Multi-Factor Authentication

Multi-step verification is a method of authentication that requires more than one verification method.  This adds a critical second layer of security when users sign-in to their St. Thomas Office 365 account.  It does this by requiring more than one method of verifiying that it is really you logging into the account.

How it works:  It works by requiring both of the following verification methods to access your account:

  • Something you know (your St. Thomas username and password)
  • Something you have (a trusted device that is not easily duplicated, like a phone.

 

 

Simply put, MFA is a way of verifying that people logging into our systems are indeed the people we think they are.  In these times when malicious and phishing email attacks are a daily occurrence, MFA provides a way to limit the impact of these attacks and help ensure that only authorized people are accessing our systems. Through our existing licensing, we have access to the Microsoft MFA solution. This helps us to protect not only our email, but all of our data and applications connected to Office365.
 
We are currently enabling MFA for all users considered to be at high risk including those with access to red data, access to Banner, and who handle highly confidential communications for the university. 

 

Getting Started

Pre-Requisites

In order to use multi-factor authentication with your St. Thomas account, you will need to ensure the following pre-requisites are met:

  • Office 2016 is installed on your computer
  • You have a phone that can receive SMS texts and/or download apps
  • You are at a computer and have internet access
  • You have any additional tablets or mobile devices you use to access Office 365
  • Multi-factor has been enabled on the back end by ITS.

Setup Multi-Factor Authentication

First, verify that you meet the pre-requisites above. Then, you will need your smartphone, computer, and internet access to complete the setup.

 

1. Select Your Multi-Factor Verification Option

When a user signs in, an additional verification request is sent to the user. The following are a list of methods that can be used for this second type of verification.

ITS recommends the Mobile App notification method.

Verification methodDescription
Phone call A call is placed to a user’s phone asking them to verify that they are signing in. Press the # key to complete the verification process. This option is configurable and can be changed to a code that you specify.
Text message A text message is sent to a user’s smart phone with a 6-digit code. Enter this code in to complete the verification process.
Mobile app notification A verification request is sent to a user’s smart phone asking them complete the verification by selecting Verify/Approve from the mobile app. This occurs if app notification is the primary verification method. If they receive this notification when they are not signing in, they can report it as fraud.
Verification code with mobile app The mobile app on a user’s device generates a verification code. This occurs if you selected a verification code as your primary verification method.

 

Detailed step-by-step MFA instructions with screen shots PDF - MFA Instructions


2. Download the Microsoft Authenticator App on your Smart Phone

Save

Save

iPhone

  1. Go to App Store
  2. Search for Microsoft Authenticator
  3. Tap on the Microsoft Authenticator app to download
  4. Click "Get" to begin installation
  5. Once the app is installed, click on Open.
  6. Tap Allow on the “Authenticator would like to send you notifications screen"
  7. On the Accounts screen, tap ADD ACCOUNT
  8. Under “What kind of account are you adding?”  Select Work or school account.
  9. A pop up box will appear asking, “Authenticator” Would Like to Access the Camera?”
  10. Tap OK (You will need to take a picture of the QR code found in the next step of setup instructions).
  11. Your camera will turn on and is ready to record the QR code. Set your phone down temporarily and go to your computer. 

Android

  1. Go to Apps, select Play Store
  2. Search for Microsoft Authenticator
  3. Click Install
  4. Once the app is installed, click on Open.
  5. On the Accounts screen, click on ADD ACCOUNT
  6. Under “What kind of account are you adding?”  Select Work or school account.
  7. A pop up box will appear asking, “Allow Authenticator to take pictures and record video?”
  8. Tap ALLOW(You will need to take a picture of the QR code found in the next step of setup instructions).
  9. Your camera will turn on and is ready to record the QR code. Set your phone down temporarily and go to your computer. 

 

3. Setup in Office 365

Complete the remainder of the setup process in Office 365 at a computer.  You will also need your phone near you for the following steps. 

Setup Multi-Factor Authentication in Office 365

  1. Go to office365.stthomas.edu
  2. Sign into Office 365 on your computer with your St. Thomas account & password. Click on the blue box under your name that says “Set it up now
  3. In the drop down box next to Step 1:  How should we contact you? choose Mobile App
  4. Next to How do you want to use the mobile app?  Choose “Receive notifications for verification”.
  5. Click on Set up.
  6. You will see the Configure mobile app dialog box on your computer.  (You should already have the app installed on your smartphone).  On your smartphone open the Authenticator app
  7. Scan the QR image displayed in your browser (like the one shown below).
  8. Once you have successfully scanned the image, your account will be added automatically to the Authenticator app on your phone, and it will display a six-digit code.
  9. On your computer, Choose Contact Me in your browser on the Office 365page.
  10. Next you will verify that Office 365 can reach your smart phone.
  11. You should receive a push notification on your phone. Tap Approve/ Verify (Android/iPhone)
  12. On your computer you will next see the follow screen.  O365 sets up an initial app password for you to use with other applications so these other apps can connect to your Office 365 account.  If you're using other apps like Outlook on your smart phone, you'll need to create an app password so these other apps can connect to your Office 365 account.
  13. Go to your smart phone and open up your default email account.   You will need to change your password to the app password provided by Office 365 (like the one shown on the screenshot above).
  14. Your smart phone should now be able to access Office 365. Go to your computer, click Done in your browser.

You are now set up to use Multi-Factor Authentication on Office 365 and on your smartphone default email application.

 

Frequently Asked Questions

How To Create an App Password

You will need to use the App Password for accessing email on your smartphone so that the app can connect with your St. Thomas account. If you are a MAC user you will need to enter the App Password to access the Outlook email client on your MAC (iPad, Laptop, Desktop). 

Note: While you will still need to verify your account if you login from a web browser, you will not need a specific app password to do so. 

  1. Sign into Office 365 using your St. Thomas password on your computer.
  2. You will receive a push notification to your smartphone to verify that it is you signing into your O365.  Tap Approve/Verify (Android/iPhone).
  3. On the main O365 sign in page (on your computer)
  4. Once you have successfully logged in click on Office 365> Choose Settings  > Under “Your app settings” select > Office 365.
  5. Choose Security & Privacy > Additional security verification > Update your phone numbers used for Account security.
  6. At the top of the page, choose app passwords.
  7. Choose create to get an app password.
  8. If you want to copy the password, choose copy password to clipboard.  Note:  You will not be able to see this password again once you leave this page.  You can always create a new app password if you need one.
  9. For accessing email on your smart phone - go to your smart phone and open up your default email account.   When prompted to enter a password, enter the app password in the password box.  

How To Change Your Notification Preferences

If you want to change how you receive your verification through Office 365, there are several options you can choose from:

  • Calling your authentication phone
  • Text a code to your authentication phone
  • Notify you through a push notification on the Microsoft Authenticator app
  • Enter a code from the App

 Instructions:

  1. On a computer, go to office365.stthomas.edu
  2. Sign in to Office 365 with your username@stthomas.edu and your associated password.
  3. Click on Office 365> Choose Settings
  4. Under “Your app settings,” select > Office 365.
  5. Choose Security & Privacy > Additional security verification > Choose Update my phone numbers used for account security.
  6. The following page will display: Choose how you want to get your verification from Office 365
  7. Simply follow the prompts on the page.
  8. Save

 

 


Additional Resources

Need more help? Microsoft's website provides great resources and training information on using Multi-Factor Authentication for your account. Please visit Microsoft's website for their Guide on Multi-factor Authentication for an overview, getting started, how-to's, troubleshooting, and more FAQs.