What is Multifactor Authentication and why should we use it?
Multifactor Authentication (MFA) is a security feature, which adds a layer of protection when accessing your UL account remotely. Recently, hackers have targeted higher education institutions by using fraudulently acquired credentials to acquire sensitive and personal information from users. Multifactor authentication is an effective control to help prevent these type of attacks.
How does Multifactor Authentication work?
Multifactor Authentication (MFA) works by requesting a second factor of authentication to verify your identity with something you know (UL username & password) in addition to something only you have (your mobile phone, on which you will receive a login confirmation notice via an app).
What this means for me?
You will be required to use MFA to access Microsoft Services (Email, OneDrive for Business and Teams) & Sulis off-campus. ITD have plans to implement MFA on all IT services provided by ITD.
Once you are registered for MFA and you want to access Office 365 services (Email, OneDrive for Business and Teams) or Sulis off-campus, you will be requested to provide a second factor of authentication for that device and for every Microsoft application you launch, i.e., Outlook, Teams and OneDrive for Business. This means you will need to verify your authentication via your mobile phone (simply tap Approve when prompted).
If you want to access Microsoft Services via the Microsoft 365 Portal using a Web Browser, you should select the “Don’t ask me again for xx days” option on the screen when prompted. This setting should only be enabled on UL-managed devices, and ITD do not recommend using public computers such as in cafes or hotel foyers to access UL services or data including email. See FAQ’s for further details.
Your device will then be trusted for 60 days and you will not be requested for your second factor of authentication on that device again until that time period expires.
If your access Microsoft services / Sulis on multiple devices, this verification process will be repeated for each device.
Self-Service Password Reset (SSPR) enables you to reset your UL computer account password (e.g. your UL email or Sulis password) anywhere anytime without the need to contact our Service Desk. Self-Service Password Reset can be used when you have forgotten your password, your password has expired, you wish to reset/change your current password, or you want to unlock your account.
SSPR is available 24 x 7, however, you have to register for both Multifactor Authentication (MFA) and SSPR before you can use this method to reset your password.
What are the recommended password characteristics?
The UL Password Standards describes the characteristics of a valid password.
- If your phone has a cover on it, make sure the cover is not obstructing the camera in anyway as the camera will be required to scan a QR code when registering.
- If you are registering using your mobile data and have a limited mobile data plan, please make sure you have not reached your limit before starting the registration process.
- Make sure you have an active internet connection either on your mobile data or over Wi-Fi before starting the registration process.
- Make sure your phone is not in ‘Airplane mode’ before starting the registration process.
- Make sure your phone is not in ‘Do Not Disturb’ or ‘Quiet’ mode. These modes can prevent apps from sending notifications.
- If you have battery optimization enabled on your phone the approval push notification may not appear on your phone as battery optimization will stop certain apps from running to conserve the battery. If your phone battery is running low charge the phone before starting this process to avoid battery optimization interfering with this process.
|Authenticator app||Multi-Factor Authentication (MFA) and for Self Service Password Reset (SSPR)|
|Text Messages||Multi-Factor Authentication (MFA) and for Self Service Password Reset (SSPR)|
|Phone Calls||Multi-Factor Authentication (MFA) and for Self Service Password Reset (SSPR)|
|Email Account||Self Service Password reset authenticationnn only. You'll need to choose another method for Multi-Factor Authentication|
Users are not charged for SMS messages or phone calls, unless they are in a foreign country, where the phone carrier applies charges to receive an SMS message or phone call.
Commence the registration process by visiting https://portal.office.com The username is your UL email address (i.e. email@example.com or firstname.lastname@example.org) and the password is your UL email password. You will be asked to register a secondary factor for your account. Click Next. You will be presented with the registration wizard below. Select “I want to set up a different method”
When you install the Authenticator app you need to allow it to access your camera so it can scan the QR code when registering for MFA.