Multi-Factor Authentication (MFA)
The University use Multi-Factor Authentication for a large range of services to provide an additional level of security (also known as Two-Factor Authentication). It provides you with two 'factors' that are needed to access a system (as opposed to a single factor in your password): something you know (such as a password) and something you have (such as a device).
We are rolling our MFA to a larger number of services and therefore require all staff and students to have MFA setup.
| Note: if you already use Microsoft Authenticator to access University Services such as Oracle HCM, MIRA or Worktribe then you are already setup and ready to go |
How do I get it?
- The recommended solution is to register for the Microsoft MFA service using your Smartphone, to setup MFA you need to login at the following address using your university credentials (e.g. abcd12@durham.ac.uk) https://aka.ms/mfasetup and follow this video guide.
- If you do not have a supported Smartphone, you should contact the IT Service Desk to discuss your options. Please request this through the IT Self-Service Portal here.
How do I use it?
For details on how to use the Multi-Factor Authentication service please click on the relevant link, when using:
How do I change device (Smartphone)
- If you have setup the Smartphone Authenticator App, please follow this User Guide when changing devices, to avoid getting locked out.
- If you have already deleted the Authenticator App, or no longer have your old Device, please contact the IT Service Desk via Phone (+44)0191 334 1515 - Mon-Friday 8am-8pm)
- If you have any further general queries on using this service, please reach out to the IT Service Desk.
How do I know what authentication methods I am using and can I edit or delete them?
- Navigating to the My Sign-Ins page will display the methods you are using to sign in to your account or reset your password. You can also edit and/or delete authentication methods from this page.
Which applications use MFA
An increasing number of University IT services will be protected using MFA, for example:
- Mira
- Parallels
- Office365
- Power BI
- Dynamics 365
- PowerApps
- K2
- Banner 9
- Blackboard Ultra
- OPAS-G2
- Oracle Fusion
- Talis
- TerminalFour
- UnionCloud
- Vevox
- Worktribe
- Zoom
Frequently Asked Questions
If you don’t have a phone, or the model of phone you have is not compatible with the Authenticator app, please contact the Service Desk and we will be able to advise on alternatives
Yes, we can arrange for delivery to your preferred location and can discuss this with you when you make the request
Please log this with the IT Service Desk as soon as possible and we will be able to assist
If you replace the device you use for MFA please follow the guidance here to set up your new device
The authenticator app will continue to be able to generate access codes with no connectivity, so if you think this will be an issue you may wish to change your default sign-in method to use a six-digit code rather than the on-screen notification. This default sign-in method can be set here
Our recommendation is that the app is set up with the on-screen notification. However, if you would like to change the default sign-in method for your authenticator app, this can be changed here
If you use a managed Windows device you will not be prompted for MFA to access your emails or calendar via the Outlook app
If you use a managed Windows device you will not be prompted for MFA to use Teams. However, if you are using another operating system, or any form of non-managed device then you will be prompted for MFA
Yes, Parallels is on the list of systems that will shortly require MFA, we expect to start rolling this out W/C 14th December.
The user experience is dictated by the device you are using, not the location. If you are using a managed Windows device for example, you will be prompted only for cloud/web-based applications either on or off the University network. If you are using an unmanaged/BYOD device you will be prompted for MFA for more applications, regardless of whether you are within our outside the University network
Yes, as above, if you are using Access VPN on a managed Windows device you will be prompted only for cloud/web-based applications, either on or off the University network. If you are using an unmanaged/BYOD device you will be prompted for MFA for more applications
Authentication using MFA is separate process for each service you access, so you will be prompted multiple times if you use more than one service. Authenticating to a Microsoft365 application will allow you to use another M365 application without a further prompt for MFA however
Yes, the individual experience will vary via depending on the type of device, setup and operating system
No, if you already use Microsoft Authenticator to access University Services such as Oracle HCM, MIRA or Worktribe then you are already setup and ready to go
Call the IT Service Desk and to have your MFA session reset, you will then need to navigate to aka.ms/mfasteup to complete the setup.
Call the IT Service Desk and to have your MFA session reset, you will then need to navigate to aka.ms/mfasteup to complete the setup.
Call the IT Service Desk and to have your MFA session reset, you will then need to navigate to aka.ms/mfasteup to complete the setup.
From a laptop or desktop computer navigate to aka.ms/mfasetup and follow the guidance given in the "How do I get it" section above.
On your mobile device press Back or the back icon then press Refresh, you should now receive the notification.
Sign out of Outlook and sign back in, you will be prompted for approval in the Authenticator App.
