Facebook

Multi-factor Authentication (MFA) is a security feature that requires a secondary form of verification before you can gain access to your account(s). Enabling MFA helps to prevent unauthorized access attempts to the applications and systems you use regularly.

About multi-factor authentication (MFA)

When it is enabled, it includes two forms of verification:

  • something you already know (for instance, a passphrase) and
  • something you have or own (for instance, a mobile device, hardware token, etc.).

As a result, if someone discovers your passphrase (in case of an account compromise) they are still unable to access your account since they are missing the other piece of the verification method (for instance, a mobile device, hardware token, etc.).

Who must use multi-factor authentication (MFA)?

With many applications now requiring multi-factor authentication, or if your account is at risk, IT Services may require you to register and use multi-factor authentication. 

While participation is not compulsory at this time for the majority of accounts, we encourage all Capilano University community members to contact IT Services and request that their Capilano University account be activated with multi-factor authentication.

Supported authentication options

  1. Mobile Device
    • Microsoft Authenticator App (Strongly recommended)
    • SMS text message (Requires cellular data) 
    • Receive a phone call
  2. Hardware Token (Currently not available for use by students)

Registering for multi-factor authentication

When you log into your Capilano University account, you may notice a dialogue box stating that “More information required” to keep your account secure.

If you do see this message, click Next and then proceed with setting up multi-factor authentication on your account.

Click on next when prompted for more information required

If you do NOT see the dialogue box shown above, you may begin the registration process so that multi-factor authentication is ready for when it is required for your account.

  1. Please visit: https://aka.ms/mfasetup and type in your full Capilano email address,
    Screen shot of Capilano University Sign-in prompt
  2. Enter your Capilano email address (2a) and password (2b) then click Sign in (2c).Schreenshot showing CapU login screen with username and password fields
  3. Once signed in you should see the following screen and you can now set up your Authentication method.
    Sreenshot for getting the Microsoft Authenticator

Select one of the following options for multi-factor authentication.

If you prefer to prove your identity by responding to push notifications from the Microsoft Authenticator app on your mobile device, do the following:

Download and install the Microsoft Authenticator app

Click Download now from the "Keep your account secure" screen. Follow the instructions to download the app or download the app directly from the Play Store or App Store.

To install the app on Android:

  1. Open the “Play Store” app, search for “Microsoft Authenticator” and click Install.
  2. Launch the Microsoft Authenticator app. Click I agree to the privacy statement.

    You also scan the Android QR code.
    Authenticator android QR code

To install the app on iOS:

  1. On your iOS device, open the App Store, search for Microsoft Authenticator
  2. Select Microsoft Authenticator from the search results and tap Get.
  3. The app should now be on your mobile device's home screen.

    You can also scan the Apple AR code.
    Authenticator apple QR code

Set up the Microsoft Authenticator app

  1. Click Next
    Screenshot showing how to download the Microsoft Authenticator app.
  2. Click Next when your computer screen prompts you to set up your account:
    Screenshot using MS authenticator to set up your account.
  3. On your mobile device, launch the Microsoft Authenticator app (3a), Click on Scan a QR code (3b) then select Only this time (3c) if prompted on your mobile device screen.
    Group of images showing Authenticator app set up for QR code
  4. With the Microsoft Authenticator app open on your mobile device, point the camera at the QR code presented on your computer screen (4a) then click Next (4b).

    Screenshot showing 5a QR code and 5b next button
  5. The Microsoft Authenticator app will send you a push notification on your mobile device requesting you to approve sign-in. Click Approve on your mobile device.
    Screenshot showing approve sign-in
  6. The Next button on your computer screen will become active once the system has successfully processed your approval. Click Next.
    Screenshot showing notification approved confirmation
  7. You may also confirm that you have successfully registered your mobile device for Multi-factor authentication by visiting your "My Sign-Ins" page on Microsoft.com.

    Note: If you are unable to access this link or do not see your device listed as registered, please contact IT Services.
    Screenshot of Microsoft Security info page showing Authenticator app confirmed.
  8. Congratulations, you have successfully registered your mobile device for MFA.
    Screenshot showing success message for App setup

If you prefer to prove your identity by receiving authentication codes via SMS text messaging on your mobile device, do the following:

(Note: We do not recommend using SMS text messages as the default MFA authentication method since they are less secure than the Microsoft authenticator app.)

  1. Click I want to set up a different method when your computer screen displays the windows seen below.
    Screenshot showing alternative method of keeping your account secure.
  2. Choose Phone from the dropdown menu (2a) and click Confirm (2b).
    Screenshots selecting phone as your alternative method.
  3. Enter your mobile phone number (3a), select Text me a code (3b), then click Next (3c).
    Screenshot showing phone number field and text option selected.
  4. You will receive a text message containing a 6-digit code (4a). Enter that code into the field (4b) and click Next (4c).

    (Note: Please open the received text message and enter the code provided in your text message, not the code shown as the text message's headline).

    Example screenshot of sms message with verification codeScreenshot showing 14b field to enter received code
  5. You have now configured your mobile device to receive authentication codes through SMS text messages. On the next windows, click Next and then Done.
    Screenshot of message shown when sms code is verified
    Screenshot confirming your phone has been added as a default sign-in method
  6. You may also confirm that you have successfully registered your phone (to receive authentication codes via text message) for multi-factor authentication by visiting your "My Sign-Ins" page on Microsoft.com.

    Note: If you are unable to access this link or do not see your device listed as registered, please contact IT Service.
    Screenshot of Microsoft Security info page showing phone confirmed.

If you prefer to verify your identity by receiving phone calls to your mobile device, do the following:

  1. Click I want to set up a different method when your computer screen displays the windows seen below:
    Screenshot showing alternative method of keeping your account secure.
  2. Enter your mobile phone number (2a), select Call me (2b), then click Next (2c).
    Screenshot showing 19a, b, c phone entry field and call me options
  3. You will receive a phone call on your mobile device which is similar to the one shown below. Answer the phone call and follow the prompts to complete the authentication process.
    Screenshot showing Microsoft calling
  4. Your mobile device will be registered with the system once you complete the steps outlined above.
    Screenshot showing called answered and registration successful
  5. You may also confirm that you have successfully registered your phone (to receive authentication codes via phone) for multi-factor authentication by visiting your "My Sign-Ins" page on Microsoft.com.

    Note: If you are unable to access this link or do not see your device listed as registered, please contact IT Service.
    Screenshot confirming your phone has been added as call sign-in method

These keychain-sized devices generate a 6-digit code that changes every 60 seconds. This code, together with your password, will be entered into a secondary prompt. If you require a hardware token, it must be set up and associated with your account by IT Services in advance. Please follow the steps below to request a keychain token:

  • Please have your manager submit a "Computing devices" equipment request in the AskIT Service Catalog, selecting the "Multi-Factor Authentication Token" option. Allow at least one week for your token to be prepared and made available for pick-up.
  • When you receive your hardware token, you must contact IT Services again so that it may be activated.

Contact

Have questions?

IT Services

IT Client Services
604 984 4952
Library Building, room LB101
AskIT@capilanou.ca

Ask IT Service Centre