Multi-factor authentication

Security breaches due to compromised credentials have unfortunately become an occurrence. With an increasing number of passwords to remember, people are prone to re-use the same passwords for many accounts or to use passwords with easy-to-use and easy-to-access information (date of birth, names of family members or pets, etc.). When other non-University services (social networks, websites, etc.) have breaches, these in turn can lead to your credentials being compromised and used to access confidential or restricted University  information.

Multi-Factor Authentication (MFA) is an additional service in the authentication process. It validates the identity of the user accessing online systems and applications. MFA works on these principles: what the user knows (their password), what the user has (their smartphone or a physical device that generates one-time passwords), what the user is (e.g. their fingerprint or iris).

MFA is very easy and convenient as you are using your smartphone, which most of us carry it everywhere. And you don’t need to have your work email on your phone since MFA only uses it to get your approval via the app. Your data plan will also not be affected by any text messages or data transferred. For now, MFA has been activated for the accounts of the pilot projects participants.

Step 1: Download the MFA app on your iOS or Android Device

The location setting is used solely to allow the MFA app. The University of Ottawa does not collect nor store any personal data from your device.

  • Download the Microsoft Authenticator app: App Store (iOS version 9 or higher) or Google Play (Android version 4.2 or higher).

* Can’t use the MFA app? Proceed to Step 2 (alternative): Enroll into MFA with a hardware token.

Step 2: Enroll into MFA with the mobile app

To complete this step, you will need your desktop/laptop and your mobile device.

  1. On your desktop/laptop, visit the MFA portal: https://mfa.uottawa.ca.
  2. Enter your uoAccess credentials and click Login.
  3. Select Mobile App as your MFA Method. Click Generate activation code.
  4. QR code will be displayed on your browser.
  5. Open Microsoft Authenticator on your mobile device.
  6. Tap Add account (or the + button) and select Work or school account.
  7. Scan the QR code displayed on your browser with your mobile device camera.
  8. If you do not want to use the camera on your device, enter the code and follow the link provided on the screen.
  9. On your browser in the MFA portal, click Authenticate Me Now.
  10. This will generate a push notification on your mobile device. Tap Approve without unlocking your device and you’re done!
Step 2 (alternative): Enroll into MFA with a hardware token

If you prefer to use a hardware token, you may pick one up free of charge from the following locations:

  • Service Desk at Morisset Library, 1st Floor
  • Roger-Guindon Hall, Room 3028
  • 200 Lees, Room C141b

 

  1. On your desktop/laptop, visit the MFA portal: https://mfa.uottawa.ca.
  2. Enter your uoAccess credentials and click Login.
  3. Select OATH Token as your MFA Method.
  4. Enter the serial number on the back of your token.
  5. Enter the 6-digit code displayed by your hardware token.
  6. Click Authenticate me now. Your token is now registered!
Hardware token for MFA

Measures 44 x 19 x 6.5 mm; weighs 11 grams

 

Recommended: Enroll a secondary device into MFA

You can add up to 3 devices (smartphones or tablets) to your account.

  1. On your desktop/laptop, visit the MFA portal: https://mfa.uottawa.ca.
  2. Enter your uoAccess credentials and click Login.
  3. You will receive a push notification on your phone. Tap on it and select Approve to complete your login in the MFA portal.
  4. Select Activate Mobile App on the left menu.
  5. On your secondary device, open the Microsoft Authenticator App, tap Add Account or the button, and scan the QR code with your device camera that appears in the MFA portal.

Note: If you use multiple devices to MFA, all your devices will receive a push notification when a login approval is required. The first device to approve the authentication will authorize the log in.

Known issues
  • Microsoft Authenticator app is not compatible with the mobile device error message: Use the hardware token.
  • No push notification is sent via the mobile app: Make sure push notifications are enabled on the mobile device. Close the mobile app and try again.
  • The token-generated six-digit code does not work: The code is valid for 30 seconds only. Wait for a new code to be generated and login again. If after several attempts with different codes the authentication is not successful, remove the device and re-add it on the MFA portal.
  • Error received in mobile app when adding a secondary device. You cannot add a secondary device directly from the mobile app. To do so, go to the MFA portal and follow the steps to add a secondary device.
  • MFA issues when signing into Office 365 on mobile devices 

iOS 11 or higher is required for iPhone devices so that email works with Mail or Outlook. If the system keeps prompting for a password, delete the account from Passwords & Accounts and reconfigure it using the automatic setup (Sign In) function instead of the Manually Configure option. The ADFS window for MFA will now appear when signing in.

Android users will need to use Outlook and the setup is straight forward. The system prompts only for email and password information.

Here's an example of MFA in action: 

You are working off-campus and need to use the VPN client. Open your laptop, click on Connect in the Cisco AnyConnect VPN login box, and enter your account and password. A new step gets introduced: a yellow warning symbol appears in the VPN client and a notification is sent to your phone asking you to verify your identity. Click Approve and you will see the usual Welcome to the University of Ottawa pop-up message. You can then proceed with your normal activities. 
Back to top