phone.
+
&nbsp;
*You may choose to configure your office phone as your "alternate" authentication phone
 
  
&nbsp;
 
  
====== Call my office phone ======
+
=== Why might I need to change my MFA settings? ===
  
The "Call my office phone" option is not currently configured to work properly. Please choose another verification option.<br/> &nbsp;
+
Here are the most common reasons why you might want to change your MFA settings:
  
=== How do I use Multi-Factor Authentication? ===
+
*Lost cell phone
 +
*New cell phone
 +
*Different default authentication method is desired (text message, phone call, app code, etc.), particularly due to upcoming travel needs.<br/> &nbsp;
  
Once you have completed Multi-Factor Authentication set up, here is what to expect.
+
&nbsp;
  
When you sign in to a Multi-Factor Authentication protected online service (like webmail), from off-campus (or outside of the Middlebury networks), you will be prompted to verify the authentication request using the primary verification option that you selected during setup.
+
=== How do I change my MFA settings? ===
  
For example, if you chose the "Notify me through the app" option, you would enter your Middlebury email address and password at an online service’s login screen and then you would receive a notification from the Microsoft Authenticator app on your mobile device prompting you to “verify “or “deny” the authentication request.
+
It's easy to '''adjust '''your multi-factor authentication settings.&nbsp; Here's how:
  
'''Caution''': Only approve verification requests that you have initiated! This is particularly relevant to the "Notify me through app" and "Call my authentication phone" verification options. Imagine that an online criminal has your password and is trying to access your account. Once Multi-Factor Authentication has been enabled for your account, this access attempt would generate an authentication verification request. If you approved this verification request, the criminal would be able to access your account. Remember, '''only approve verification requests that you have initiated.'''
+
#For your '''Middlebury '''account, visit '''[http://go.middlebury.edu/mfasetup http://go.middlebury.edu/mfasetup]'''.&nbsp;<br/> For your '''GMHEC '''account for use with Oracle, visit the [http://myapps.microsoft.com/gmhec.org GMHEC app panel].  
 +
#You will receive a '''Midd''' MFA challenge through your current default method.  
 +
#On the ''My Sign-ins,Security Info ''page (shown below)...&nbsp;
 +
#*Your default method for receiving MFA challenges appears right at the top, above the authentication methods you set up previously.
 +
#*You'll see links at right that allow you to '''change''' or '''delete '''most entries you set up previously.&nbsp;
 +
#*If you were using the Microsoft Authenticator app on a device you no longer plan to use (or lost), click '''Delete''' beside the device entry to remove it.&nbsp; Next, click&nbsp; '''+ Add Method''' then go through the ''Authenticator app'' setup steps to set up your new device. 
  
&nbsp;
+
[[File:Changing MFA.png|center|640x305px|Changing MFA.png]]'''''Tips for new/upgrading phones:'''''
  
=== How do I update my Multi-Factor Authentication settings? ===
+
*Make sure to set your MFA to '''text '''<u>before</u> you switch.&nbsp; This will allow you to answer the first MFA prompt when downloading the Authenticator app onto your new phone.
  
It's easy to change your multi-factor authentication settings, should the need arise, once you've completed the enrollment process.
+
&nbsp;
  
To update your multi-factor authentication settings:
+
=== Related Pages ===
  
#Log on to the [https://myapps.microsoft.com myapps.microsoft.com]  
+
*[https://mediawiki.middlebury.edu/LIS/Microsoft_Authenticator_App Microsoft Authenticator App] -- how to get it and set it up
#In the top right corner click your '''profile picture''' and click '''Profile'''.
+
*[http://go.middlebury.edu/mfamethods MFA Verification Methods]  
#Click the link '''Additional security verification''', you will get a MFA challenge.
+
*[[Multi-Factor_Authentication#How_do_I_set_up_MFA_to_access_Oracle_or_Blackbaud.3F|MFA for GMHEC application access ]]- GMHEC apps (such as Oracle and Blackbaud) have a separate MFA setup
#Click '''Update your phone numbers used for account security'''.
 
  
Note that there is a shortcut to the Office 365 Account settings screen, that you can get to without first logging into web mail. Try [https://portal.office.com/account/ https://portal.office.com/account].
+
&nbsp;
  
If you would like to configure the Microsoft Authenticator app as the preferred authentication method, then your next steps would be to:
+
=== MFA Setup Guides ===
  
#Select '''Use verification code from app''' from the verification option drop-down list
+
*[http://go.middlebury.edu/mfaguide Middlebury's MFA Setup Guide] (go/mfaguide/)
#Click the '''Configure''' button displayed next to the Authenticator app option.
+
*[http://go.middlebury.edu/gmhecmfaguide Enrolling in GMHEC's MFA] (go/gmhecmfaguide/)
  
 
[[Category:Helpdesk Documentation]] [[Category:Public Search]] [[Category:MFA]] [[Category:Security]]
 
[[Category:Helpdesk Documentation]] [[Category:Public Search]] [[Category:MFA]] [[Category:Security]]

Latest revision as of 09:44, 8 October 2020

If you are unfamiliar with the concept of multi-factor authentication (MFA), please visit our overview page to learn the basics first before continuing.

