Two-Factor Authentication (2FA): Setup Instructions


 

 

OVERVIEW

Identity and Access Management article

Target audience: All McGill faculty, staff, and students. McGill retirees and alumni who elect to protect their McGill accounts with 2FA.

Two Factor Authentication (2FA) is required for all McGill faculty, staff, and student accounts, and optional but recommended for retirees and alumni. 2FA helps confirm that you are the person who is logging in to your account by verifying your identity using two methods, or factors, of authentication. It is an important method of protecting your personal information and protecting McGill from online security threats.

You will be required to verify your identity using 2FA when logging in to Office 365 and many other McGill web-based applications when off-campus.

In this article:

Before you begin

Primary Authentication Method: Microsoft Authenticator step-by-step instructions

Note iconMicrosoft has updated its settings and prompts users to sign in by using the most secure method of authentication.

For users who have opted for various methods of authentication, including Microsoft Authenticator, the system will now prioritize the Microsoft Authenticator app by default. Users can still choose to authenticate using a different method, but will be prompted to try the most secured method first. It is recommended to download and setup the Microsoft Authenticator app to your mobile device.

These instructions are for Microsoft Authenticator only. While this is the preferred method of authentication, you may choose an alternate authenticator app, Authy or Google Authenticator app. For detailed instructions on configuring Authy as an authentication method, see the article Manage my 2FA account with Authy. Limited instructions for the other methods are included in the Secondary Methods section below.

Note iconNote: The screenshots in these instructions were compiled on an IOS device; your screens may look slightly different. If your experience is very different, please leave a comment at the bottom of the article, including your chosen verification method and device type (iOS or Android), and we will revise the steps as needed.

  1. If you have not already done so, download and install Microsoft Authenticator on your IOS or Android device.
  2. On your desktop, go to office.com. If you are not prompted to set up 2FA, go to https://mysignins.microsoft.com/security-info via your desktop. Sign in with your McGill username and password if prompted to do so.
  3.  A message should appear stating More Information Required. Click Next.
    NOTE:     If you do not see this message, you may have already enabled 2FA. See View and modify 2fa and SSPR account setup.
    Computer screen showing the text "More information required"
  4. Click Add method.
  5. From the drop-down menu, click Authenticator App and click Next. You will be prompted to download the Microsoft Authenticator app. As you have already done so, click Next once more.
    screenshot of prompt to download the app
  6. Open the Microsoft Authenticator app on your mobile device. Select Add account, Work or school account, and finally Scan QR code

    Mobile screen with button to scan QR code highlighted

  7. Click OK or Allow on the permissions screens for camera access, information access, and notifications. 

    Mobile screens promting you to allow camera access, allow data gathering, and allow notifications

  8. Click Next on your computer. A QR code will appear on the computer screen. Hold up your phone to the screen to scan the QR code.  

    The QR screen as displayed on your computer

  9. If the scan was successful, you will now see your McGill username in the Authenticator app on your mobile device. If the QR code was not successfully scanned, click Can’t scan image? on your computer and follow the prompts. 
  10. Microsoft 365 will now send a notification to the Authenticator app on your mobile device. When you see the notification, click Approve



  11. Your computer will display a success message informing you that you have successfully set up Microsoft Authenticator.
  12. Click Next on your computer. 

How to authenticate using the Microsoft Authenticator app

Once you have downloaded and set up the Microsoft Authenticator app on your mobile device, whenever you are accessing one of McGill's applications, you will need to authenticate using this app. 

  1.  When signing into one of McGill's applications, if prompted, enter your McGill username and password.
  2.  You will then receive a time sensitive code.
    Example: 

  3. On your mobile device, open the Microsoft Authenticator app. A window will pop up (see example below), match the time sensitive code that was provided on your browser/desktop into the app. You will also notice the following details in the 2FA prompt:
    • Account: This tells you which account is triggering your 2FA authentication prompt
    • App: This tells you which McGill application or service is triggering your 2FA authentication prompt, so you have an extra way to verify if it's a legitimate request.
    • Location: This shows the general geographic location of the network where the 2FA request is coming from and helps to determine if it is legitimate by providing a visual cue. Note: this is an approximate location based on the IP address your device is using and the location might reflect the network you're connected to, and not your physical location.  
  4.  After entering the code in the app, click Yes from your mobile device.
  5.  Once the authentication has been approved, go back to your browser/desktop and a window will pop-up asking you to "stay signed-in?", click Yes.

Secondary Authentication Method

You will now set up a secondary method of authentication, which can be used in case your primary method is unavailable or malfunctioning, and for Self-Service Password Reset (SSPR).

Note: Email and security questions can only be used for Self-Service Password Reset (SSPR) and not for routine authentication.
  1. To set up your secondary method of authentication, select Text me a Code, Call me, or I want to set up a different method
  2. Follow the prompts on your computer to set up your selected method. If you select text, call, or email, Microsoft 365 will send a code via your selected method, which must be entered on the desktop. If you select Security Questions, you will be prompted to select 5 security questions from a pre-determined dropdown list of questions and to input your responses. For detailed instructions on configuring Authy as an authentication method, see the article Manage my 2FA account with Authy.
  3. Once the setup is complete you will see a success screen with a confirmation of your selections. Click Done to exit 2FA setup. 

Verify your 2FA setup

Off-campus:

  1. Sign in to Office 365 with your McGill username and password.
  2. You will be prompted to Approve Sign-in request or to authenticate via your preferred method. Approve the request or authenticate via your preferred method. You have successfully set up 2FA.

On-campus:

  1. Using your mobile device, turn off wi-fi to disconnect from the McGill wi-fi network. (This is necessary as 2FA is not required when you are connected to the McGill wi-fi network. Your setup can only be verified if connecting from another network.)
  2. On your mobile device, sign in to Office 365 using your McGill username and password.
  3. You will be prompted to authenticate via your preferred method. If so, you have successfully set up 2FA.

Making changes to your 2FA setup

See this article for detailed instructions on updating or changing your 2FA settings.

Troubleshooting

For immediate assistance, log in to the IT Support site and start a live text chat with an IT Service Desk agent during regular business hours. Alternatively, refer to the full list of 2FA and SSPR  FAQs or submit a request for 2FA support and assistance. For instructions on resetting your password, see the article Reset my McGill password with Self-Service Password Reset (SSPR).

Voluntary enrolment in 2FA

While all McGill staff and students are required to protect their accounts with 2FA, retirees and alumni may also choose to enroll. Follow these steps to enroll yourself in 2FA before completing the set-up procedure detailed above.

  1. Sign out of all Microsoft 365 online applications.
  2. Enroll in 2FA by completing the form at https://www.mcgill.ca/cybersafe/enroll-2fa
  3. After a few minutes, your account will be enabled for 2FA. Complete the set up by following the steps outlined above.

Please note: Once you are enrolled into two-factor authentication (2FA) you will not be able to opt-out and revert back to Non-2FA. However you can change the method of 2FA you use.

references

ADDITIONAL REFERENCES: