MFA setup and management

Set up more than one MFA method

You should add multiple authentication methods so you do not rely on the same device, phone or internet connection.

 

Expand All

You should add multiple authentication methods that do not rely on the same device, phone or internet connection.  An overview is available to compare the available MFA methods.

Microsoft Authenticator is an authenticator app available for Android and Apple mobile devices.

The app will prompt for authorisation if an internet connection is available, or it can provide a one-time password.

 

  1. Download Microsoft Authenticator from your device's app store.
  2. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  3. If MFA is already set up on your account, provide authentication using an existing method.
  4. If you do not enter the account setup automatically, select +Add sign-in methodAuthenticator appAdd
  5. If available, select Pair your account to the app by clicking this link and skip to step 10
  6. In the Microsoft Authenticator app, select Add account > Work or school AccountScan a QR code
  7. On the My Sign-ins website, select Next
  8. In the Microsoft Authenticator app, scan the displayed QR code.
  9. On the My Sign-ins website, select Next
  10. Approve the test notification sent to your device.

Alternative authenticator apps that provide one-time passwords are available for various devices and operating systems.  The general process for setting up an authentication apps should be as follows, but you may also need to refer to applications own documentation.

 

  1. Download and install the authenticator.
  2. Open the authenticator and add a new account.
  3. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  4. If MFA is already set up on your account, you may need to provide authentication using an existing method.
  5. Select +Add sign-in methodAuthenticator appAdd
  6. Select I want to use a different authenticator app > Next
  7. If a QR code is displayed, either scan it (skip to step 11) or select Can't scan image
  8. In the authenticator, provide the Secret key displayed.
  9. If prompted, leave the Token length as 6 digit.
  10. On the My Sign-ins website, select Next
  11. Provide the 6 digit code displayed by the authenticator, then Next

Authy is an alternative authenticator app available for Windows, Mac, and Linux computers or Android and Apple mobile devices.

The app provides a one-time password, only requiring a phone for its initial setup or internet access to set up additional devices.

 

  1. Download and install Authy from its web site, or your mobile device's app store.
  2. Open Authy, provide a phone number, email address and complete the initial setup.
  3. Select Add Account  
  4. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  5. If MFA is already set up on your account, provide authentication using an existing method.
  6. Select +Add sign-in methodAuthenticator appAdd
  7. Select I want to use a different authenticator app > Next
  8. If a QR code is displayed, either scan it (skip to step 13) or select Can't scan image
  9. In Authy, provide the Secret key displayed.
  10. Select a logo for the account.
  11. Provide a name such as Nexus365.
  12. If prompted, leave the Token length as 6 digit.
  13. If prompted, provide a password for your Authy account.
  14. On the My Sign-ins website, select Next
  15. Provide the 6 digit code displayed in Authy, then Next

Set up Authy on additional devices

If you are setting up Authy on multiple devices it is better to synchronise your token across them.

During setup, an internet connection is required for both devices.

  1. Open Authy on your existing device.
  2. Select  Settings  > Devices > enable Multi-Device
  3. Select  Settings  > Accounts > enable Backups / Authenticator Encrypted Backups
  4. Create an Authy backup password.
  5. On any additional devices, download and install Authy from its web site, or the device's app store.
  6. If Authy is already set up on the additional device, reset it by either selecting Authy Desktop > Log out and reset device, or by reinstalling the app.
  7. Open Authy and provide the phone number used with the existing device.
  8. Select the Existing Device verification method.
  9. On the existing device, confirm the notification.
  10. On your additional device, select the Nexus 365 account.
  11. Provide your Authy backup password.

An automated verification call can be made to a defined telephone number.

A land or mobile phone connection is required.

 

  1. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  2. If MFA is already set up on your account, provide authentication using an existing method.
  3. If you do not enter the account setup automatically, select +Add sign-in method > Alternative phone > Add
  4. Provide the phone number to use.
  5. Select Call me, then Next
  6. Verify the call made to the phone.

A one-time password can be sent to a defined mobile phone number.

A mobile phone connection is required.

