Multi-factor Authentication (MFA)
  • 03 Apr 2020
  • 4 Minutes To Read
  • Print
  • Dark
    Light

Multi-factor Authentication (MFA)

  • Print
  • Dark
    Light

Microsoft's Multi-factor Authentication

Microsoft’s Multi-factor Authentication (MFA) is a method of providing advanced security to verify your identity, when you access state resources from outside of our network. With MFA, you prove who you are by responding to a phone call, a text message notification, or via a physical token, to confirm your identity before you complete your login.

To use MFA, you first need to choose how you would like to respond to MFA requests when logging in.  

Phone

There are 3 options using a phone: 

  • Receive a phone call that asks you to push a button on your phone
  • Receive a text message with a code that you will need to type into the authentication prompt
  • RECOMMENDED: Use an app on your phone. After setup, this will be the quickest and easiest option

Physical device

If a phone is not an option, there is a physical device option which is similar to the old RSA tokens.  If you were provided a physical token, no setup is required.  When prompted, just copy the code from the token into the computer.  


The best practice is to have at least two methods of MFA.  You can use any combination of methods outlined in this document. You will also need to be on or connected to the state network.  If you are not, please read how to get connected without MFA.


Demonstration Video - How to Install and Configure MFA

https://web.microsoftstream.com/video/83f6ca37-5008-4de8-b1f5-6424d56853a1


Setting up MFA to Confirm with a Phone Call


Go to https://aka.ms/mfasetup on your computer, enter your email address and password when prompted.
If you get the “Windows Security” box enter your email in the top box and your computer password in the bottom box.


Click “Next” on the screen that shows “More information required”



Click the link that says “I want to set up a different method


Choose “Phone” from the dropdown and click “Confirm”


Click the circle next to “Call me” then click on the “Select your country or region” box and choose “United States +1” then fill out your full phone number with area code.


You will receive a call to the number indicated, answer the call and hit the # key when you are asked to on the call. Choose “Done” once the screen shows “Success!”



MFA is now ready to use!    

If you would like to add additional numbers or methods you can click the “+ Add method” button to add another way to confirm, such as text or with a Smartphone application.


 

Setting up MFA to Confirm with a Text Message

Go to https://aka.ms/mfasetup on your computer, enter your email address and password when prompted.
If you get the “Windows Security” box enter your email in the top box and your computer password in the bottom box.


Click “Next” on the screen that shows “More information required”


Click the link that says “I want to set up a different method” then choose “Phone” from the dropdown and click “Confirm”


Click the circle next to “Text me a code” then click on the “Select your country or region” box and choose “United States +1” then fill out your full phone number with area code.


You will receive a text message to the number indicated, enter into the website on the computer and choose Next.
Click “Next” again the screen that shows SMS verified.
Click Done on the screen that says “Success!



MFA is now ready to use! 

If you would like to add additional numbers or methods you can click the “+ Add method” button to add another way to confirm, such as phone call or with a Smartphone application. 


 

  Setting up MFA to Confirm with the Authenticator App (RECOMMENDED)

Go to https://aka.ms/mfasetup on your computer, enter your email address and password when prompted.
If you get the “Windows Security” box enter your email in the top box and your computer password in the bottom box.



Click “Next” on the screen that shows “More information required”

On the cell phone you want to use for verification you will have to download the “Authenticator” app.
On iPhone go to the App Store and download Microsoft Authenticator.
On Android go to the Play Store to download Microsoft Authenticator.
If you currently have state email access on the phone you will likely already have this application on your phone.

Open the Authenticator app, click “OK” on the screen with info about the app. 

Tap “Allow” when prompted to allow notifications, tap skip at the bottom until you get to the “Ready to add your first account?” screen.


On the computer click “Next” on the next 2 screens.




Once you have a QR code showing on the computer tap the “+” or “…” then “add account” on the top right of the Authenticator app on the phone. Choose “Work or school account” and then tap “OK” or “Allow” when asked to access the camera. Point the camera at the QR code on the computer screen.



On the computer choose “Next” you will then get a notification to your phone. Tap “Approve” on the notification.



Click Next.

MFA is now ready to use! 

If you would like to add additional numbers or methods you can click the “+ Add method” button to add another way to confirm, such as text or voice call. 




FAQ: 

Error message:    

You are not allowed to sign in. Please contact your administrator.     ---  FIX:   OIT needs to add your account to the VPN-Full-Access group.





Was This Article Helpful?