What should I do to prepare for MFA?

Check out our readiness info page for details. You'll learn useful tips to help ensure your Multi-Factor Authentication setup goes smoothly.

 

Should I get the Microsoft Authenticator App?

YES!  Use of this app is the recommended way to work with your MFA account challenges and provides the smoothest experience for travelers.  Visit our MS Authenticator App wiki page to learn how to download the app and get it set up.

 

How do I set up MFA?

ITS enables MFA on new accounts and sends a “Middlebury Multi-Factor Authentication Enrollment” email containing links to Microsoft’s MFA Setup page and our Security Info Quick Setup guide. Follow the instructions presented to set up authentication methods you wish to use with your account.

Important:

  • Any device you wish to configure to use MFA must have a working network connection at the time of setup.
  • By clicking the "Set it up now" button, you are activating Multi-Factor Authentication and you must complete the setup process or you may be unable to access your account, including your email.

 

Which MFA setup method should I choose?

Here are descriptions of the most common scenarios, along with our MFA setup recommendations for each one.  Please visit our MFA verification wiki page for additional details about specific options.

Scenario A:  I have a Smartphone -- and I travel internationally and/or travel in areas without cellular coverage.

  • Choose Microsoft's Authenticator app with a code.

This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas without consistent network access. When presented with an MFA challenge you will need to input the code displayed by the Authenticator app to complete your login.

Network access is NOT required for the MS Authentication app to provide you with a code.

 

Scenario B:  I have a Smartphone -- and I rarely travel in areas without cellular coverage.

  • Choose Microsoft's Authenticator app with notifications.

This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas with consistent network access. When presented with an MFA challenge you will need to click Approve on your device to complete your login. Caution! Only click Approve when you have signed into a service you anticipate will trigger an authentication challenge.

Network access cellular or wifi IS required for the MS Authentication app to provide a notification.

 

Scenario C:  I have a Flip or Feature phone.

  • Choose Phone then specify Call or Text.

This method is recommended when you have a device that doesn’t support the Microsoft Authenticator app. When presented with an MFA challenge you will have to receive a phone call then press #, or else receive an SMS text message then enter the provided code, in order to complete your login.

Travel to areas without cellular coverage is not supported by this method. 

 

How do I use Multi-factor Authentication once I have it set up?

Once you complete your MFA set up, here is what to expect:

When you log in to an MFA-protected service (such as Webmail or Google) there is one additional step. After correctly entering your Middlebury email address and password at the login screen of the service you wish to access, you will be prompted to verify your login request.  This could be in the form of a phone call, text message, or mobile app notification or code, depending on the option you specified during the setup process.

  • For example, if you chose the "Notify me through the app" option, you would enter your Middlebury email address and password at the online service’s login screen, then you would receive a notification from the Microsoft Authenticator app on your mobile device prompting you to “Approve" or “Deny” the login request.

Important notes:

  • During the login process you can click the checkbox to remember my device for 30 days. With this setting enabled, you may not be prompted again for Multi-Factor Authentication from that application on that device for another thirty days.  Please note that some services will prompt for authentication every time, regardless.
  • Caution!  Only approve verification requests that you initiate!  This is relevant to the "Notify me through app" and "Call my authentication phone" verification options. Imagine an online criminal has your password and is trying to access your account. Once Multi-Factor Authentication has been enabled for your account, this access attempt would generate a login verification request. If you approved this verification request, the criminal would be able to access your account!  

 


How do I set up MFA to access Oracle or Blackbaud?

Oracle and Blackbaud accounts are provided by the Green Mountain Higher Education Consortium (GMHEC) rather than Middlebury, and they require a separate MFA setup.

If you are off-campus and you already have MFA protection set up for your Middlebury account, you will be prompted to enroll in GMHEC's multi-factor authentication (MFA) if you haven’t done so.  See “Enrolling in GMHEC Multi-Factor Authentication” for information.  

 


Why might I need to change my MFA settings?

Here are the most common reasons why you might want to change your MFA settings:

  • Lost cell phone
  • New cell phone
  • Different default authentication method is desired (text message, phone call, app code, etc.), particularly due to upcoming travel needs.
     

 

How do I change my MFA settings?

It's easy to adjust your multi-factor authentication settings.  Here's how:

  1. For your Middlebury account, visit http://go.middlebury.edu/mfasetup
    For your GMHEC account for use with Oracle, visit the GMHEC app panel.
  2. You will receive a Midd MFA challenge through your current default method.
  3. On the My Sign-ins,Security Info page (shown below)... 
    • Your default method for receiving MFA challenges appears right at the top, above the authentication methods you set up previously.
    • You'll see links at right that allow you to change or delete most entries you set up previously. 
    • If you were using the Microsoft Authenticator app on a device you no longer plan to use (or lost), click Delete beside the device entry to remove it.  Next, click  + Add Method then go through the Authenticator app setup steps to set up your new device.
Changing MFA.png

Tips for new/upgrading phones:

  • Make sure to set your MFA to text before you switch.  This will allow you to answer the first MFA prompt when downloading the Authenticator app onto your new phone.

 

Related Pages

 

MFA Setup Guides

Powered by MediaWiki