 

  1. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  2. If MFA is already set up on your account, provide authentication using an existing method.
  3. If you do not enter the account setup automatically, select +Add sign-in method > Phone > Add
  4. Provide the phone number to use.
  5. Select Text me a code, then Next
  6. Provide the 6 digit code sent to your device, then Next

A security key, or hardware token, is a device you plug into your computer that can be used to authenticate your account.

An additional authentication method must have been set up for use during the setup.  The process may vary slightly between security keys.

 

  1. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Provide authentication using an existing method.
  3. Select +Add sign-in method > Security Key > Add
  4. If prompted, authenticate this using an existing authentication method.
  5. Select USB deviceNext > OK > OK
  6. Insert your security key into your device's USB port.
  7. Set a password to use with the key or provide the existing password.
  8. Touch your security key.
  9. If prompted, authenticate this using an existing authentication method.
  10. Provide a name to help you to identify the authentication method.

The following assume the method is set as your default authentication method.

Warning: Only approve notifications you initiate

Check why your device may receive authentication prompts that you did not initiate.

 

With internet access

  1. Provide your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. If your device does not display a notification automatically, open the Microsoft Authenticator app.
  3. Select Approve to confirm that you initiated this.

Without internet access

  1. Provide your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Select I can't use my Microsoft Authenticator app right nowUse a verification code
  3. Open Microsoft Authenticator
  4. Select the account used for your SSO account.
  5. Provide the 6 digit password displayed by the app.

Authentication apps such as Authy and Google Authenticator should work in the same way, but may differ slightly.  You should not require internet access.

 

  1. Provide your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Open the authenticator app.
  3. Select the account used for your SSO account.
  4. Provide the 6 digit password displayed by the app.

Warning: Only approve notifications you initiate

Check why you may receive authentication calls that you did not initiate.

 

 

  1. Provide your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. A call will be made to your nominated phone.
  3. Listen to the automated message and press the phone's hash/pound key # to confirm that you initiated this.

You will have around 30 seconds to approve the message from the time you pick up the call.

  1. Provide your username in the format abcd1234@ox.ac.uk and your SSO password.
  2. A text message will be sent to your nominated phone.
  3. Provide the 6 digit password provided in the text message.
  1. Provide your username in the format abcd1234@ox.ac.uk
  2. Insert the security key into your device's USB port.
  3. Provide your security key pin.
  4. Touch your security key.
  1. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Select the Delete option, next to the method you want to remove.

If you delete your default sign-in method, the next available method will automatically become your default method.

  1. In a web browser, login to the My Sign-ins website using your Oxford username in the format abcd1234@ox.ac.uk and your SSO password.
  2. Select the Change option, next to Default sign-in method
  3. Select the drop-down menu and choose your preferred default sign-in method.

If you can use an alternative MFA method, ensure that you delete the MFA methods used with the missing device and use the Sign out everywhere option available on the My Sign-ins website.  You can then set up MFA on a new device.

If you are unable to use an alternative MFA method, please contact your local IT Support team for assistance.  If you are unable to contact your local IT support team, please speak to the Service Desk.

If you have set up MFA but do not have access to your MFA device, if it is not urgent then it is advisable to wait until you can regain access.  You should then also add another verification method that does not use the same device.

If you urgently need to access your account or none of your verification methods are working, your local IT support team can reset them.  If you are unable to contact your local IT support team, please speak to the Service Desk.

You should be able to switch easily between two separate logins, but if you cannot then authentication cookies may be present in your browser.

Clearing the browsers cache and cookies should resolve the issue, but you can also keep logins separate by using:

  • a different browser for each login, such as Chrome and Firefox.
  • a separate browser profile for each login.
  • a private / incognito window for a second login.

If you are leaving the country or travelling to Oxford from abroad, to minimise the risk of MFA being an issue during or after your journey, you should ensure that you can use an authentication method that is not dependent on a phone or internet connection.

Suitable methods would be security keys or authenticator apps able to provide a one-time password, such as Microsoft Authenticator or Authy.  An overview is available to compare currently available MFA methods.

Once you have arrived you can add any further MFA methods.

Get support


If you cannot find the solution you need here then we have other ways to get IT support

GET IT SUPPORT