Target audience: All McGill faculty, staff, and students. McGill retirees and alumni who elect to protect their McGill accounts with 2FA.
Two Factor Authentication (2FA) is required for all McGill faculty, staff, and student accounts, and optional but recommended for retirees and alumni. 2FA helps confirm that you are the person who is logging in to your account by verifying your identity using two methods, or factors, of authentication. It is an important method of protecting your personal information and protecting McGill from online security threats.
You will be required to verify your identity using 2FA when logging in to Office 365 and many other McGill web-based applications when off-campus.
In this article:
Before you begin
- If you are a retiree or alumni, please read the Voluntary enrolment in 2FA section.
- Set aside 10-15 minutes during business hours in case you need Service Desk support.
- Make sure you have both your mobile device and your computer. If you only have you mobile device, you can follow these instructions from Microsoft.
- Download Microsoft Authenticator on your mobile device. If you don’t have a mobile device, download and install Authy on your computer.
Primary Authentication Method: Microsoft Authenticator step-by-step instructions
Microsoft has updated its settings and prompts users to sign in by using the most secure method of authentication.
For users who have opted for various methods of authentication, including Microsoft Authenticator, the system will now prioritize the Microsoft Authenticator app by default. Users can still choose to authenticate using a different method, but will be prompted to try the most secured method first. It is recommended to download and setup the Microsoft Authenticator app to your mobile device.
These instructions are for Microsoft Authenticator only. While this is the preferred method of authentication, you may choose an alternate authenticator app, Authy or Google Authenticator app. For detailed instructions on configuring Authy as an authentication method, see the article Manage my 2FA account with Authy. Limited instructions for the other methods are included in the Secondary Methods section below.
Note: The screenshots in these instructions were compiled on an IOS device; your screens may look slightly different. If your experience is very different, please leave a comment at the bottom of the article, including your chosen verification method and device type (iOS or Android), and we will revise the steps as needed.
- If you have not already done so, download and install Microsoft Authenticator on your IOS or Android device.
- On your desktop, go to office.com. If you are not prompted to set up 2FA, go to https://mysignins.microsoft.com/security-info via your desktop. Sign in with your McGill username and password if prompted to do so.
- A message should appear stating More Information Required. Click Next.
NOTE: If you do not see this message, you may have already enabled 2FA. See View and modify 2fa and SSPR account setup.
- Click Add method.
- From the drop-down menu, click Authenticator App and click Next. You will be prompted to download the Microsoft Authenticator app. As you have already done so, click Next once more.
- Open the Microsoft Authenticator app on your mobile device. Select Add account, Work or school account, and finally Scan QR code.
- Click OK or Allow on the permissions screens for camera access, information access, and notifications.
- Click Next on your computer. A QR code will appear on the computer screen. Hold up your phone to the screen to scan the QR code.
- If the scan was successful, you will now see your McGill username in the Authenticator app on your mobile device. If the QR code was not successfully scanned, click Can’t scan image? on your computer and follow the prompts.
- Microsoft 365 will now send a notification to the Authenticator app on your mobile device. When you see the notification, click Approve.
- Your computer will display a success message informing you that you have successfully set up Microsoft Authenticator.
- Click Next on your computer.
How to authenticate using the Microsoft Authenticator app
Once you have downloaded and set up the Microsoft Authenticator app on your mobile device, whenever you are accessing one of McGill's applications, you will need to authenticate using this app.
- When signing into one of McGill's applications, if prompted, enter your McGill username and password.
- You will then receive a time sensitive code.
- On your mobile device, open the Microsoft Authenticator app. A window will pop up (see example below), match the time sensitive code that was provided on your browser/desktop into the app. You will also notice the following details in the 2FA prompt:
- Account: This tells you which account is triggering your 2FA authentication prompt
- App: This tells you which McGill application or service is triggering your 2FA authentication prompt, so you have an extra way to verify if it's a legitimate request.
- Location: This shows the general geographic location of the network where the 2FA request is coming from and helps to determine if it is legitimate by providing a visual cue. Note: this is an approximate location based on the IP address your device is using and the location might reflect the network you're connected to, and not your physical location.
- After entering the code in the app, click Yes from your mobile device.
- Once the authentication has been approved, go back to your browser/desktop and a window will pop-up asking you to "stay signed-in?", click Yes.
Secondary Authentication Method
You will now set up a secondary method of authentication, which can be used in case your primary method is unavailable or malfunctioning, and for Self-Service Password Reset (SSPR).
Email and security questions can only be used for Self-Service Password Reset (SSPR) and not for routine authentication.
- To set up your secondary method of authentication, select Text me a Code, Call me, or I want to set up a different method.
- Follow the prompts on your computer to set up your selected method. If you select text, call, or email, Microsoft 365 will send a code via your selected method, which must be entered on the desktop. If you select Security Questions, you will be prompted to select 5 security questions from a pre-determined dropdown list of questions and to input your responses. For detailed instructions on configuring Authy as an authentication method, see the article Manage my 2FA account with Authy.
- Once the setup is complete you will see a success screen with a confirmation of your selections. Click Done to exit 2FA setup.
Verify your 2FA setup
- Sign in to Office 365 with your McGill username and password.
- You will be prompted to Approve Sign-in request or to authenticate via your preferred method. Approve the request or authenticate via your preferred method. You have successfully set up 2FA.
- Using your mobile device, turn off wi-fi to disconnect from the McGill wi-fi network. (This is necessary as 2FA is not required when you are connected to the McGill wi-fi network. Your setup can only be verified if connecting from another network.)
- On your mobile device, sign in to Office 365 using your McGill username and password.
- You will be prompted to authenticate via your preferred method. If so, you have successfully set up 2FA.
Making changes to your 2FA setup
See this article for detailed instructions on updating or changing your 2FA settings.
For immediate assistance, log in to the IT Support site and start a live text chat with an IT Service Desk agent during regular business hours. Alternatively, refer to the full list of 2FA and SSPR FAQs or submit a request for 2FA support and assistance. For instructions on resetting your password, see the article Reset my McGill password with Self-Service Password Reset (SSPR).
Voluntary enrolment in 2FA
While all McGill staff and students are required to protect their accounts with 2FA, retirees and alumni may also choose to enroll. Follow these steps to enroll yourself in 2FA before completing the set-up procedure detailed above.
- Sign out of all Microsoft 365 online applications.
- Enroll in 2FA by completing the form at https://www.mcgill.ca/cybersafe/enroll-2fa
- After a few minutes, your account will be enabled for 2FA. Complete the set up by following the steps outlined above.
Please note: Once you are enrolled into two-factor authentication (2FA) you will not be able to opt-out and revert back to Non-2FA. However you can change the method of 2FA you use.