I want Multi-Factor Authentication!
Multi-factor authentication (MFA) provides an added layer of security for your accounts in so far as it requires identity confirmation using a secondary device such as a smartphone when you login to University of Ottawa resources.
Enrolling your account for Multi-Factor Authentication today provides your accounts and resources with added security now.
MFA Opt-In FAQ
If I do not access VPN, do I need MFA?
If you do not connect to VPN, this change does not apply to you. However, the academic/research community will be required to use MFA without exception starting in the fall, so we recommend you enrol today to provide your accounts and resources with added security now.
This change applies to you if you connect to the University’s VPN service.
Will the University provide a mobile device to authenticate via MFA?
The University will not provide you with a mobile device (phone) to use for MFA. However, if you do not have any mobile device, an alternative is available (see next question).
If I do not have a mobile phone capable of MFA, what are my options?
If you don’t own a compatible device for MFA you may request a physical token by submitting a Service Desk request. A physical token is a small device that generates and displays a passcode for users to authenticate on MFA. When you submit a request for a token, it will be configured for you and you will be contacted to arrange procurement. Tokens can be either picked up at 110 Séraphin-Marion on the uOttawa campus at a scheduled time or shipped Canada-wide (shipping times subject to courier).
Does MFA affect retired staff?
No, retired staff cannot access VPN and therefore are not required to enrol in MFA.
If I have no cellular or Internet connection, will I be able to access uOttawa resources via MFA?
Yes, on the Microsoft Authenticator mobile app, a 6-digit code can be generated without a cellular or internet connection. If you do not have Wi-Fi or cellular access, you can open the app, tap on “University of Ottawa” and enter the code the authenticate.
When authenticating on MFA to login on VPN, you will need to wait 60 seconds before you are prompted to enter a code.
Does MFA only affect VPN or does it also affect web applications (e.g. BrightSpace, uoCampus, Teams/Email, etc.?)
Once you enrol, you will be required to authenticate using MFA the next time you login to VPN. For all MFA-enabled web applications (e.g.: BrightSpace, uoCampus, Microsoft 365), MFA will be activated within 24 hours.
Does MFA work on Linux?
Yes. MFA uses the Microsoft Authenticator mobile app on your iOS or Android device or a physical token to authenticate. You can proceed to use VPN or login to web applications with MFA without issue on Linux.
How do I know if I’m already enrolled for MFA?
To confirm you’re enrolled, please visit the MFA Portal. If you are not enrolled, the system will ask you to enrol your mobile device.
Is there a difference between authenticating through a notification versus a verification code?
No, there is no difference. The option is based on your preference. A notification will appear on your mobile device in real-time when you are required to authenticate on MFA. If you use a verification code, you will have to open the mobile app and enter the code from the app every time you login to VPN or an MFA-enabled system. Based on the feedback we have received, using notification mechanism is the fastest and most convenient way to use MFA.
Can I use other methods for MFA (e.g. MFA via email, SMS, etc.)?
No, for security reasons true MFA (also called 2-factor authentication) requires a minimum of two of the following:
- Something you know (e.g.: your password)
- Something you have (e.g.: your mobile app or token)
- Something you are (e.g.: fingerprint, face, eye, or another biometric scan)
Other means like email or even phone/SMS are inherently insecure and not sufficient for MFA.
Does the University capture information about my mobile phone or track me?
No. Your privacy is of the utmost importance to us. The mobile app does not track your location, nor does it provide the University with any personal information about you or your device.
What if I lose / break / do not have access to or change my mobile device, will I still be able to access University systems?
We strongly recommend enrolling more than one device if you can. The MFA portal allows up to five devices to be enrolled. This ensures you always have a backup. If you encounter issues, please open a Service Desk request.
If I only use a desktop computer and not a mobile device, is MFA still required?
In order to access VPN from any device, including a desktop or laptop computer, MFA will be required. If you never connect to VPN, you do not require MFA at this time.
However, MFA will become mandatory for access to other MFA-enabled systems (e.g.: BrightSpace, uoCampus, Microsoft 365) in the fall of 2020 for academic/research community, so we recommend you enrol today to provide your accounts and resources with added security now!
Can I install Microsoft Authenticator app on my desktop or laptop?
No, the Authenticator app can only be installed on iOS and Android mobile devices (phones and/or tablets).