Knowledgebase: IT Security
Multi-factor Authentication (MFA)
Updated: 03 December 2020 10:25 AM

 

What is MFA?
What do you need to do?
Set up Authenticator (Video)
Set up Authenticator (Written)
What's next?
Adding Another Device
FAQ
Troubleshooting
  - Authenticator says the Microsoft account doesn't exist
  - Outlook app stopped sending and receiving

 

What is MFA?

MFA is a process where a user is prompted during the sign-in process for an additional form of identification, such as accepting a prompt or entering a code on a mobile phone. This adds a layer of security by relying on a device that only you have access to, your mobile phone.

What do you need to do?

The first step is to register with MFA service. You will need to to have access to both your computer and your mobile phone. Register by visiting the Microsoft My Sign-Ins site on your computer and follow the steps to complete the registration. 

This process requires the installation of Microsoft Authenticator on your mobile phone (detailed below). Some users may already have Authenticator for other services outside of OCAD U. The process for new users and existing users of Authenticator are slightly different. Both are documented below. The video below shows the process for first-time users of Microsoft Authenticator.

Set up / Register Authenticator

 

  1. On your computer, login to Microsoft My Sign-Ins site.

  2. After sign-in you are prompted for more information regarding your account. Click Next.



  3. You are prompted with "Start by getting the app." Download the app on your mobile phone. The app is available for download for both iOS and Android. Once the app is installed on your phone click Next.

  4. This page reads "Set up your account." Do not follow the prompt here, click Next.

  5. You are prompted with "Scan the QR Code."



  6. Open the Authenticator app on your phone. (If prompted choose to allow notifications.)

  7. If you are a new user tap Scan QR Code.

    If you are an existing Authenticator user, tap the New Account button (+) and then tap Work or school account.

    If prompted allow access to the camera and scan the code displayed on your computer by pointing your camera at it. The scan registers and creates the account on your mobile phone.

    Screenshot showing two sets of phone screenshots.

  8. Back on the "Scan the QR Code" page in the web browser click Next

  9. You are prompted "Let's try it out." A notification has been sent to your mobile phone. Approve the notification.



  10. Click Next in the browser on your computer.

  11. You are directed to the Success page. Click Done. The sign-in completes.

What's next?

Once you are registration is complete, your MFA will be enabled within 24-48 hours when you will be automatically prompted on your phone via the new app.  If you are interested in learning more about MFA, check out this Microsoft article.

 
Screenshots of the new MFA prompts. 

Adding Another Device

It is considered a best practice to have another device with Authenticator. This device could be another phone or tablet. Having a second device configured protects you in the event your primary device is lost or damaged.

  1. Login to the Microsoft My Sign-Ins site.
  2. In the Security Info panel, click + Add Method.



  3. You are prompted to choose a method. Choose Authenticator app and click Add.



  4. Proceed with the registration at Step 3 in the section Setup.

 

FAQ

Which services are MFA enabled? 

Currently Microsoft 365, my.ocadu.ca and other Single Sign-On services including Canvas are enabled with MFA. VPN service for staff also requires MFA.

What devices can I use with MFA? 

Our MFA solution uses Microsoft Authenticator for mobile devices. It will work with smartphones and tablets running iOS (11.0 or higher) and Android (6.0 or higher). You can register multiple devices with Authenticator.

What steps should I take if I lost my phone or can't locate my phone?

We strongly recommend that you add a secondary device to help prevent being locked out of your account if your phone is lost or not with you. If this option has not been configured, you can contact IT to reset the MFA setting on your account. After being reset, you can re-register for MFA the next time you sign in.

You can remove the lost device from your account on the Microsoft My Sign-Ins site.

Why doesn't the Authenticator app prompt me when I sign in? 

  • Check the Notification Settings on the device and make sure it is turned on for Authenticator.
  • MFA prompts can take a few moments to appear on your device.
  • If the prompt disappears, try refreshing Authenticator by swiping down.

Why am I prompted again when I have already signed in to 365.ocadu.ca?

Other OCADU services (e.g Canvas) also require MFA verification. 

Mail client (Android mail or Apple mail) stopped working after MFA is enabled.  What can I do?

Along with MFA service, legacy authentication clients including Android mail and older version of Apple mail are disabled for OCADU services.  Outlook app is the only fully supported app for OCADU users.

 

 

Troubleshooting

Authenticator says the Microsoft account doesn't exist. 

The image above is the login screen for personal accounts and will not recognize your OCADUid. A work or school account is required. See below to add a work or school account.

  1. Tap back until you are at the Accounts screen and tap Add Account.



  2. Tap Work or school account.

    If prompted allow access to the camera and scan the code displayed on your computer by pointing your camera at it. The scan registers and creates the account on your mobile phone.



  3. See step 8 in the procedure above.

Outlook app stopped sending and receiving

It is recommended that you remove and install Outlook app to sync with 365 when MFA is activated. 

Contact IT 

 Email: ithelp@ocadu.ca

 Phone: 416-977-6000 x 277