Multi-Factor Authentication (MFA) User Guide

Introduction

What is Multi-Factor Authentication?

Multi-Factor authentication is a modern method of authentication that prevents unauthorised access, even if your password has been compromised.

It requires you to provide at least two pieces of information to identify yourself when logging into your account. The first being something that you know (your password) and the second being something you have (i.e. your mobile phone).

Multi-Factor Authentication is required for all employees.

What methods of multi-factor authentication are available?

There are currently three methods of authentication to choose from:

Microsoft Authenticator Notifications – This option sends a notification to your mobile phone when you log in. You can then choose to approve or deny the login accordingly. This method requires a wireless or mobile network signal.

Microsoft Authenticator PIN – The authenticator app generates a 6-digit verification code that updates every 30 seconds. You can use this code (in addition to your password) to log onto the system. This method is useful in areas where you have no wireless or mobile signal.

Phone Call – Microsoft will call your mobile or landline phone when you log in. You can then choose to approve or deny the login using the number pad.

When will I be prompted for Multi-Factor Authentication?

Multi-Factor authentication will be required to access the network when you are outside of the office. You will be prompted to authenticate once a day on each of your devices.

How do I log on if I don’t have my mobile?

Please call the IT service desk. Once we have confirmed your identity we will be able to temporarily bypass the requirement for Multi-Factor authentication.

Enrolment Guide

Before you can access your account from outside the office you will need to complete the enrolment process by following the steps below.

Click on the below link to begin your enrolment. https://aka.ms/mfasetup

If you see a sign in prompt that looks like the below. Enter your IPPF email address into the username box.

If you see an organizational sign in prompt that looks like the below. Enter your IPPF email address into username box, and your password into the password box.

If you have not yet enrolled your account you will be presented with the following message. Click next to begin the enrolment process.

The preferred method of multi-factor authentication requires you to install the Microsoft Authenticator app on your mobile phone. If you are able to use this method click on Mobile app within the dropdown, select the Receive notifications for verification, select Set up, and follow the installation instructions.

If you are unable to install the Microsoft Authenticator you can choose to authenticate via a phone call instead. Click on I want to set up a different method, select Phone, and follow the onscreen instructions.

Logging in with a Microsoft Authenticator Notification

When you log in from outside of the network you will see a prompt that looks similar to the below.

You will receive a notification on your phone asking you to approve the sign-in. Once you have chosen to approve the sign-in you will be automatically logged in, and no further input will be required.

You will need to approve the request on your mobile within 60 seconds otherwise it will timeout and you will see the message below. If this happens you can click on send another request to my Microsoft Authenticator app to send a new notification.

If you are on a company owned device you can choose to check the tick box to avoid being prompted again for 24 hours. You will need to do this prior to approving the login request

Logging in with a Microsoft Authenticator PIN

When you log in from outside of the network you will see a prompt that looks similar to the below.

If you do not have a wireless or mobile signal or wish to log in with PIN code select sign in another way and choose the option to use a verification code from my mobile app.

Open up the Microsoft Authenticator app on your mobile phone, and enter your six-digit PIN into the logon prompt. Once you have done this you will be automatically logged in, and no further input will be required.

If you are on a company owned device you can choose to check the tick box to avoid being prompted again for 24 hours. You will need to do this prior to selecting sign in another way.

Logging in with a Phone Call

When you log in from outside of the network you will see a prompt that looks similar to the below.

You will receive an automated phone call from Microsoft asking you to confirm the login. Once you have done this you will be automatically logged in, and no further input will be required.

If you are on a company owned device you can choose to check the tick box to avoid being prompted again for 24 hours. You will need to do this prior to answering the Microsoft phone call.

Reporting Suspicious Activity

If you receive a notification or phone call from Microsoft that you have not initiated, then this could mean that someone else is trying to gain access to your account.

You have the option to deny the logon request and report it to the IT Help Desk for investigation. Doing so may temporarily block access to your account to ensure that it remains secure while we identify the source of the logon.

------------------------