- IT maintenance planned outages
- IT Service Desk
- Email and Related Services
- Western WiFi Wireless Network
- IT Contracts
- Telephones
- Computer Laboratories
- Australian Access Federation
- Service Improvements
- Staff Software Benefits
- COVID-19: ITDS Advice, Guides and Support
- Zoom
- PrintSmart
- Getting Connected: Off Campus
- Citrix
- Multi-Factor Authentication
- Return to Campus: Ready, Tech, Go
- Adobe Acrobat Sign
- Direct to Desk
- Windows 10 Upgrade 2022
- Grade Centre
- Contact Centre Project
- CloudStor Decommissioning
Multi-Factor Authentication
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access.
Like strong passwords, MFA typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometric).
Some MFA options include a physical token, random pin, biometrics, authenticator app, email and/or SMS. At Western, we encourage those with devices to use the Microsoft Authenticator app, phone call, or text.
Staff already must use MFA across many services, however, starting in 2023, some student services will also require to logon using MFA.
Why is MFA Important at Western?
In ITDS, we are constantly working on ways to protect the University, and ultimately our staff and students. MFA is globally accepted, and as a directive from the Senior Executive, it will be an effective cybersecurity solution for all of us.
It will help us to:
- Enhance Western’s security by requiring staff to identify themselves by more than a username and password, providing more layers of protection. Even if cyber criminals steal one credential, they will be forced to verify identities another way. It ensures our digital security.
- Assure our staff and students protects their data and identity.
- Meet regulatory compliance.
Frequently Asked Questions (FAQ)
We have created some FAQs to help you work through any issues or questions you may have and will be further developed as we continue to roll out MFA to the University.
What Western systems does MFA apply to?
There are a number of systems that this affects; here is a list of most used applications that staff will be most familiar with:
- Microsoft Office 365 apps: Including Outlook/Email, Microsoft Teams, SharePoint, Yammer, OneDrive and Office Apps (PowerPoint, Excel, Word etc)
- Adobe Creative Cloud (CC) 2020
- Blackboard Learn
- Inplace
- LinkedIn Learning
- Citrix
- Virtual Private Network (VPN)
- VMware Horizon Virtual Teaching Platform
For a more comprehensive list, please download here (PDF, 116.02 KB).
How do I use MFA?
MFA will impact all staff when they log into specific systems and/or websites. Staff will need to:
- Initially setting up the MFA, a one-time PIN can be delivered using a Mobile Authenticator App or a phone number. This will happen the first time once you log on after MFA is activated. See the videos on the right-hand buttons for more information.
- Use MFA when there are new logons to devices, websites, et cetera.
- After 22 days, staff will need to use MFA once again.
Will MFA be applied to Computer Labs and Lecture Theatres?
Yes, they will.
As PCs in teaching labs and lecterns have additional security, MFA will apply every time you access an MFA application (Office 365, for example) for the first time, every day. So, if you log on to a lab machine, launch Excel and you will get a sign-on and MFA prompt. Move to another lab machine, and open a different application, you will need to log on again.
I am Staff - How do I set MFA up for the first time?
You will need to set it up the first time around using a mobile authenticator app or via text message/phone call. Please see the videos on the right-hand button. We have also created a knowledge-based article to help as well.
KB0016342 - Setting up MFA (Multi-Factor Authentication) for the First Time(opens in a new window)
I am a Student - How do I set MFA up for the first time?
You will need to set it up the first time around using a mobile authenticator app.
To set up please go to https://mysignins.microsoft.com/security-info. Students using VMware horizon or OpenVPN must use the MFA method and Authenticator App (mobile app) with notification.
We have also created a knowledge-based article to help as well. KB0019275 - I am a Student: How do I set up MFA for the first time.(opens in a new window)
What is a Mobile Authenticator App?
The Mobile Authenticator App in place for Western Sydney University systems will be Microsoft Authenticator. Please see How to Setup to MFA Initially on the right-hand button for more information.
Whenever you log into the site from an unknown device, you’ll need to open the Authenticator app, unlock it, and find the site’s entry. Authenticator apps generate time-based, one-time passcodes (TOTP or OTP), six digits that refresh every 30 seconds. You enter or paste this into the secured app or site.
I am a VPN user, how do I set up/use MFA?
For the small number of VPN users at Western, you will now need to use MFA when you log in. If you are a VPN user, setting up MFA for the first time, please refer to either the right-hand buttons on How to Set up MFA on your iOS or Android device.
I am a Citrix user, what will be the impact of MFA being applied?
There will be two changes for Citrix users.
- You will need to reset your favourites as a result of the change. Your applications and desktop will stay the same.
- Unlike other applications where you will not need to log on for another 22 days, every time you will need to use Citrix, you will need to use MFA.
I have delegated authority to another email/calendar, what will happen?
Nothing happens. Only the user logging on has to authenticate regardless of which mailbox they are accessing, as long as they have permission.
When I log on to a computer, will this trigger MFA?
I want to change the way I authenticate with MFA from text to the Authenticator app, what should I do?
You can change the method of how to authenticate for MFA at any time. By clicking here(opens in a new window), you can change which option you prefer (phone, text or app). You can also access this via your Office 365 profile security settings.
However, please note that for a small number of staff who use the VPN, you will not be able to use text or code to authenticate. Staff must use the Mobile Authenticator App in place for Western Sydney University systems, which is Microsoft Authenticator. Please see the above for more information.
What happens if I do not have my Mobile device on me?
Sign in to your account using another verification method:
- Sign in to your account but select the Sign-in another way link on the Two-factor verification page.
If you don't see the Sign in another way link, it means that you haven't set up any other verification methods. You'll have to contact the IT Service Desk to help sign you in to your account.
- Choose your alternative verification method, and continue with the Multi-Factor verification process.
Mobile options:
