Knowledgebase: Administrative Staff
Multi-factor Authentication (MFA)
Updated: 11 March 2021 09:48 AM


What is MFA?
What do you need to do?
Set up Authenticator (Video)
Set up Authenticator (Written)
What's next?
Adding a New Phone or Secondary Device
  - Authenticator says the Microsoft account doesn't exist
  - Outlook app stopped sending and receiving


What is MFA?

MFA is a highly effective cybersecurity measure, widely adopted in higher education and other sectors, that requires a user to prove their identity using another verification factor when logging into a service and adds an extra layer of security to your OCAD U account. 

Verifying your identity using a second factor (like your phone or other mobile device) prevents cyber-criminals from accessing your account, even if your password has been compromised. 

What do you need to do?

The first step is to register with MFA service. You will need to to have access to both your computer and your mobile phone. Register by visiting the Microsoft My Sign-Ins site on your computer and follow the steps to complete the registration. 

This process requires the installation of Microsoft Authenticator on your mobile phone (detailed below). Some users may already have Authenticator for other services outside of OCAD U. The process for new users and existing users of Authenticator are slightly different. Both are documented below. The video below shows the process for first-time users of Microsoft Authenticator.

Set up / Register Authenticator


  1. On your computer, login to Microsoft My Sign-Ins site.

  2. After sign-in you are prompted for more information regarding your account. Click Next.

  3. You are prompted with "Start by getting the app." Download the app on your mobile phone. The app is available for download for both iOS and Android. Once the app is installed on your phone click Next.

  4. This page reads "Set up your account." Do not follow the prompt here, click Next.

  5. You are prompted with "Scan the QR Code."

  6. Open the Authenticator app on your phone. (If prompted choose to allow notifications.)

  7. If you are a new user tap Scan QR Code.

    If you are an existing Authenticator user, tap the New Account button (+) and then tap Work or school account.

    If prompted allow access to the camera and scan the code displayed on your computer by pointing your camera at it. The scan registers and creates the account on your mobile phone.

    Screenshot showing two sets of phone screenshots.

  8. Back on the "Scan the QR Code" page in the web browser click Next

  9. You are prompted "Let's try it out." A notification has been sent to your mobile phone. Approve the notification.

  10. Click Next in the browser on your computer.

  11. You are directed to the Success page. Click Done. The sign-in completes.

What's next?

Once you are registration is complete, your MFA will be enabled within 24-48 hours when you will be automatically prompted on your phone via the new app.  If you are interested in learning more about MFA, check out this Microsoft article.

Screenshots of the new MFA prompts. 

Adding a New Phone or a Secondary Device

It is considered a best practice to have another device with Authenticator. This device could be another phone or tablet. Having a second device configured protects you in the event your primary device is lost or damaged.

  1. Login to the Microsoft My Sign-Ins site.
  2. In the Security Info panel, click + Add Method.

  3. You are prompted to choose a method. Choose Authenticator app and click Add.

  4. Proceed with the registration at Step 3 in the section Setup.



Why my phone?

MFA is an authentication method that requires proving two things--a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with Authenticator and registered as a multi-factor authentication proof.)

I do not use a personal device for work at OCAD U and do not have an OCAD U mobile phone. 

The Microsoft Authenticator application is an industry standard form of protection that attaches your account to a device you own, providing a second factor of authentication to your password. It only exists to confirm your identity with something that is owned and accessed by you and you alone to ensure that it is you signing into your accountYou can also use Microsoft Authenticator to enable and use MFA for protecting personal accounts (e.g. Facebook and Gmail) in addition to your work account which is highly recommended.  

I do not feel comfortable with having an OCAD U application on my phone or access to my personal device. 

The Authenticator app is not owned or controlled by OCAD U. It is simply an application that verifies you are the one accessing your account at any given time and is utilized in this manner by many institutions globally.  

How do I know if my device will work with the application? 

The Authenticator app will always work on a device that is still supported by its manufacturer and is still receiving current operating system updates. It is a lightweight application (~144 MB) and downloadable from the app store for your device. t will work with smartphones and tablets running iOS (11.0 or higher) and Android (6.0 or higher). You can register multiple devices with Authenticator.

Does this mean I will need to pick up my device constantly throughout my work day? 

No. You only need to verify your identity once per work session by logging in to For instance, once in the morning and once in the afternoon.

If my device is lost or stolen does that mean I need to report it to OCAD U and that I can’t access my account? 

For your own protection, you would report the device stolen to police, your employer, and any other sites/services you are using MFA with so that the device can be removed from being associated with your account(s).  This would apply whether you are using MFA or not.  You would also consider using features provided by phone manufacturers to remotely wipe your device to protect your personal data. Learn more about how you can remotely wipe your device for Android or iOS. In order to continue your work, OCAD U IT would provide a bypass until such time as you receive a new device.

You can remove the lost device from your OCAD U account on the Microsoft My Sign-Ins site.

We strongly recommend that you add a secondary device to help prevent being locked out of your account if your phone is lost or not with you.

Are there any alternatives to using my device for MFA? 

Not at this time. Should you have concerns or questions regarding this please contact 

Note: MFA is mandated by the OCAD U executive and the Audit, Finance and Risk Committee (AFRC) as a requirement for all OCAD U employee accounts.  

Which services are MFA enabled? 

Currently Microsoft 365, and other Single Sign-On services including Canvas are enabled with MFA. VPN service for staff also requires MFA.

Why doesn't the Authenticator app prompt me when I sign in? 

  • Check the Notification Settings on the device and make sure it is turned on for Authenticator.
  • MFA prompts can take a few moments to appear on your device.
  • If the prompt disappears, try refreshing Authenticator by swiping down.

Why am I prompted again when I have already signed in to

Login to first to insure the authentication is recorded across other applications. 

Mail client (Android mail or Apple mail) stopped working after MFA is enabled.  What can I do?

Along with MFA service, legacy authentication clients including Android mail and older version of Apple mail are disabled for OCADU services.  Outlook app is the only fully supported app for OCADU users.



Authenticator says the Microsoft account doesn't exist. 

The image above is the login screen for personal accounts and will not recognize your OCADUid. A work or school account is required. See below to add a work or school account.

  1. Tap back until you are at the Accounts screen and tap Add Account.

  2. Tap Work or school account.

    If prompted allow access to the camera and scan the code displayed on your computer by pointing your camera at it. The scan registers and creates the account on your mobile phone.

  3. See step 8 in the procedure above.

Outlook app stopped sending and receiving

It is recommended that you remove and install Outlook app to sync with 365 when MFA is activated. 

Contact IT 


 Phone: 416-977-6000 x 277