Multi-Factor Authentication FAQs for Staff and Students

Further information about multi-factor authentication for staff and students

Expand All

Will we be allowed to setup or use multiple services or devices, in case one service is unavailable?

Yes, it's recommended that you register multiple verification methods. When one method isn't available, you can choose to authenticate with another method.

For example, you might want to choose one method that uses your mobile phone, such as the Authenticator app or a text message, and another that doesn't use your mobile, in case you lose your mobile or don't have it to hand, such as the Authy desktop app or a landline phonecall.

We have a full set of guides for setting up each authentication method on the MFA: Help and guidance page and there is further advice on this Microsoft page about authentication and verification methods.

How do I set up more than one authentication method at the time of registering?

Here are full instructions for managing MFA on your account, including adding and deleting authentication methods, but briefly:

  1. Go to the My Sign-ins page
  2. Click +Add Method

 
Security info screen
 

      4.  Select the new additional method, such as Security Key

Select a method

What if I am in a building with no Wi-Fi, how will I receive my second factor code?

When setting up multi factor authentication you should select the option on the mobile app that generates a one-time passcode, and requires no mobile data or Wi-Fi connectivity.

What is the recommendation for users working from home with no smart phone, or with no mobile signal?

You can choose to receive your code via a landline number, if you have one, and if you have a smart phone but no mobile signal, you can authenticate over Wi-Fi.

If you have no landline, smart phone or signal available, then you can use a hardware token or the Authy desktop app.

Is it possible to have the same phone number associated with multiple accounts, e.g. for staff who have access to project accounts as well as their personal account?

Yes - it is possible to setup the same phone number for different accounts (it also works for mobile numbers), but it doesn't give any indication as to which account you are trying to sign into when it calls.

If a landline has forwarding set up on it for example, Chorus desktop landline to a mobile number, will the telephone authentication work?

Ensure you've got unconditional forwarding set (not forward on no reply) then the call will forward immediately with no delay. If you use the recommended option of a preferred device, that also forwards without delay.

  1. click 'call me on the second factor page'
  2. phone rings
  3. pick up the phone
  4. automated message "Thank you for using the Microsoft’s sign-in verification system. Please press the hash key to finish your verification." (you don't actually have to listen to this whole message)
  5. press hash key
  6. login completes / incoming call hangs up.

You will have around 30 seconds to press the hash key from the time that you pick up the incoming call (or around 15 seconds to press hash if you choose to listen to the whole message). 

What about staff and students new to the University, will they have MFA?

Yes, from 15 December 2020 all new staff and students will have MFA already deployed on their account, therefore they do not need to be included in the surname A-Z deployment timetable.

Has the webauth.ox.ac.uk screen changed? 

Yes, the Oxford web-based SSO sign-in page has been replaced with an Oxford-branded Microsoft sign-in page.  Your password will remain the same, however, your username may need be entered as  abcd1234@OX.AC.UK (where abcd1234 is your existing SSO username)

Why doesn't the 'Forgot my password' link work?

Passwords are handled locally, not by Microsoft, so this link will not work. However, if you forget your password, please click on the 'Reset your Single Sign-On password link'.

Has the account management page changed?

Yes the account management pages have also been replaced with an Oxford branded page.

 

I access another institution's resources with a Microsoft Account and am having issues within the same browser

Please see the advice on the MFA: managing secondary accounts page.

 

What hardware token shall I use and how do I purchase one?

For information about purchasing and setting up hardware tokens for MFA, please see the MFA: Hardware tokens page.

Contact

If you have any questions regarding the implementation of multi-factor authentication please email the project team mfaproject@it.ox.ac.uk