How to use multi-factor authentication

Set up more than one authentication method

Avoid reliance on a single device, a phone connection, or internet access, by adding multiple authentication methods.

 

Expand All

Microsoft Authenticator is an app for Android and Apple mobile devices.

The app prompts for authorisation if an internet connection is available, or can provide a one-time password.

 

  1. Download Microsoft Authenticator from your device's app store.
  2. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password.
  3. If MFA is already set up on your account, provide authentication using an existing method.
  4. If you do not enter the account setup automatically, select +Add sign-in method > Authenticator app > Add
  5. If available, select Pair your account to the app by clicking this link and skip to step 9
  6. In the Microsoft Authenticator app, select + > Add account > Work or school Account > Scan a QR code
  7. On the My Sign-ins website, select Next > Next to be presented with a QR code.
  8. In the Microsoft Authenticator app, scan the displayed QR code.
  9. On the My Sign-ins website, select Next to be presented with a two-digit number.
  10. In the Microsoft Authenticator app, provide the test notification sent to the app with the two-digit number.

Many authenticator apps can provide a one-time password. They should not require internet access or phone connectivity.

The setup process is provided below, but you may need to refer to your apps documentation.

 

  1. Download and install the authenticator.
  2. Open the authenticator and add a new account.
  3. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password.
  4. If MFA is already set up on your account, you may need to provide authentication using an existing method.
  5. If you do not enter the account setup automatically, select +Add sign-in method > Authenticator app > Add
  6. Select I want to use a different authenticator app > Next
  7. If a QR code is displayed, either scan it (skip to step 11) or select Can't scan image
  8. In the authenticator, provide the Secret key displayed.
  9. If prompted, leave the Token length as 6 digit.
  10. On the My Sign-ins website, select Next
  11. Provide the 6 digit code displayed by the authenticator, then Next

Zoho OneAuth is an alternative authenticator app available for Windows, macOS, iOS, and Android devices.

OneAuth provides a one-time password.

 

  1. If you do not have one, create a Zoho account using an email address you can access, then confirm the email sent to the account
  2. Install OneAuth from the Microsoft, Apple, or Android app store
  3. In OneAuth, sign in using your Zoho account details
  4. If prompted to go passwordless, select Skip
  5. From OneAuth's menu bar:
    Desktop: Select  OTP Authenticator > + Add new > Manual entry
    Mobile: Select  Authenticator > Add new > Enter secret manually
  6. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password
  7. If an existing MFA method is already set, provide authentication using an existing method
  8. If setup does not start automatically, select + Add sign-in method > Authenticator app > Add
  9. Select I want to use a different authenticator app > NextCan't scan image?
  10. In OneAuth, provide:
     
    Issuer Name Oxford University SSO
    Username Your SSO in the format abcd1234@ox.ac.uk
    Secret Key The secret key displayed on the My Sign-ins website
    Choose Folder My Accounts
    Choose Brand Your choice of icon
  11. On the My Sign-ins website, select Next
  12. Provide the 6 digit code displayed in OneAuth, then Next

Authy by Twilio is an alternative authenticator app available for mobile devices.

Authy provides a one-time password, requiring a phone for its initial setup or internet access to set up additional devices.

 

  1. Download and install Authy from your mobile device's app store.
  2. Open Authy, provide a phone number, email address and complete the initial setup.
  3. In Authy, select either + in the Tokens tab, or  > Add Account
  4. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password.
  5. If an existing MFA method is already set, provide authentication using an existing method.
  6. If you do not enter the account setup automatically, select +Add sign-in method > Authenticator app > Add
  7. Select I want to use a different authenticator app > Next
  8. If a QR code is displayed, if you can scan it in Authy then skip to step 14 otherwise select Can't scan image
  9. In Authy, if you are prompted to Scan QR Code select Enter Code Manually
  10. Provide Authy with the Secret key displayed on the My Sign-ins website.
  11. Select a logo for the account.
  12. Provide a name such as Nexus365.
  13. If prompted, leave the Token length as 6 digit.
  14. If prompted, provide a password for your Authy account.
  15. On the My Sign-ins website, select Next
  16. Provide the 6 digit code displayed in Authy, then Next

Set up Authy on additional devices

If you are setting up Authy on multiple devices you can synchronise your token across them.

