Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access.

Like strong passwords, MFA typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometric).

Some MFA options include a physical token, random pin, biometrics, authenticator app, email and/or SMS. At Western, we encourage those with devices to use the Microsoft authenticator app, phone call, or text.

Why is MFA Important at Western?

In ITDS, we are constantly working on ways to protect the University, and ultimately our staff and students.  MFA is globally accepted, and as a directive from the Senior Executive, it will be an effective cybersecurity solution for all of us.

It will help us to:

  • Enhance Western’s security by requiring staff to identify themselves by more than a username and password, providing more layers of protection. Even if cybercriminals steal one credential, they will be forced to verify identities another way. It ensures our digital security.
  • Assure our staff and protects their data and identity.
  • Meet regulatory compliance.

The Rollout of MFA to Western

To ensure that we get this rollout right, we are running a few pilot groups in September to ensure minimal impact to all our staff as we can. Why? Keeping it to smaller groups will help us work out any issues, further determine our communications, and ultimately help all staff when we roll this out widely.

  • Pilot Groups*: mid-September to the beginning of October. All involved groups have been consulted, and we will keep the broader University updated as we progress.
  • MFA will be rolled out to the rest of the University* from October to mid-December.

*Please note: at any time, any staff member can pre-select their method of authentication, even before it is activated. Click here(opens in a new window) to find out more.

Frequently Asked Questions (FAQ)

We have created some FAQs to help you work through any issues or questions you may have and will be further developed as we continue to roll out MFA to the University.

What Western systems does MFA apply to?

There are a number of systems that this affects; here is a list of most used applications that staff will be most familiar with:

  • Microsoft Office 365 apps: Including Outlook/Email, Microsoft Teams, SharePoint, Yammer, OneDrive and Office Apps (PowerPoint, Excel, Word etc)
  • Adobe Creative Cloud (CC) 2020
  • Blackboard Learn
  • Inplace
  • LinkedIn Learning

For a more comprehensive list, please download here (PDF, 116.02 KB).

How Do I Use MFA?

MFA will impact all staff when they log into specific systems and/or websites. Staff will need to:

  1. Initially setting up the MFA, a one-time PIN can be delivered using a Mobile Authenticator App or a phone number. This will happen the first time once you log on after MFA is activated. See the videos on the right-hand buttons for more information.
  2. Use MFA when there are new logons to devices, websites, et cetera.
  3. After 22 days, staff will need to use MFA once again.

How do I set MFA up for the first time?

You will need to set it up the first time around using a mobile authenticator app or via text message/phone call. Please see the videos on the right-hand button. We have also created a knowledge-based article to help as well.

KB0016342 - Setting up MFA (Multi-Factor Authentication) for the First Time(opens in a new window)

What is a Mobile Authenticator App?

The Mobile Authenticator App in place for Western Sydney University systems will be Microsoft Authenticator. Please see How to Setup to MFA Initially on the right-hand button for more information.

Whenever you log into the site from an unknown device, you’ll need to open the Authenticator app, unlock it, and find the site’s entry. Authenticator apps generate time-based, one-time passcodes (TOTP or OTP), six digits that refresh every 30 seconds. You enter or paste this into the secured app or site.

I have delegated authority to another email/calendar, what will happen?

Nothing happens. Only the user logging on has to authenticate regardless of which mailbox they are accessing, as long as they have permission.

When I log on to a computer, will this trigger MFA?

No, this will not trigger MFA as it is only applied to certain applications, like Microsoft Office apps (email, Teams, Yammer, etc), Adobe CC, et cetera. You can download a full list of all applications here (PDF, 116.02 KB).

I want to change the way I authenticate with MFA from text to the Authenticator app, what should I do?

You can change the method of how to authenticate for MFA at any time. By clicking here(opens in a new window), you can change which option you prefer (phone, text or app). You can also access this via your Office 365 profile security settings.

What happens if I do not have my Mobile device on me?

Sign in to your account using another verification method:

  1. Sign in to your account but select the Sign-in another way link on the Two-factor verification page.

If you don't see the Sign in another way link, it means that you haven't set up any other verification methods. You'll have to contact the IT Service Desk to help sign you into your account.

  • Choose your alternative verification method, and continue with the Multi-Factor verification process.