Multi-Factor Authentication Project
Multi-Factor Authentication Information for Staff and Students
What is Multi-factor authentication?
The University is implementing multi-factor authentication (MFA) for all Oxford Single Sign-On (SSO) users across the University. This means you will be asked to verify your account using a second factor, such as a code from an app on your phone, text message, or a phone call.
MFA has been rolled out to all SSO accounts from January 2021 by surname.
What's already happened?
On 10 November, the existing Webauth login page, where you sign in with your SSO, was replaced with an Oxford-branded Microsoft login page.
You will also be required to follow the University password policy, when you are next prompted to change your password, which we hope will also improve security for SSO account users.
How does MFA work?
You can verify your account using any of the following methods:
- Using the Microsoft authenticator app on your mobile phone
- Receiving an SMS on your mobile phone
- Requesting a phone call on a landline or mobile phone
- Authy desktop authenticator app
- Using a hardware token
There is more detail about how to set up each of these methods before your MFA deployment date on the How to prepare for MFA page.
If you already have MFA on your SSO account, there is guidance for setting up more authentication methods on the MFA: Help and guidance page on the IT Help website.
If you have a new phone, there is a guide for setting up MFA on a new mobile phone.
We will be enabling MFA on secondary accounts from May 2021 - please see the Secondary accounts page for information about reviewing your secondary accounts and preparing for MFA.