Multi-factor Authentication (MFA)
Updated: 03 December 2020 10:25 AM
What is MFA?
MFA is a process where a user is prompted during the sign-in process for an additional form of identification, such as accepting a prompt or entering a code on a mobile phone. This adds a layer of security by relying on a device that only you have access to, your mobile phone.
The first step is to register with MFA service. You will need to to have access to both your computer and your mobile phone. Register by visiting the Microsoft My Sign-Ins site on your computer and follow the steps to complete the registration.
This process requires the installation of Microsoft Authenticator on your mobile phone (detailed below). Some users may already have Authenticator for other services outside of OCAD U. The process for new users and existing users of Authenticator are slightly different. Both are documented below. The video below shows the process for first-time users of Microsoft Authenticator.
Once you are registration is complete, your MFA will be enabled within 24-48 hours when you will be automatically prompted on your phone via the new app. If you are interested in learning more about MFA, check out this Microsoft article.
It is considered a best practice to have another device with Authenticator. This device could be another phone or tablet. Having a second device configured protects you in the event your primary device is lost or damaged.
Which services are MFA enabled?
Currently Microsoft 365, my.ocadu.ca and other Single Sign-On services including Canvas are enabled with MFA. VPN service for staff also requires MFA.
What devices can I use with MFA?
Our MFA solution uses Microsoft Authenticator for mobile devices. It will work with smartphones and tablets running iOS (11.0 or higher) and Android (6.0 or higher). You can register multiple devices with Authenticator.
What steps should I take if I lost my phone or can't locate my phone?
We strongly recommend that you add a secondary device to help prevent being locked out of your account if your phone is lost or not with you. If this option has not been configured, you can contact IT to reset the MFA setting on your account. After being reset, you can re-register for MFA the next time you sign in.
You can remove the lost device from your account on the Microsoft My Sign-Ins site.
Why doesn't the Authenticator app prompt me when I sign in?
Why am I prompted again when I have already signed in to 365.ocadu.ca?
Other OCADU services (e.g Canvas) also require MFA verification.
Mail client (Android mail or Apple mail) stopped working after MFA is enabled. What can I do?
Along with MFA service, legacy authentication clients including Android mail and older version of Apple mail are disabled for OCADU services. Outlook app is the only fully supported app for OCADU users.
The image above is the login screen for personal accounts and will not recognize your OCADUid. A work or school account is required. See below to add a work or school account.
It is recommended that you remove and install Outlook app to sync with 365 when MFA is activated.
Phone: 416-977-6000 x 277