Why am I being required to do MFA?
In an ongoing effort to better protect your information and your UT account, Utah Tech University will soon begin enrolling all students in Multi-Factor Authentication. You may be familiar with MFA with other financial or social media accounts that you have. It is a great security practice in helping individuals protect their accounts from unauthorized access. The way it works is that after you enter your password, you will be prompted to accept a Push on your mobile device. This helps ensure that only you have access to your account in case your password is somehow obtained by someone else. Make sure you only accept a MFA prompt if you are actually logging into your account.
In order to make MFA available for your account, you’ll need to enroll with a mobile device. You will need to use the Microsoft Authenticator app. If you don’t have a mobile device that can at least receive a text message or a phone call, then you’ll need to have a hardware token. Please stop by the IT Help Desk (HCC 2nd floor) to pick up a token if you need one.
This will be rolled out during March and April. A number of random accounts will be enrolled each day during the enrollment period. Once Microsoft’s MFA is enabled for your account (sometime in March or April), the next time you sign-in you will be prompted to enroll. Simply follow the on-screen instructions to enroll via the Microsoft Authenticator app or by phone.
If you have any difficulties or questions, please contact the IT Help Desk ([email protected], 435-879-4357).
What is MFA?
MFA is when you use something in addition to a password to authenticate to a system, usually your phone. MFA is a current best practice for protecting accounts from compromise. You’ve likely seen banks and other online services providing this functionality to better protect customer accounts. If you're currently using it, you likely interact with a Push notification, receive a text message with a number or code, or have to enter a one-time password (OTP) from an app such as Google Authenticator.
What methods are supported with Microsoft's MFA?
You’ll be able to authenticate via the Microsoft Authenticator mobile app (the easiest method), with another "authenticator" app such as Google Authenticator, by text message, by phone call, by email, or with a FIDO2 hardware token.
Who will be enrolled?
ALL employees and ALL current students will be enrolled. Starting Feb. 1st employees will be enrolled and students will start being enrolled on March 1st.
How will I know it's time?
A rolling migration will begin on March 1st for students. This means that we will turn it on for a certain number of students each day until it is enabled for everyone. Unfortunately, you won't know ahead of time which day your account will be enabled. The way you will know is that the next time you authenticate after having it enabled, it will prompt you to enroll.
Which method should I use?
We recommend using the Microsoft Authenticator app as it is the easiest to use and supports other features that we’ll be enabling in the future, such as password-less logins and an easier way to do password resets. The Microsoft Authenticator app is free and gives you the best experience for our UT systems. Other "authenticator" apps can be used to generate one-time passwords (OTPs) but the Microsoft app provides the most functionality. Make sure you download the official Microsoft app as there are a number of “authenticator” apps available for download. It's the one that looks like this .
What if I don't have a phone?
If you don't have a mobile device that supports the app, and you don't have a phone that can receive a text message or receive a phone call, then you can opt to use a hardware token that plugs into the computer. If you need a hardware token, please go to the IT Help Desk (HCC 2nd floor) and ask for one. You'll want to do this prior to March 1st.
What if I don't have access to any of my MFA methods?
If you don't have access to any of your methods, for example, you forgot your phone at home, you can contact the IT Help Desk, 435-879-4357, and they can give you a temporary code that is good for eight (8) hours.
Should I add another method?
It is recommended to set up at least one other method so you can still MFA if your default method isn't available. This KB article shows how to add other methods for MFA.
How do I configure a default method?
You can configure a default MFA method for convenience. This method will automatically be used when MFA is needed instead of prompting you which method to use every time. This KB article shows how to set a default method.
How do I use a hardware token to authenticate to UT systems?
If you want to use a hardware token, this KB article shows you how to use it to authenticate.
What does the enrollment process look like?