How to use multi-factor authentication (MFA)

You should always set up more than one authentication method. Avoid reliance on a single device, a phone connection, or internet access, by adding multiple authentication methods.

Expand All

Microsoft Authenticator is an app for Android and Apple mobile devices.

The app prompts for authorisation if an internet connection is available, or can provide a one-time password.

 

  1. Download Microsoft Authenticator from your device's app store
  2. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password, and MFA if it is already set up on your account
  3. If account setup does not start automatically, select +Add sign-in method > Authenticator app > Add
  4. If available, select Pair your account to the app by clicking this link (then skip to step 8)
  5. Select Next > Next to display a QR code
  6. In Microsoft Authenticator, select + > Add account > Work or school Account
  7. Select Scan a QR code, then scan the QR code shown on the My Sign-ins website
  8. Return to the My Sign-Ins website, then select Next to display a two-digit number
  9. Return to Microsoft Authenticator, then provide the test notification with the two-digit number from the My Sign-Ins website

Many authenticator apps, can provide a one-time password. They should not require internet access or phone connectivity.

The setup process is provided below, but you may need to refer to your apps documentation.

 

  1. Download and install the authenticator
  2. Open the authenticator and start the process to add a new account
  3. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password, and MFA if it is already set up on your account

  4. If account setup does not start automatically, select +Add sign-in method > Authenticator app > Add

  5. Select I want to use a different authenticator app > Next to display a QR code
  6. Either scan the displayed QR code with the authenticator (then skip to step 9) or select Can't scan image
  7. In the authenticator, provide the secret key displayed on the MySign-Ins website
  8. If asked to select the token length, choose 6 digit
  9. Return to the My Sign-Ins website, select Next then provide the 6 digit code displayed in the authenticator

Zoho OneAuth is an alternative authenticator app available for Windows, macOS, iOS, and Android devices.

OneAuth provides a one-time password.

 

  1. Install OneAuth from the Microsoft, Apple or Android app store (titled Authenticator App - OneAuth)
  2. Sign in to OneAuth using a Zoho account. You can create a free Zoho account using the email address of an account that you can currently access
  3. If prompted to go passwordless select Skip, any prompts for permissions can be denied
  4. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password, and MFA if it is already set up on your account
  5. If account setup does not start automatically, select + Add sign-in method > Authenticator app > Add
  6. Select I want to use a different authenticator app > NextCan't scan image?
  7. Return to OneAuth, then from the menu bar select:
     
    Windows   OTP Authenticator > + Add new > Manual entry
    macOS   Authenticator > Add new > Manual entry
    iOS   Authenticator > Add new > Manual entry
    Android   Authenticator > Add new > Enter secret manually
  8. Complete the displayed form with:
     
    Issuer Name Oxford University SSO
    Username Your username in the format abcd1234@ox.ac.uk
    Secret Key The secret key displayed on the My Sign-Ins website
    Choose Folder My Accounts
    Choose Brand Your choice of icon
  9. Return to the My Sign-ins website, select Next then provide the 6 digit code displayed in OneAuth

Back up your secret key

Back up your key to allow it to be restored if you sign out of OneAuth or install it on a new device.

 

  1. In OneAuth, from the menu bar select either  OTP Authenticator or  Authenticator
  2. Select Back up Secrets > SET UP
  3. Provide a recovery passphrase (minimum 8 characters)

An automated call can be made to a land or mobile telephone number, prompting for the press of a specified key.

 

  1. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password, and MFA if it is already set up on your account

  2. If account setup does not start automatically, select +Add sign-in method > Alternative phone > Add

  3. Provide the phone number to use
  4. Select Call meNext, then verify the call made to the phone

A one-time password can be sent to a telephone number.

 

  1. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password, and MFA if it is already set up on your account

  2. If you do not enter the account setup automatically, select +Add sign-in method > Phone > Add
  3. Provide the phone number to use
  4. Select Text me a code > Next, then provide the 6 digit code sent to your device

A security key, also known as a hardware token, is a device you can plug into your computer to authenticate your account. Security keys are supported by your local IT support team.

The setup of different keys may vary slightly, but an existing MFA method must have been set up as authentication is required either before or during the setup.

 

  1. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password and MFA

  2. Select +Add sign-in method > Security Key > Add
  3. If prompted, provide authentication using your existing MFA method
  4. Select USB device > Next
  5. If prompted, select Save another way Use an external security key > OK > OK
  6. Insert the security key into your device's USB port
  7. Provide a password for the key 
  8. If required, touch the security key
  9. Provide a name to help you to identify the key

 With internet access

  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. A two digit number will be displayed on screen, then Microsoft Authenticator will prompt for this
  3. Provide Microsoft Authenticator with the two digit number

Without internet access

  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. Select I can't use my Microsoft Authenticator app right now > Use a verification code
  3. Open Microsoft Authenticator
  4. Select the account used for your SSO account
  5. Provide the 6 digit verification code displayed by the app

Accessing the one time passcode will differ slightly between different authenticator apps, but the general process would be:

 

  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. Open the authenticator app
  3. Select the account used for your SSO account
  4. Provide the 6 digit verification code displayed by the app
  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. Open OneAuth
  3. From the menu bar, select either  OTP Authenticator or  Authenticator
  4. Select the account used for your SSO account
  5. Provide the 6 digit verification code displayed by the app

Warning: Only approve notifications you initiate

Check why you may receive authentication calls that you did not initiate

 
  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. A call will be made to your nominated phone
  3. Listen to the automated message and press the phone's hash/pound key # to confirm that you initiated this

You will have around 30 seconds to approve the message from the time you pick up the call.

  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. A text message will be sent to your nominated phone
  3. Provide the 6 digit password provided in the text message
  1. When signing in to your SSO account, provide your username in the format abcd1234@ox.ac.uk and SSO password
  2. Insert the security key into your device's USB port
  3. Provide your security key pin
  4. Touch your security key
  1. In a web browser, sign in to the My Sign-Ins website using your username in the format abcd1234@ox.ac.uk, SSO password and MFA
  2. Select the Delete option, next to the method you want to remove

If you delete your default sign-in method, the next available method will automatically become your default method.

You should be able to switch between two separate organisation's logins, but if not you should be able to resolve issues if you clear your web browser's cache and cookies.

You can also keep logins separate by using:

  • a different browser for each login, such as Chrome and Firefox.
  • a private / incognito window for a second login.
  • a separate browser profile for each login.

It is no longer possible to set a default sign in method, you will always be prompted for the most secure method you have added, the order of these being:

  1. Security key
  2. Microsoft Authenticator
  3. Authenticator providing a one-time password
  4. Text message or phone call

Get support


If you cannot find the solution you need here then we have other ways to get IT support

Get IT support

 

Submit a suggestion, compliment or complaint