Multi-factor authentication

Security breaches due to compromised credentials have unfortunately become an occurrence. With an increasing number of passwords to remember, people are prone to re-use the same passwords for many accounts or to use passwords with easy-to-use and easy-to-access information (date of birth, names of family members or pets, etc.). When other non-University services (social networks, websites, etc.) have breaches, these in turn can lead to your credentials being compromised and used to access confidential or restricted University  information.

Multi-Factor Authentication (MFA) is an additional service in the authentication process. It validates the identity of the user accessing online systems and applications. MFA works on these principles: what the user knows (their password), what the user has (their smartphone or a physical device that generates one-time passwords), what the user is (e.g. their fingerprint or iris).

MFA is very easy and convenient as you are using your smartphone, which most of us carry it everywhere. And you don’t need to have your work email on your phone since MFA only uses it to get your approval via the app. Your data plan will also not be affected by any text messages or data transferred. 

Step 1: Download the MFA app on your iOS or Android Device

The location setting is used solely to allow the MFA app. The University of Ottawa does not collect nor store any personal data from your device.

  • Download the Microsoft Authenticator app: App Store (iOS version 11 or higher) or Google Play (Android version 6.0 or higher).

* Can’t use the MFA app? Proceed to Step 2 (alternative): Enroll into MFA with a hardware token.

Step 2: Enroll into MFA with the mobile app

To complete this step, you will need your desktop/laptop and your mobile device.

Important note before you start

You must use the scanner in the Microsoft Authenticator application to scan the QR code (step 4). Using your camera or other applications will result in a migration error.

 

MFA Self-enrolment steps

  1. On your desktop/laptop, open a new window or browser and visit https://aka.ms/mfasetup. Enter your uoAccess credentials and click Login.
    Microsoft sign-in screen with content fields for email, phone or Skype with a blue Next button
    UOaccess credentials login screen
  2. On the More information required screen click Next.
    More information required screen. With blue Next button
  3. The Additional security verification screen will appear. For the subsequent questions, select the following options:
    Additional security verification screen with drop down menu and radio buttons
    • How should we contact you? In the drop-down menu select Mobile App.
    • How do you want to use the mobile app? Click the Receive notifications for verification option.
    • Click Set up.
       
  4. The Configure mobile app screen will appear. Complete the following steps:
    Configure mobile app screen, has a QR code and instructions
    • Ensure the Microsoft Authenticator is installed on your Windows Phone, Android or iOS.
    • Open Microsoft Authenticator on your mobile device.
    • Tap Add account (or the + button). Select Work or school account.
      in Microsoft Authenticator, add account screen
      in Microsoft Authenticator, options for type of account to be added
    • Scan the QR code displayed on your browser with your mobile device camera. If you do not want to use the camera on your device, enter the numerical code and follow the link provided on the screen.
      in Microsoft Authenticator, highlight of QR code to be scanned
    • Click Next.
      Screen showing blue Next button
  5. The Additional security verification screen will appear. Microsoft will check the activation status. Once verified, the message Mobile App has been configured for notifications and verification codes will appear. Click Next.
    Addition security verification screen with drop-down menu and radio buttons
  6. The Additional security verification screen will appear. Under Let’s make sure we can reach you on your Mobile App Device, follow the prompt, Please respond to the notification on your device. On your Mobile App click Approve
    MFA Additional security screen, text reads 'Secure your account by adding phone verification to your password. View video to know how to secure your account. Step 2 Let's make sure that we can reach you on your Mobile App device' with a blue 'Done' button
    .
    Telephone screenshot of MFA Approve screen

     

  7. The profile on your smartphone will display your account. 
    • University of Ottawa (This is your MFA account)
  8. These are your preferred MFA settings. No further action is required. The process is complete.
    Additional security verification screen showing preferred options, blue button to 'Set up Authenticator app' and a blue button to 'delete'
Step 2 (alternative): Enroll into MFA with a hardware token

If you don’t own a compatible device for MFA you may request a physical token by submitting a Service Desk request. A physical token is a small device that generates and displays a passcode for users to authenticate on MFA. When you submit a request for a token, it will be configured for you and you will be contacted to arrange procurement. Tokens can be either picked up at 110 Séraphin-Marion on the uOttawa campus at a scheduled time or shipped Canada-wide (shipping times subject to courier).

Recommended: Enroll a secondary device into MFA

You can add up to 3 devices (smartphones or tablets) to your account.

  1. On your desktop/laptop, visit the MFA portal.
  2. Enter your uoAccess credentials and click Login.
  3. You will receive a push notification on your phone. Tap on it and select Approve to complete your login in the MFA portal.
  4. Select Activate Mobile App on the left menu.
  5. On your secondary device, open the Microsoft Authenticator App, tap Add Account or the button, and scan the QR code with your device camera that appears in the MFA portal.

Note: If you use multiple devices to MFA, all your devices will receive a push notification when a login approval is required. The first device to approve the authentication will authorize the log in.

Step 3: Authentication on a mobile device
  1. When accessing a uOttawa MFA-enabled system a Microsoft prompt will appear, enter your @uOttawa email address.
    Microsoft sign-in screen with input field for @uottawa.ca email address and link for No account Create one! Can't access your account? and Sign-in options. Blue Next button

     

  2. On the uOttawa login screen, enter your uoAccess credentials.
    uOttawa authentification page, includes fields for username and password and a login button

     

  3. On your internet browser, you will see a MFA sign-in request for your account loading. On your MFA-enabled device, You will receive a sign-in verification request notification. In the Authenticator mobile App click Approve
Step 3: Authentication with a hardware token
  1. When accessing a uOttawa MFA-enabled system a Microsoft prompt will appear, enter your @uOttawa email address.
    Microsoft sign-in screen with content fields for email, phone or Skype with a blue Next button
  2. On the uOttawa login screen, enter your uAccess credentials.
    uOttawa authentification page, includes fields for username and password and a login button
  3. You will be prompted to input a token number. Enter the six digits displayed on your hardware token. Click Verify.
    Microsoft screen to Enter code displayed on Microsoft Authenticator app on a mobile device, field to enter code and blue Verify button
Known issues
  • Microsoft Authenticator app is not compatible with the mobile device error message: Use the hardware token.
  • No push notification is sent via the mobile app: Make sure push notifications are enabled on the mobile device. Close the mobile app and try again.
  • The token-generated six-digit code does not work: The code is valid for 30 seconds only. Wait for a new code to be generated and login again. If after several attempts with different codes the authentication is not successful, remove the device and re-add it on the MFA portal.
  • Error received in mobile app when adding a secondary device. You cannot add a secondary device directly from the mobile app. To do so, go to the MFA portal and follow the steps to add a secondary device.
  • MFA issues when signing into Office 365 on mobile devices 

iOS 11 or higher is required for iPhone devices so that email works with Mail or Outlook. If the system keeps prompting for a password, delete the account from Passwords & Accounts and reconfigure it using the automatic setup (Sign In) function instead of the Manually Configure option. The ADFS window for MFA will now appear when signing in.

Android users will need to use Outlook and the setup is straight forward. The system prompts only for email and password information.

Here's an example of MFA in action: 

You are working off-campus and need to use the VPN client. Open your laptop, click on Connect in the Cisco AnyConnect VPN login box, and enter your account and password. A new step gets introduced: a yellow warning symbol appears in the VPN client and a notification is sent to your phone asking you to verify your identity. Click Approve and you will see the usual Welcome to the University of Ottawa pop-up message. You can then proceed with your normal activities. 
Back to top