Overview
In order to enhance the college IT security all users will be required to login using Multifactor Authentication (MFA). Multifactor Authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login.
Usernames and passwords are vulnerable and can be stolen or guessed by third parties. Enforcing the use of an MFA factor means increased confidence that Sault College will stay safe from cyber criminals.
Always Log Out!
Remember to log out when you finish your remote access VPN session. If you do not log out, someone could use your account to gain unauthorized access to your network!
NOTE:
1) The article assumes you are using an iPhone, but other devices will have similar processes for login.
2)
MFA is the acronym for
Multi Factor Authentication
3) If you weren't attempting to login and receive an MFA login request -
Immediately, change your password then report the incident to IT by logging a Compromised account ticket
Report a Compromised Account
4)
You will always have to have your MFA device with you when logging in.
Instructions
Registering for MFA
Using MFA for Sault College Microsoft Accounts
Using MFA for Sault College VPN
Setting up MFA after receiving a new computer or new image
Making changes to my MFA registration
Once your IT Administrator enables MFA on your account you will be required to register for MFA the next time you access a Microsoft resource.
If you have already set up the Self Service Password Reset you may not have to do anything to start using MFA at Sault College; Please read Using MFA for Sault College Microsoft Accounts or Using MFA for Sault College VPN (below).
NOTE: If you haven't setup
Self Service Password Reset, configuring MFA will also fulfil this requirement allowing you to manage your own password when needed.
We recommend that you use Microsoft Authenticator as your default MFA Security Method as this is the easiest and most secure method of the many options available.
Video Tutorial
This video will give you an understanding of How to register for Multi-Factor Authentication (MFA). The only part of the video that you wouldn't need to follow is when they tell you to navigate to https://aka.ms/mfasetup. With the college's process, MFA registration will begin automatically for you when logging into a Microsoft resource for the first time, such as www.office.com.
Setting up MFA for the first time
Goto www.office.com
Login with your college username@saultcollege.ca and password
You will next be prompted - More information required.
Configuring MFA to use the Microsoft Authenticator App (Recommended Method)
For the first field of “Step 1: How should we contact you?” change from Authenticator phone to Mobile App
You will be presented with 2 options:
- Receive notification for verification
- Use verification code
Receive notification for verification
Receiving the notification code is the easier approach but will discuss both below.
Before clicking the Set up button take NOTE beside the Set up button. You will see, either:
- Please configure the mobile app - Still haven't installed the app
- Mobile app has been configured - App has been installed
If you have Microsoft Authenticator app is installed on your smart phone, open it now.
If you don’t have it installed, you will have to install it using the AppStore (iOS) or the Playstore (Android) - Once installed you can proceed.
If/Once installed - click the Set up button
You will now be presented with a QR code that you can scan with the Microsoft Authenticator app.
To use this QR code you will first have to
- Open or Install the Microsoft authenticator app on your smart device.
- In the app, click the + sign to add an account and choose Work or school account.
- Scan the provided QR code
- You should now see it listed as an account in the Authenticator mobile app
- Click Next in the Configure Mobile app windows, on your PC.
- Your Activation Status will then be checked
- Click Next in the Additional security verification window, on you PC.
Microsoft will now automatically test the new MFA settings
On your smart phone you will be presented with a Notification that says Approve sign-in?
Tap it on your smart phone screen
Tap Approve
On your PC screen you will now see Verification successful. Taking you to the next step…
Use verification code
The second option is to use Verification code. We don’t recommend this option as it requires a more manual approach for each login. If you choose to use this option
Click User Verification code
If you haven’t setup the Mobile app yet, click Set up (Follow the above steps)
Otherwise click Next
On the Additional Security verification screen you will be asked for a verification code
- Open the Authenticator app on your smart phone
- Tap the account that you previously setup
- Make note of the One-time password code and enter it in available field
On the Additional Security Verification screen enter your phone number
Click Done
You will then be prompted to use the MFA method for the first time
On your smart phone
- Open the Authenticator app on your smart phone
- Tap the account that you previously setup
- Make note of the One-time password code and enter it in available field
NOTE: Between these 2 methods Receive notification for verification automatically prompts you on your phone and Verification Code requires you to manually navigate to the Authenticator app to locate the code.
Read Where is my MFA registration stored to learn how to set this up.
When logging into any Sault College Microsoft Service you will have the same experience as describe below. We will focus only on logging into the website.
On your Computer - navigate to www.office.com in your web browser
- Login using your Sault College username and password
On your phone - you will receive a pop up to Approve sign-in?
On your Computer - while at the same time you will receive a number in the web browser
On your phone - Tap Approve Sign in?
NOTE: If you receive a Microsoft Authenticator request on your smart phone and the location on the map is not what you expected and/or you haven’t made a login request DO NOT APPROVE the request and click No, it's not me.
On your phone - If your are certain this is an expected request, enter this number of your phone and tap Yes
After tapping Yes your will now be logged in
In the right most side of your Taskbar you will notice the Cisco Anyconnect VPN circle icon, as seen in the image below. Moving your mouse over this icon will reveal your connections status. This picture demonstrates Cisco Anyconnect in a disconnected state.
To Connect to Sault College's VPN
- Double click the Cisco Anyconnect circle icon
OR
- You can start the program from the Start menu in the Cisco application group
- In the drop down box add /mfa to the end of the existing URL. After the update it should read: vpn.saultcollege.ca/mfa
- Click Connect
- Login using your Sault College username and password
NOTE: Your username is first intial + lastname, you don't have to include the college domain of @saultcollege.ca
Example: asmith
Not: asmith@saultcollege.ca
On your phone - Tap Approve Sign in?
NOTE: Unlike the login to Microsoft Services you won't see the Map
On your phone: Microsoft Authenticator will now prompt you to approve or deny the sign in
- Tap Approve {If you've made this request}
NOTE: You will now see a generic message in the Authenticator app that says Authenticator locked. For the purpose of MFA, you have already approved access and the Authenticator app on your phone can be closed. If you want to view the settings of the Authenticator app you can click Unlock to view those settings.
Moving your mouse pointer over at the Cisco AnyConnect icon on the right most side of you taskbar, you will now see that you should be in a Connected state.
Troubleshooting
If you forget to add the /mfa to the end of the URL you will receive this error. We’ve also noticed that after the first reboot of your computer this /mfa may need to be updated a 2nd time.
Please see this supporting Knowledge base article
If you want to make changes to your MFA registration by deleting or changing your default method simply follow the below steps.
Login to your Sault College Microsoft Account
Go to www.office.com
Login with your Sault College credentials
In the top right hand corner you will see your initials
Click your initials
Then click View Account
Click Update Info under Security Info
You will now see the MFA methods you have setup.
If you need to change these methods you can simply delete/add them by clicking Delete to start over.
NOTE: don't delete all methods as this will break your connection to our servers requiring Service Desk to assist you in fixing your account.
Change Default Method
If you want to change your default method for MFA, click Change beside Default sign-in method
Recommended: ITS recommends using the Microsoft Authenticator - notification as your default methods
Add a new method - Phone
Click Add Method
Choose Phone and click Add
Enter the phone number and click Next
On your phone - Take note of the verification code
On your computer - Type this code the the corresponding box and click Next
You should then receive a message if the new security method was successful
Click Done
