MFA help

Expand All

MFA protects the University's systems and data by providing increased security when accessing your accounts.

For further information please see our multi-factor authentication overview page.

For full MFA setup and usage details, please see the MFA setup and management page.

If you do not have your MFA device and cannot wait until you regain access to it, your local IT support team can reset your MFA methods.  You should then set up your verification methods on multiple devices.

If you are unable to contact your local IT support team, please speak to the Service Desk.

MFA prompts occur when you log into apps and services using your SSO or when your session times out.

Some systems may impose their own rules, prompting for MFA more often than others depending on the person's account activity.  In most cases however, prompt frequency will depend on the service and whether you are using a web browser or standalone application.

Web browsers

Browser based session timeouts depend on the type of service you are accessing:

  • Azure login based services, such as web based versions of Outlook, Teams, OneDrive, SharePoint Online, Dynamics365, should persist for 7 days.
  • Shibboleth protected resources, such as CoSy, TeamSeer or Clarity, should persist for 11 hours.

The browser will not require authentication again, for the service accessed or other services, until the session expires or the browser is closed.

Applications

Standalone desktop and mobile applications have a token that should persist for 90 days unless you need to login again for other reasons, such as following a software update.

The Linux Teams application is a notable exception as it behaves like a browser application, with session times persisting for 7 days.

Cause Resolution
Your login session expired The sessions of devices left on constantly may expire whilst you are away from them.  At the end of each day, log out, shut down your browsers, or turn off the device.
An account you own is being accessed by someone authorised to do so The default MFA methods using Microsoft authenticator, phone calls or text messages will contact you when an authorised person provides a correct SSO username and password for the account.
An account you own is being accessed by a third party

If the cause is not listed above, change your SSO password as a third party might be trying to access your account.

You should also check your recent sign in activity for where the login attempt was made from and report it to the Information Security team.

Opening the Microsoft Authenticator app should display current notifications, but the following may enable automatic push notifications.

 

Cause Resolution
No internet connection Check your phone's data and WiFi access.  In these situations the app can also provide a one-time password.
Notifications are disabled Check that push notifications are enabled for the app in your phone's settings.
App has crashed Try to force close the app and restart the phone.
App not set up successfully Set up the app again.
Battery saving features Battery saving features might be blocking background processes.  Change the priority of the notifications or turn off battery saving features.
[Android] Notifications set to low priority  Settings vary for different versions, but try to start the Settings app, select Applications > Notifications, then check the notification priority.
[iOS] Can't receive over WiFi If you can only receive notifications with mobile data, select Settings > General > Reset > Reset Network Settings.  Please note that this will forget all WiFi networks and passwords, mobile settings and VPN/APN.

One-time passwords are only valid for a short time and cannot be created correctly if the time of your device is incorrect.  You should synchronise your device to ensure it is using the correct time, date and time zone.

Cause Resolution
Cookies not enabled Enable cookies within your web browser.
Cookies and cached content Clear the cookies and cached information held by your browser and try again.
Old bookmarks A bookmark for the login page might have expired.  Try to navigate to the login from a different web page.
Multiple copies of the page Multiple copies of the page might be open in your web browser.  Close all instances of the page and try again.
Page accessed using the back button Close and reopen the web browser and try again.

A 10 minute lock is applied to accounts following too many unsuccessful authentication attempts in a short time.

If the error is still happening after 30 minutes please contact the Service Desk.

Basic authentication will be disabled by Microsoft on 1st January 2023, as such it is no longer advisable to use app passwords.

Further details regarding this change are available on the Microsoft website.

Get support


If you cannot find the solution you need here then we have other ways to get IT support

GET IT SUPPORT