Multi-factor authentication (MFA)
What is MFA?
Multi-Factor Authentication (MFA) is an additional service in the authentication process. It validates the identity of the user accessing online systems and applications. MFA works on these principles: what the user knows (their password), what the user has (their smartphone or a physical device that generates one-time passwords), what the user is (e.g., their fingerprint or iris).
Instructions to set up MFA
Confirm MFA enrollment
To confirm you’re enrolled, please visit the MFA Portal. If you are not enrolled, the system will ask you to enrol your mobile device.
MFA and VPN access
If you do not connect to VPN, this change does not apply to you. However, the academic/research community will be required to use MFA without exception starting in the fall, so we recommend you enrol today to provide your accounts and resources with added security now.
Please note this change applies to those who connect to the University’s VPN services. Since retired staff cannot access VPN, they are not required to enrol in MFA.
Once you enrol, you will be required to authenticate using MFA the next time you login to VPN. For all MFA-enabled web applications (e.g.: BrightSpace, uoCampus, Microsoft 365), MFA will be activated within 24 hours.
Compatible devices for MFA
In order to authenticate via MFA, you will need to install the Microsoft Authenticator mobile app. It can only be installed on iOS and Android mobile devices (phones and/or tablets). Your privacy is of the utmost importance to us. The mobile app does not track your location, nor does it provide the University with any personal information about you or your devices.
If you do not own a compatible device for MFA, you may request a physical token by submitting a Service Desk request. A physical token is a small device that generates and displays a passcode for users to authenticate on MFA. When you submit a request for a token, it will be configured for you and you will be contacted to arrange procurement. Tokens can be either picked up at 110 Séraphin-Marion on the uOttawa campus at a scheduled time or shipped Canada-wide (shipping times subject to courier).
MFA uses the Microsoft Authenticator mobile app on your iOS or Android device or a physical token to authenticate. You can proceed to use VPN or login to web applications with MFA without issue on Windows, Mac or Linux.
We strongly recommend enrolling more than one device, as this will ensure you always have a backup. The MFA portal allows up to five devices to be enrolled. If you encounter issues, please open a Service Desk request.
Methods used for MFA
For security reasons, MFA (also called 2-factor authentication) requires a minimum of two of the following:
Something you know (e.g.: your password)
Something you have (e.g.: your Microsoft Authenticator mobile app or physical token)
Something you are (e.g.: fingerprint, face, eye, or another biometric scan)
Other means like email or even phone/SMS are inherently insecure and not sufficient for MFA, hence these methods are not used.
Authenticating via MFA
There is no difference between authenticating through a notification and a verification code, it is based on your preference. A notification will appear on your mobile device in real-time when you are required to authenticate on MFA. If you use a verification code, you will have to open the mobile app and enter the code from the app every time you log in to VPN or an MFA-enabled system.
However, if you do not have Wi-Fi or cellular access, a 6-digit verification code can be generated on the Microsoft Authenticator mobile app. You can open the app, tap on “University of Ottawa”, and enter the code the authenticate. When authenticating on MFA to log in to VPN, you will need to wait 60 seconds before you are prompted to enter a code.