Two-Factor Authentication (2FA): Setup Instructions



Identity and Access Management article

Target audience: All McGill faculty, staff, and students. McGill retirees and alumni can elect to protect their McGill accounts with 2FA.

Two Factor Authentication (2FA) is required for all McGill faculty, staff, and student accounts and is optional but recommended for retirees and alumni. 2FA helps confirm that you are the person who is logging in to your account by verifying your identity using two methods, or factors, of authentication. It is an important way to protect your personal information and McGill from online security threats.

You must verify your identity using 2FA when logging in to Office 365 and many other McGill web-based applications when off-campus.

In this article:

Before you start

Before you start setting up 2FA:

Primary Authentication Method: Microsoft Authenticator step-by-step instructions

Note iconMicrosoft has updated its settings and prompts users to sign in using the most secure authentication method.

For users who have opted for various authentication methods, including Microsoft Authenticator, the system will now prioritize the Microsoft Authenticator app by default. Users can still authenticate using a different method but will be prompted to try the most secure method first. Downloading and setting up the Microsoft Authenticator app on your mobile device is recommended.

These instructions are for Microsoft Authenticator only. While this is the preferred authentication method, you may choose an alternate authenticator app, such as OneAuth or Google Authenticator. For detailed instructions on configuring OneAuth as an authentication method, see the article Manage my 2FA account with OneAuth. The Secondary Methods section below includes limited instructions for the other methods.

Note iconNote: The screenshots in these instructions were compiled on an IOS device; your screens may look slightly different. If your experience is very different, please leave a comment at the bottom of the article, including your chosen verification method and device type (iOS or Android), and we will revise the steps as needed.

To set up Microsoft Authenticator as your primary authentication method:

  1. Download and install Microsoft Authenticator on your IOS or Android device.
  2. On your desktop, go to If you are not prompted to set up 2FA, go to via your desktop. Sign in with your McGill username and password if prompted to do so.
  3.  A message should appear stating More Information Required. Click Next.
    If you do not see this message, you may have already enabled 2FA. See View and modify 2fa and SSPR account setup.
    Computer screen showing the text "More information required"
  4. Click Add method.
  5. From the drop-down menu, click Authenticator App and click Next. You will be prompted to download the Microsoft Authenticator app. As you have already done so, click Next once more.
    screenshot of prompt to download the app
  6. Open the Microsoft Authenticator app on your mobile device. Select Add account, Work or school account, and finally, Scan QR code

    Mobile screen with button to scan QR code highlighted

  7. Click OK or Allow on the permissions screens for camera access, information access, and notifications. 

    Mobile screens promting you to allow camera access, allow data gathering, and allow notifications

  8. Click Next on your computer. A QR code will appear on the computer screen. Hold up your phone to the screen to scan the QR code.  

    The QR screen as displayed on your computer

  9. If the scan was successful, you will now see your McGill username in the Authenticator app on your mobile device. If the QR code was not successfully scanned, click Can’t scan image? on your computer and follow the prompts. 
  10. Microsoft 365 will now send a notification to the Authenticator app on your mobile device. When you see the notification, click Approve

  11. Your computer will display a success message informing you that you have successfully set up Microsoft Authenticator. Click Next

How to authenticate using the Microsoft Authenticator app

Once you have downloaded and set up the Microsoft Authenticator app on your mobile device, you will use this app before accessing one of McGill's applications.

To authenticate your identity:  

  1.  Sign in to one of McGill's applications using your McGill username and password. You will receive a time-sensitive code.

  2. On your mobile device, open the Microsoft Authenticator app. A window will pop up (see example below); enter the time-sensitive code from Step 1 on your mobile device, then click Yes. Take note of the following details in the 2FA prompt to help you verify that it's a legitimate request:
    • Account: This tells you which account is triggering your 2FA authentication prompt
    • App: This tells you which McGill application or service is triggering your 2FA authentication prompt.
    • Location: This shows the general geographic location of the network where the 2FA request is coming from. Note: This is an approximate location based on the IP address your device is using, and the location might reflect the network you're connected to, not your physical location.  
  3.  Once the authentication has been approved, go back to your browser/desktop, and a window will pop up asking you to "stay signed in?" and click Yes.

Secondary Authentication Method

A secondary authentication method can be used if your primary method is unavailable or malfunctioning and for Self-Service Password Reset (SSPR).

Note: Email and security questions can only be used for Self-Service Password Reset (SSPR) and not for routine authentication.

To set up a secondary method of authentication: 

  1. On your computer, select Text me a Code, Call me, or I want to set up a different method
  2. Follow the prompts on your computer to set up your selected method. If you select text, call, or email, Microsoft 365 will send a code via your selected method, which must be entered on the desktop. If you select Security Questions, you will be prompted to select 5 security questions from a pre-determined dropdown list of questions and to input your responses. For detailed instructions on configuring OneAuth as an authentication method, see the article Manage my 2FA account with OneAuth.
  3. Once the setup is complete, you will see a success screen confirming your selections. Click Done to exit the 2FA setup. 

Verify your 2FA setup


  1. Sign in to Office 365 with your McGill username and password.
  2. You will be prompted to Approve Sign-in request or to authenticate via your preferred method. 


  1. Using your mobile device, turn off Wi-Fi to disconnect from the McGill Wi-Fi network. (This is necessary as 2FA is not required when connected to the McGill Wi-Fi network. Your setup can only be verified if connecting from another network.)
  2. On your mobile device, sign in to Office 365 using your McGill username and password.
  3. You will be prompted to authenticate via your preferred method. 

Making changes to your 2FA setup

See this article for detailed instructions on updating or changing your 2FA settings.


For immediate assistance, log in to the IT Support site and start a live text chat with an IT Service Desk agent during regular business hours. Alternatively, refer to the complete list of 2FA and SSPR  FAQs or submit a request for 2FA support and assistance. For instructions on resetting your password, see the article Reset my McGill password with Self-Service Password Reset (SSPR).

Voluntary enrolment in 2FA

While all McGill staff and students are required to protect their accounts with 2FA, retirees and alumni can choose to enroll. Follow these steps to enroll yourself in 2FA before completing the set-up procedure detailed above:

  1. Sign out of all Microsoft 365 online applications.
  2. Enroll in 2FA by completing the form at
  3. After a few minutes, your account will be enabled for 2FA. Complete the setup by following the steps outlined above.

Please note: Once you are enrolled into two-factor authentication (2FA), you cannot opt out and revert back to Non-2FA. However, you can change the method of 2FA you use.