Views:

PURPOSE:

Article explains how to configure authentication methods primarily for the use of multi-factor authentication, which is being enabled for all students, faculty, staff at the end of April.

APPLIES TO:

Rose-Hulman Institute issued user accounts.

 

MFA Setup Instructions

Section: Introducuction

Multi-factor Authentication (MFA), also known as Two-Factor Authentication, adds an additional level of protection for an account beyond the password. With MFA, a malicious actor who gains access to a user's password is still prevented from logging in because the legitimate user will be prompted for authorization from their designated method.  
 
With MFA enabled, accounts will be prompted for secondary verification when attempting to login to Microsoft services (Office, Teams, SharePoint including the My Rose-Hulman website) from off campus. The campus VPN will also be configured to require MFA when connecting. Our implementation of MFA will be configured so that users on campus or connected to the campus VPN WILL NOT receive the additional verification prompt when accessing individual applications 

Section: mfa setup instructions

  1. Navigate to https://myaccount.microsoft.com/ and login with your Rose-Hulman credentials. 
    1. If you have no MFA sign-in methods configured, you will receive a prompt stating "More information required" and will need to through an initial setup page. 
      1. Click Next
      2. The "Keep your account secure" dialog will default to setting up the Microsoft Authenticator app. If you would prefer to setup a Phone number or alternate Authenticator app, you may do so by clicking the I want to set up a different method link at the bottom of the page. 
      3. Once a method has been configured, you will also be required to setup an App password which is used for older applications that do not support MFA.  
  2. At the Account Overview page, click Security info from the left sidebar. 
    Note: You may be prompted to authenticate with an MFA sign-in method if one is already present.  
  3. Click on Add method. 
  4. Select the method you would like to add from the dropdown list. 
    1. Authenticator app 
      Two options are available after selecting this option. 
      1. Microsoft Authenticator (recommended method) 
        App for iOS/Android smartphones that will need to be downloaded to your phone as part of the setup. Provides a phone notification when prompted that you can Approve or Deny. If ever in a situation where you phone does not have cellular or wireless access, the app can also provide a 6-digit one-time password code that rotates every 30 seconds. 
      2. Different Authenticator App (if you are already using an authenticator app for other systems and would like to maintain consistency) 
        Supports most third-party authenticator apps like the Google Authenticator which are similar in features to the Microsoft Authenticator. 
    • Office Phone 
      Calls your office phone number which will ring your physical phone as well as any device where you are logged into the Microsoft Teams. You will be asked to press # to approve the login attempt. 
    • Phone 
      Calls or sends an SMS text message to the phone number provided. For calls, you will be asked to press # to approve the login and for SMS text messages, you will be provided a numeric code to enter. 
      Warning: If using your home phone number, MFA will be limited to your residence. We strongly recommend using a cell phone that you normally have with you. 
    • Alternate Phone 
      Calls the phone number provided. You will be asked to press # to approve the login attempt. SMS text messages are not supported for the Alternate Phone option. 
    • App password 
      Used for older applications that do not support MFA. Provides a string of characters that is used instead of your account password. 
    • Security key 
      Hardware device that typically plugs into a USB port or uses NFC to authenticate on smartphones that support the protocol. This option would require you to have already purchased the device before setting up. 
    • Email 
      While a non-RHIT email address can be added, it is used only for self-service password resets and not for MFA authentication attempts. However, we strongly recommend that you provide a non-RHIT email address here in the event it is needed for password resets. 
  2. Follow the on-screen instructions to add verify the selected method. 
  3. Repeat steps 3-5 for any additional methods you wish to add. 
  4. After finishing setting up sign-in methods, you can select a default method that will always prompt first.  
    • Above Add method click Change after Default sign-in method
    1. Select your preferred default method from the drop-down list. 
    2. Click Confirm. 
  2. Once finished, close the browser window or tab. 
 

More help:

If this information does not help resolve your issue and/or you need assistance from EIT, please submit an online service request at: https://rose-hulman.microsoftcrmportals.com/SignIn?ReturnUrl=/mycases/create-case/


 

Keywords: Multifactor, Authentication, Multi-Factor, MFA, 2-Factor, Two-Factor
Comments (0)