Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access.

Like strong passwords, MFA typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometric).

Some MFA options include a physical token, random pin, biometrics, authenticator app, email and/or SMS. At Western, we encourage those with devices to use the Microsoft Authenticator app, phone call, or text.

Staff already must use MFA across many services, however, starting in 2024, some student services will also require to logon using MFA.

Why is MFA Important at Western?

In ITDS, we are constantly working on ways to protect the University, and ultimately our staff and students.  MFA is globally accepted, and as a directive from the Senior Executive, it will be an effective cybersecurity solution for all of us.

It will help us to:

  • Enhance Western’s security by requiring users to identify themselves by more than a username and password, providing more layers of protection. Even if cyber criminals steal one credential, they will be forced to verify identities another way. It ensures our digital security.
  • Assure our staff and students that Western protects their data and identity.
  • Meet regulatory compliance.


Frequently Asked Questions (FAQ)

We have created some FAQs to help you work through any issues or questions you may have. These will be further developed as we continue to roll out MFA to the University.

What Western systems does MFA apply to?

There are a number of systems that this affects; here is a list of the most used applications that staff and students will be familiar with:

  • Microsoft Office 365 apps: Including Outlook/Email, Microsoft Teams, SharePoint, Yammer, OneDrive and Office Apps (PowerPoint, Excel, Word etc)
  • Adobe Creative Cloud (CC) 2020
  • Blackboard Learn (vUWS)
  • Inplace
  • LinkedIn Learning
  • Citrix
  • Virtual Private Network (VPN)
  • VMware Horizon Virtual Teaching Platform

For a more comprehensive list, see WSU Systems with MFA.

How do I use MFA?

MFA will impact all staff and students when they log into specific systems and/or websites. Users will need to:

  1. Initially set up their MFA, using a one-time PIN can be delivered using a Mobile Authenticator App or a phone number. This will happen the first time you log in after MFA is activated. See the videos on the right-hand buttons for more information.
  2. Use MFA when there are new logons to devices, websites, etc.
  3. After 22 days, staff and students will need to use MFA once again.

Will MFA be applied to Computer Labs and Lecture Theatres?

Yes, they will.

As PCs in teaching labs and lecterns have additional security, MFA will apply every time you access an MFA application (Office 365, for example) for the first time, every day. So, if you log on to a lab machine, launch Excel and you will get a sign-on and MFA prompt. Move to another lab machine, and open a different application, you will need to log on again.

I am Staff - How do I set MFA up for the first time?

You will need to set it up the first time around using a mobile authenticator app or via text message/phone call. Please see the videos on the right-hand buttons. We have also created a knowledge article to help:

KB0019670 - Setting up MFA (Multi-Factor Authentication) for the First Time(opens in a new window)

I am a Student -  How do I set MFA up for the first time?

You will need to set it up the first time around using a mobile authenticator app.

To set up please go to https://mysignins.microsoft.com/security-info. Students using VMware horizon or OpenVPN must use the MFA method and Authenticator App (mobile app) with notification.

We have also created a knowledge article to help: KB0019275 - I am a Student: How do I set up MFA for the first time.(opens in a new window)

What is a Mobile Authenticator App?

The Mobile Authenticator App in place for Western Sydney University systems is Microsoft Authenticator. Please see How to Setup to MFA Initially on the right-hand button for more information.

Whenever you log into an app or website from an unknown device, you’ll need to open the Authenticator app and follow the on-screen instructions. You can either approve the notification or enter the provided verification code.

I am a VPN user, how do I set up/use MFA?

For the small number of VPN users at Western, you will now need to use MFA when you log in. If you are a VPN user, setting up MFA for the first time, please refer to either the right-hand buttons on How to Set up MFA on your iOS or Android device.

I am a Citrix user, what will be the impact of MFA being applied?

There will be two changes for Citrix users.

  1. You will need to reset your favourites as a result of the change. Your applications and desktop will stay the same.
  2. Unlike other applications where you will not need to log on for another 22 days, every time you will need to use Citrix, you will need to use MFA.

I have delegated authority to another email/calendar, what will happen?

Nothing happens. Only the user logging on has to authenticate regardless of which mailbox they are accessing, as long as they have permission.

When I log on to a computer, will this trigger MFA?

No, this will not trigger MFA as it is only applied to certain applications, like Microsoft Office apps (email, Teams, Yammer, etc), Adobe CC, et cetera. You can download the full list of all applications with MFA: WSU Systems with MFA.

I want to change the way I authenticate with MFA from text to the Authenticator app, what should I do?

You can change the method of how to authenticate for MFA at any time. By clicking here(opens in a new window), you can change which option you prefer (phone, text or app). You can also access this via your Office 365 profile security settings.

However, please note that for a small number of staff and students who use the VPN, you will not be able to use text or code to authenticate. Users must use the Mobile Authenticator App in place for Western Sydney University systems, which is Microsoft Authenticator. Please see the above for more information.

What happens if I do not have my Mobile device on me?

Sign in to your account using another verification method:

  1. Sign in to your account but select the Sign-in another way link on the Two-factor verification page.

If you don't see the Sign in another way link, it means that you haven't set up any other verification methods. You'll have to contact the IT Service Desk to help sign you in to your account.

  • Choose your alternative verification method, and continue with the Multi-Factor verification process.

To contact IT Service Desk: