OVERVIEW
Target audience: All McGill faculty, staff, and students. McGill retirees and alumni can elect to protect their McGill accounts with 2FA.
Two Factor Authentication (2FA) is required for all McGill faculty, staff, and student accounts and is optional but recommended for retirees and alumni. 2FA helps confirm that you are the person who is logging in to your account by verifying your identity using two methods, or factors, of authentication. It is an important way to protect your personal information and McGill from online security threats.
You must verify your identity using 2FA when logging in to Office 365 and many other McGill web-based applications when off-campus.
In this article:
Before you start
Before you start setting up 2FA:
- If you are a retiree or alumni, please read the Voluntary enrolment in 2FA section.
- Set aside 10-15 minutes during business hours if you need Service Desk support.
- Make sure you have both your mobile device and your computer. If you only have a mobile device, you can follow these instructions from Microsoft.
- Download Microsoft Authenticator on your mobile device. If you don’t have a mobile device, download and install OneAuth on your computer.
Primary Authentication Method: Microsoft Authenticator step-by-step instructions
Microsoft has updated its settings and prompts users to sign in using the most secure authentication method.
For users who have opted for various authentication methods, including Microsoft Authenticator, the system will now prioritize the Microsoft Authenticator app by default. Users can still authenticate using a different method but will be prompted to try the most secure method first. Downloading and setting up the Microsoft Authenticator app on your mobile device is recommended.
These instructions are for Microsoft Authenticator only. While this is the preferred authentication method, you may choose an alternate authenticator app, such as OneAuth or Google Authenticator. For detailed instructions on configuring OneAuth as an authentication method, see the article Manage my 2FA account with OneAuth. The Secondary Methods section below includes limited instructions for the other methods.
Note: The screenshots in these instructions were compiled on an IOS device; your screens may look slightly different. If your experience is very different, please leave a comment at the bottom of the article, including your chosen verification method and device type (iOS or Android), and we will revise the steps as needed.
To set up Microsoft Authenticator as your primary authentication method:
- Download and install Microsoft Authenticator on your IOS or Android device.
- On your desktop, go to office.com. If you are not prompted to set up 2FA, go to https://mysignins.microsoft.com/security-info via your desktop. Sign in with your McGill username and password if prompted to do so.
- A message should appear stating More Information Required. Click Next.
NOTE: If you do not see this message, you may have already enabled 2FA. See View and modify 2fa and SSPR account setup. - Click Add method.
- From the drop-down menu, click Authenticator App and click Next. You will be prompted to download the Microsoft Authenticator app. As you have already done so, click Next once more.
- Open the Microsoft Authenticator app on your mobile device. Select Add account, Work or school account, and finally, Scan QR code.
- Click OK or Allow on the permissions screens for camera access, information access, and notifications.
- Click Next on your computer. A QR code will appear on the computer screen. Hold up your phone to the screen to scan the QR code.
- If the scan was successful, you will now see your McGill username in the Authenticator app on your mobile device. If the QR code was not successfully scanned, click Can’t scan image? on your computer and follow the prompts.
- Microsoft 365 will now send a notification to the Authenticator app on your mobile device. When you see the notification, click Approve.
- Your computer will display a success message informing you that you have successfully set up Microsoft Authenticator. Click Next.
How to authenticate using the Microsoft Authenticator app
Once you have downloaded and set up the Microsoft Authenticator app on your mobile device, you will use this app before accessing one of McGill's applications.
To authenticate your identity:
- Sign in to one of McGill's applications using your McGill username and password. You will receive a time-sensitive code.
Example: - On your mobile device, open the Microsoft Authenticator app. A window will pop up (see example below); enter the time-sensitive code from Step 1 on your mobile device, then click Yes. Take note of the following details in the 2FA prompt to help you verify that it's a legitimate request:
- Account: This tells you which account is triggering your 2FA authentication prompt
- App: This tells you which McGill application or service is triggering your 2FA authentication prompt.
- Location: This shows the general geographic location of the network where the 2FA request is coming from. Note: This is an approximate location based on the IP address your device is using, and the location might reflect the network you're connected to, not your physical location.
- Once the authentication has been approved, go back to your browser/desktop, and a window will pop up asking you to "stay signed in?" and click Yes.
Secondary Authentication Method
A secondary authentication method can be used if your primary method is unavailable or malfunctioning and for Self-Service Password Reset (SSPR).
To set up a secondary method of authentication:
- On your computer, select Text me a Code, Call me, or I want to set up a different method.
- Follow the prompts on your computer to set up your selected method. If you select text, call, or email, Microsoft 365 will send a code via your selected method, which must be entered on the desktop. If you select Security Questions, you will be prompted to select 5 security questions from a pre-determined dropdown list of questions and to input your responses. For detailed instructions on configuring OneAuth as an authentication method, see the article Manage my 2FA account with OneAuth.
- Once the setup is complete, you will see a success screen confirming your selections. Click Done to exit the 2FA setup.
Verify your 2FA setup
Off-campus:
- Sign in to Office 365 with your McGill username and password.
- You will be prompted to Approve Sign-in request or to authenticate via your preferred method.
On-campus:
- Using your mobile device, turn off Wi-Fi to disconnect from the McGill Wi-Fi network. (This is necessary as 2FA is not required when connected to the McGill Wi-Fi network. Your setup can only be verified if connecting from another network.)
- On your mobile device, sign in to Office 365 using your McGill username and password.
- You will be prompted to authenticate via your preferred method.
Making changes to your 2FA setup
See this article for detailed instructions on updating or changing your 2FA settings.
Troubleshooting
For immediate assistance, log in to the IT Support site and start a live text chat with an IT Service Desk agent during regular business hours. Alternatively, refer to the complete list of 2FA and SSPR FAQs or submit a request for 2FA support and assistance. For instructions on resetting your password, see the article Reset my McGill password with Self-Service Password Reset (SSPR).
Voluntary enrolment in 2FA
While all McGill staff and students are required to protect their accounts with 2FA, retirees and alumni can choose to enroll. Follow these steps to enroll yourself in 2FA before completing the set-up procedure detailed above:
- Sign out of all Microsoft 365 online applications.
- Enroll in 2FA by completing the form at https://www.mcgill.ca/cybersafe/enroll-2fa
- After a few minutes, your account will be enabled for 2FA. Complete the setup by following the steps outlined above.
Please note: Once you are enrolled into two-factor authentication (2FA), you cannot opt out and revert back to Non-2FA. However, you can change the method of 2FA you use.