During setup, an internet connection is required for both devices.

  1. On the existing device, open Authy.
  2. Select > Settings > Devices > Allow multi-device
  3. Create an Authy backup password.
  4. On the additional device, download and install Authy from your mobile device's app store.
  5. If Authy is already set up, reinstall the app to reset it.
  6. Open Authy and provide the phone number used for your Authy account.
  7. Select the Existing Device verification method.
  8. On the existing device, confirm the notification.
  9. On the additional device, select the Nexus 365 account.
  10. Provide your Authy backup password.

An automated call can be made to a land or mobile telephone number, prompting for the press of a specified key.

 

  1. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password.
  2. If MFA is already set up on your account, provide authentication using an existing method.
  3. If you do not enter the account setup automatically, select +Add sign-in method > Alternative phone > Add
  4. Provide the phone number to use.
  5. Select Call me, then Next
  6. Verify the call made to the phone.

A one-time password can be sent to a telephone number.

 

  1. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password.
  2. If MFA is already set up on your account, provide authentication using an existing method.
  3. If you do not enter the account setup automatically, select +Add sign-in method > Phone > Add
  4. Provide the phone number to use.
  5. Select Text me a code, then Next
  6. Provide the 6 digit code sent to your device, then Next

A security key, also known as a hardware token, is a device you can plug into your computer to authenticate your account. Security keys are supported by your local IT support team.

The setup of different keys may vary slightly, but an existing MFA method must have been set up as authentication is required either before or during the setup.

 

  1. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and SSO password.
  2. Provide authentication using an existing method.
  3. Select +Add sign-in method > Security Key > AddUSB device > Next
  4. If prompted, select Use a different passkeyUse an external security key
  5. Select OK > OK
  6. Insert your security key into your device's USB port.
  7. Set a password to use with the key or provide the existing password.
  8. Touch your security key.
  9. Provide a name to help you to identify the authentication method.

 With internet access

  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. A two digit number will be displayed on screen, then Microsoft Authenticator will prompt for this
  3. Provide Microsoft Authenticator with the two digit number

Without internet access

  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. Select I can't use my Microsoft Authenticator app right now > Use a verification code
  3. Open Microsoft Authenticator
  4. Select the account used for your SSO account
  5. Provide the 6 digit password displayed by the app

Authentication apps such as Authy, Duo Security, and Google Authenticator provide a one time passcode, with internet access not required in most cases. Accessing the one time passcode may differ slightly between apps.

 

  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. Open the authenticator app
  3. Select the account used for your SSO account
  4. Provide the 6 digit verification code displayed by the app
  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. Open OneAuth
  3. From OneAuth's menu bar:
    Desktop: Select  OTP Authenticator
    Mobile: Select  Authenticator
  4. Select the account used for your SSO account
  5. Provide the 6 digit verification code displayed by the app

Warning: Only approve notifications you initiate

Check why you may receive authentication calls that you did not initiate

 
  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. A call will be made to your nominated phone
  3. Listen to the automated message and press the phone's hash/pound key # to confirm that you initiated this

You will have around 30 seconds to approve the message from the time you pick up the call.

  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. A text message will be sent to your nominated phone
  3. Provide the 6 digit password provided in the text message
  1. Sign in to your SSO account with the username format abcd1234@ox.ac.uk and SSO password
  2. Insert the security key into your device's USB port
  3. Provide your security key pin
  4. Touch your security key
  1. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Select the Delete option, next to the method you want to remove.

If you delete your default sign-in method, the next available method will automatically become your default method.

You should be able to switch between two separate organisation's logins, but if not you should be able to resolve issues if you clear your web browser's cache and cookies.

You can also keep logins separate by using:

  • a different browser for each login, such as Chrome and Firefox.
  • a private / incognito window for a second login.
  • a separate browser profile for each login.

You will always be prompted for your most secure registered authentication method, the order being:

  1. Security key
  2. Microsoft Authenticator
  3. Authenticator providing a one-time password
  4. Text message or phone call

Where your most secure methods are equally secure, a default can be applied:

 

  1. In a web browser, access the My Sign-ins website using your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Select the Change option, next to Default sign-in method
  3. Select the drop-down menu and choose your preferred default sign-in method.

Get support


If you cannot find the solution you need here then we have other ways to get IT support

Get IT support