Multi-Factor Authentication Methods

Environment: Stfx Account holder that has been converted to the MFA Environment.

Solution: What Muli-Factor Authentication method is right for me? 

 

When will I need to use MFA

Microsoft 365 (M365) MFA VPN MFA 
  • Any time you access your Stfx Email
  • Accessing each Microsoft Applications, such as Onedrive, word, excel etc...
  • Other Services that use the Microsoft login
    • Qualtrics
    • TeamDynamics - Viewing secure knowledge base articles and submitting/viewing tickets at services@stfx.ca
    • Dupal Website Editing
    • MyLabApps
**Note Staff and Faculty will not need M365 verification while on campus with the exception of MyLabApps

 

  • VPN Access for On or off Campus access of Banner Admin Pages
  • Off campus access of Foritnet VPN for
    • Mapping Network drives
    • Accessing Smart Filter Reports
    • Stfx Printers (off campus only)

 

 

 

 

MFA Authentication Method Feature Summary

 

Method M365 MFA VPN MFA Req's Mobile Data/Wifi/SiM Notes
**Microsoft Authenticator App - Code Method    
  • Will not work with VPN MFA
  • Some o365 accounts have this configured on first login
  • Great option for Traveling with a device with no data or switched out Sim
**Microsoft Authenticator App - Notification  
  • Convenient method for authentication as there is no code transfer, notifications will pop up on your mobile device and you choose approve or deny
  • Does require mobile device to be connected to data or wifi
**FortiToken Authenticator App  
  • Can be set up for both M365 and VPN MFA
FortiToken Authenticator - push notification  
  • Can be used alternatively to typing in a code
  • Does not work with Microsoft365 MFA
  • Requires data or wifi connection
Phone (Call)  
  • Automated recording will call your phone and prompt you to press #
  • Office phones are not recommended as they are not accessible off campus
**Mobile Phone (SMS, Text message)  
  • Should be configured if possible on M365 as a backup method if not the primary
  • Does require mobile device to be connected to data or wifi
Hardware Token    
  • Requires a code to be inputted into your log in device from a token device
  • Visually impaired options available

No Mobile device?

If you do not have a mobile device you will need to have a hardware token. STFX employees can request a hardware token be assigned to them.  Students can select and purchase a token compatible to their requirements.  Hardware token users should setup a phone method as a backup. 

 

 

 

I am a frequent traveller

If you travel with your mobile device setting up an authenticator app is recommended method.  An authenticator apps works similar to a hardware token where a large number of codes are cycled through a timed based sequence.  There is no need to have wifi or data on your phone to use this option so it's a perfect fit for those who swap out their SIM cards when traveling.

If you do not travel with your mobile device and need access to StFX services while away you will need to request a token prior to traveling.

 

I use only Microsoft 365 Services

If you access email off campus through any application, you will need to complete authentication methods for Microsoft 365 MFA.  Having multiple methods configured for your Microsoft 365 access is essential to prevent access loss.  Microsoft 365 will allow for multiple options to be configure and you can choose which method is your default.  We recommend the following options be configured.  

  • Authenticator App - Code & Notification Setup
  • SMS Phone number

If you have a mobile device we recommend configuring the Microsoft Authenticator application.   Other authenticator applications can also be configured for your Microsoft 365 MFA options if you have an authenticator app you are presently using.

Setting up the Microsoft Authenticator App

 

I'm both a VPN & Microsoft 365 User?

Although many authenticator applications will work with Microsoft 365 MFA, the VPN MFA will only work with Fortitoken.   Those requiring access to both Office 365 MFA and VPN MFA can use an authenticator for each MFA system, or can use the FortiToken Authenticator for both. 

Option 1 - an Authenticator app for each

In this option you would set up the FortiToken Authenticator for your VPN MFA and the Microsoft Authenticator for VPN

 

Benefits Drawbacks
  • Easily distinguish what application is required when using the code method ie, o365 MFA you would open the Microsoft Authenticator App, for VPN MFA the FortiToken app
  • Have the option of using the Microsoft Authenticator push notifications for o365
  • Setup is if fairly intuitive
  • Have 2 applications required for MFA

Option #2 - Single Authenticator app

FortiToken is the only Authenticator App that will work on both O365 and VPN MFA.

Benefits Drawbacks
  • Single application for verified codes for both O365 MFA and VPN MFA
  • Multiple accounts listed (entry for Microsoft 365 & VPN )  potential for putting in the wrong code
  • Will need to type in the code each time you are prompted for MFA

 

   

What is the difference between a verified code & push notification

 

A code verification will produce a code either in your authentication application or via text to be transferred into the system you are logging into. A push notification will prompt you on your mobile device to approve the sign in request.  Once approve is selected your login will continue.

 

 

 

Details

Article ID: 89260
Created
Thu 12/19/19 11:15 AM
Modified
Thu 9/30/21 11:44 AM