MFA -Multi-Factor Authentication

What is this service?

Multi-factor Authentication (MFA) is a simple way of protecting user information and data by requiring users to provide more than just their username and password when attempting to log in.  "Multi-factor" refers to using two or more independent items to verify your identity, typically:

  • something you know (i.e., your StFX username and password) and
  • something you have (i.e., a time-based passcode from your mobile device/hardware token).

This creates a layered defense, preventing further unauthorized access from your account if your password is compromised.

Why is it useful?

With use of skill full social engineering tactics, emails, texts, phone calls, etc many cyber criminals have been successful in tricking account owners into providing log in credentials.  With Multi Factor Authentication in place if someone managed to crack or steal your password but doesn’t have the device you associated with your profile, they won’t be allowed to log in, protecting your personal information and that of the university.

MFA for VPN

Aug 11th, 2021:   Multi-Factor Authentication (MFA) will be required to connect to university technology resources only available via VPN
 
 
All StFX faculty and staff who connect to the VPN using the FortiClient VPN software will be required to enroll and setup their account for VPN MFA.  
 
How does VPN MFA work? (an example)
You are working at home and you launch the FortiClient VPN software on your laptop to connect and run the Banner Admin Pages application.   With MFA you will be prompted, every time you connect to VPN, to enter a code that is displayed in the Fortitoken mobile phone app before you can securely connect to VPN and run Banner Admin Pages.   This is one example of MFA in action – displaying a code in an app on your phone ensures that your username and password was not just stolen and that you are who you say you are.
 
** If you have a mobile device, we encourage you to use the app, however, an alternative method to using the FortiToken app is a hardware token which displays a code you can enter in the FortiClient VPN.  
 
What do I need to do?
Soft Tokens (FortiToken Mobile App)

In order to connect to the VPN, you will need to:

• Ensure you are running the latest version of FortiClient (Version 6.4.6)
Download the FortiToken Mobile App from the App Store
• Use FortiToken Mobile App to either scan the QR code or enter the code directly (Codes are emailed to you upon registration).
• Upgrade the FortiClient VPN on your computer
• Restore the appropriate VPN configuration in the FortiClient VPN
• Connect to the VPN using your StFX credentials
• Enter the code from the FortiToken Mobile app when prompted.
 
Hard Tokens (FortiToken or YubiKey)
If you do not have a mobile device or require an alternative verification method, you may request a hardware token to be assigned to your account.  When you launch the VPN client, you will be prompted to enter the code displayed on the token.
 
• Request a Fortinet hardware token from IT Services.
Upgrade the FortiClient VPN on your computer
• Restore the appropriate VPN configuration in the FortiClient VPN
• Connect to the VPN using your StFX credentials
• Enter the code from the FortiToken Mobile app when prompted.

 

MFA for Microsoft Office 365

Microsoft offers three different ways you can use multi-factor authentication to prove your identity from your phone:

  1. Use the Microsoft Authenticator app. This app provides you with a one-time password (OTP) or a push notification. You can either use that device as a software token that provides OTP or you can use it as a push notification hub that will get notifications from the central multi-factor authentication service.
  2. Receive a phone call on your registered number. If you select this option, you’ll receive a call on either your mobile or landline phone and will be asked to press the pound sign (#) to confirm your identity.
  3. Receive a text message at your registered number. You’ll receive an OTP through a text message sent to your mobile. You then simply enter the OTP on the screen where you’re trying to log in.

You can either use one of these options or configure multiple options for multi-factor authentication

How do I request this service?

IT Services are being to roll out Multifactor by department.

Who can access this service

  • Faculty
  • Staff
  • Students
 
Request Support

Related Articles (4)

Instructions on how to setup Microsoft 365 Multi-Factor Authentication methods. StFX accounts will be prompted for Microsoft 365 Multi-Factor Authentication off campus when accessing email, office applications, including onedrive.
What you need to know about Multi-Factor Authentication. Commonly answered questions and answers.
An explanation of the different authentication methods that can be used for Multi-Factor Authentication
Setup instructions for FortiToken to use with StFX VPN for Multi Factor Authentication