Two-Factor Authentication (2FA): Setup Instructions


 

OVERVIEW

Identity and Access Management article

Target audience: All McGill faculty, staff, students, retirees, and alumni. McGill retirees and alumni can elect to protect their McGill accounts with 2FA.

Two Factor Authentication (2FA) is required for all McGill faculty, staff, and student accounts. It is also currently required for any retirees or alumni whose account has been locked for security reasons. In the near future, 2FA will be required to access any McGill servicesfor all user accounts that access McGill services.

 2FA helps confirm that you are the person who is logging in to your account by verifying your identity using two methods, or factors, of authentication. It is an important way to protect your personal information and McGill from online security threats.

You must verify your identity using 2FA when logging in to Office 365 and many other McGill web-based applications.

In this article:

Before you start

Before you start setting up 2FA:

Primary Authentication Method: Microsoft Authenticator step-by-step instructions

Note iconFor users who have opted for various authentication methods, including Microsoft Authenticator, the system prioritizes the Microsoft Authenticator app by default. Users can still authenticate using a different method but will be prompted to try the most secure method first. Downloading and setting up the Microsoft Authenticator app on your mobile device is recommended.

These instructions are for Microsoft Authenticator only. While this is the preferred authentication method, you may choose an alternate authenticator app, such as OneAuth or Google Authenticator. For detailed instructions on configuring OneAuth as an authentication method, see the article Manage my 2FA account with OneAuth. The Secondary Methods section below includes limited instructions for the other methods.

Note iconNote: The screenshots in these instructions were compiled on an IOS device; your screens may look slightly different. If your experience is very different, please leave a comment at the bottom of the article, including your chosen verification method and device type (iOS or Android), and we will revise the steps as needed.

To set up Microsoft Authenticator as your primary authentication method:

  1. Download and install Microsoft Authenticator on your IOS or Android device.
  2. On your desktop, go to https://mysignins.microsoft.com/security-info . Sign in with your McGill username and password if prompted to do so.
  3. If you see a popup saying "More Information Required" click Next.
    NOTE:     If you do not see this message, you may have already enabled 2FA. See View and modify 2fa and SSPR account setup.
    Computer screen showing the text "More information required"
  4. Click Add sign-in method.
  5. From the drop-down menu, click Authenticator App and click Next. You will be prompted to download the Microsoft Authenticator app. As you have already done so, click Next once more.
    screenshot of prompt to download the app
  6. Open the Microsoft Authenticator app on your mobile device. Select Add account, Work or school account, and finally, Scan QR code

    Mobile screen with button to scan QR code highlighted

  7. Click OK or Allow on the permissions screens for camera access, information access, and notifications. 

    Mobile screens promting you to allow camera access, allow data gathering, and allow notifications

  8. Click Next on your computer. A QR code will appear on the computer screen. Hold up your phone to the screen to scan the QR code.  

    The QR screen as displayed on your computer

  9. If the scan was successful, you will now see your McGill username in the Authenticator app on your mobile device. If the QR code was not successfully scanned, click Can’t scan image? on your computer and follow the prompts. 
  10. Microsoft 365 will now send a notification to the Authenticator app on your mobile device. When you see the notification, click Approve



  11. Your computer will display a success message informing you that you have successfully set up Microsoft Authenticator. Click Next

How to authenticate using the Microsoft Authenticator app

Once you have downloaded and set up the Microsoft Authenticator app on your mobile device, you will use this app before accessing one of McGill's applications.

To authenticate your identity:  

  1.  Sign in to one of McGill's applications using your McGill username and password. You will receive a time-sensitive code.
    Example: 

  2. On your mobile device, open the Microsoft Authenticator app. A window will pop up (see example below); enter the time-sensitive code from Step 1 on your mobile device, then click Yes. Take note of the following details in the 2FA prompt to help you verify that it's a legitimate request:
    • Account: This tells you which account is triggering your 2FA authentication prompt
    • App: This tells you which McGill application or service is triggering your 2FA authentication prompt.
    • Location: This shows the general geographic location of the network where the 2FA request is coming from. Note: This is an approximate location based on the IP address your device is using, and the location might reflect the network you're connected to, not your physical location.  
  3.  Once the authentication has been approved, go back to your browser/desktop, and a window will pop up asking you to "stay signed in?" and click Yes.

Secondary Authentication Method

A secondary authentication method can be used if your primary method is unavailable or malfunctioning and for Self-Service Password Reset (SSPR).

Note: Email and security questions can only be used for Self-Service Password Reset (SSPR) and not for 2FA authentication.

To set up a secondary method of 2FA authentication: 

  1. On your computer, select Text me a Code, Call me, or I want to set up a different method
  2. Follow the prompts on your computer to set up your selected method. If you select text, call, or email, Microsoft 365 will send a code via your selected method, which must be entered on the desktop. If you select Security Questions, you will be prompted to select 5 security questions from a pre-determined dropdown list of questions and to input your responses. For detailed instructions on configuring OneAuth as an authentication method, see the article Manage my 2FA account with OneAuth.
  3. Once the setup is complete, you will see a success screen confirming your selections. Click Done to exit the 2FA setup. 

Verify your 2FA setup

Off-campus:

  1. Sign in to Office 365 with your McGill username and password.
  2. You will be prompted to Approve Sign-in request or to authenticate via your preferred method. 

On-campus:

  1. Using your mobile device, turn off Wi-Fi to disconnect from the McGill Wi-Fi network. (This is necessary as 2FA is not required when connected to the McGill Wi-Fi network. Your setup can only be verified if connecting from another network.)
  2. On your mobile device, sign in to Office 365 using your McGill username and password.
  3. You will be prompted to authenticate via your preferred method. 

Making changes to your 2FA setup

See this article for detailed instructions on updating or changing your 2FA settings.

Troubleshooting

For immediate assistance, log in to the IT Support site and start a live text chat with an IT Service Desk agent during regular business hours. Alternatively, refer to the complete list of 2FA and SSPR  FAQs or submit a request for 2FA support and assistance. For instructions on resetting your password, see the article Reset my McGill password with Self-Service Password Reset (SSPR).

Voluntary enrolment in 2FA

McGill retirees and alumni are strongly encouraged to enroll to protect their account. However, if your account is locked for security reasons, you will be required to set up two‑factor authentication (2FA) as an extra protection step. 

While all McGill staff and students are required to protect their accounts with 2FA, retirees and alumni can choose to enroll. Follow these steps to enroll yourself in 2FA before completing the set-up procedure detailed above:

  1. Sign out of all Microsoft 365 online applications.
  2. Enroll in 2FA by completing the form at https://www.mcgill.ca/cybersafe/enroll-2fa
  3. After a few minutes, your account will be enabled for 2FA. Complete the setup by following the steps outlined above.

Please note: Once you are enrolled into two-factor authentication (2FA), you cannot opt out. However, you can change the method of 2FA you use.

references

ADDITIONAL REFERENCES: