Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access.

Like strong passwords, MFA typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometric).

Some MFA options include a physical token, random pin, biometrics, authenticator app, email and/or SMS. At Western, we encourage those with devices to use the Microsoft authenticator app, phone call, or text.

Why is MFA Important at Western?

In ITDS, we are constantly working on ways to protect the University, and ultimately our staff and students.  MFA is globally accepted, and as a directive from the Senior Executive, it will be an effective cybersecurity solution for all of us.

It will help us to:

  • Enhance Western’s security by requiring staff to identify themselves by more than a username and password, providing more layers of protection. Even if cyber criminals steal one credential, they will be forced to verify identities another way. It ensures our digital security.
  • Assure our staff and students protects their data and identity.
  • Meet regulatory compliance.

The Rollout of MFA to Western

To ensure that we get this rollout right, we are running a few pilot groups in September to ensure minimal impact to all our staff as we can. Why? Keeping it to smaller groups will help us work out any issues, further determine our communications, and ultimately help all staff when we roll this out widely.

  • MFA will be rolled out to the University from October to mid-December.
  • MFA will be applied in teaching labs and PC lecturns. See below for more information.
  • From 20 November 2021, staff that have moved to using MFA will need to use it every time you logon on to Citrix. For staff that do not MFA yet, this will not be triggered in Citrix until they are added in as part of the staged implementation. See the FAQ below for more information.
  • From the 25th of November 2021, all VPN users will be required to use MFA to use the VPN. Please see the FAQs below and the videos for more help.

*Please note: at any time, any staff member can pre-select their method of authentication, even before it is activated. Click here(opens in a new window) to find out more.

Frequently Asked Questions (FAQ)

We have created some FAQs to help you work through any issues or questions you may have and will be further developed as we continue to roll out MFA to the University.

What Western systems does MFA apply to?

There are a number of systems that this affects; here is a list of most used applications that staff will be most familiar with:

  • Microsoft Office 365 apps: Including Outlook/Email, Microsoft Teams, SharePoint, Yammer, OneDrive and Office Apps (PowerPoint, Excel, Word etc)
  • Adobe Creative Cloud (CC) 2020
  • Blackboard Learn
  • Inplace
  • LinkedIn Learning
  • Citrix, from the 20th November 2021.
  • Virtual Private Network (VPN) from the 25th of November 2021.

For a more comprehensive list, please download here (PDF, 116.02 KB).

How do I use MFA?

MFA will impact all staff when they log into specific systems and/or websites. Staff will need to:

  1. Initially setting up the MFA, a one-time PIN can be delivered using a Mobile Authenticator App or a phone number. This will happen the first time once you log on after MFA is activated. See the videos on the right-hand buttons for more information.
  2. Use MFA when there are new logons to devices, websites, et cetera.
  3. After 22 days, staff will need to use MFA once again.

Will MFA be applied to Computer Labs and Lecture Theatres?

Yes, they will.

As PC's in teaching labs and lecterns have additional security, MFA will apply every time you access an MFA application (Office 365, for example) for the first time, every day. So, if you log on to a lab machine, launch Excel and you will get a sign-on and MFA prompt. Move to another lab machine, open a different application, you will need to log on again.

How do I set MFA up for the first time?

You will need to set it up the first time around using a mobile authenticator app or via text message/phone call. Please see the videos on the right-hand button. We have also created a knowledge-based article to help as well.

KB0016342 - Setting up MFA (Multi-Factor Authentication) for the First Time(opens in a new window)

What is a Mobile Authenticator App?

The Mobile Authenticator App in place for Western Sydney University systems will be Microsoft Authenticator. Please see How to Setup to MFA Initially on the right-hand button for more information.

Whenever you log into the site from an unknown device, you’ll need to open the Authenticator app, unlock it, and find the site’s entry. Authenticator apps generate time-based, one-time passcodes (TOTP or OTP), six digits that refresh every 30 seconds. You enter or paste this into the secured app or site.

I am a VPN user, how do I set up/use MFA?

For the small number of VPN users at Western, you will now need to use MFA when you log in. If you are a VPN user, setting up MFA for the first time, please refer to either the right-hand buttons on How to Set up MFA on your iOS or Android device.

I am a Citrix user, what will be the impact of MFA being applied?

There will be two changes for Citrix users.

  1. You will need to reset your favourites as a result of the change. Your applications and desktop will stay the same.
  2. Unlike other applications where you will not need to log on for another 22 days, every time you will need to use Citrix, you will need to use MFA.

I have delegated authority to another email/calendar, what will happen?

Nothing happens. Only the user logging on has to authenticate regardless of which mailbox they are accessing, as long as they have permission.

When I log on to a computer, will this trigger MFA?

No, this will not trigger MFA as it is only applied to certain applications, like Microsoft Office apps (email, Teams, Yammer, etc), Adobe CC, et cetera. You can download a full list of all applications here (PDF, 116.02 KB).

I want to change the way I authenticate with MFA from text to the Authenticator app, what should I do?

You can change the method of how to authenticate for MFA at any time. By clicking here(opens in a new window), you can change which option you prefer (phone, text or app). You can also access this via your Office 365 profile security settings.

However, please note that for a small number of staff who use the VPN, you will not be able to use text or code to authenticate. Staff must use the Mobile Authenticator App in place for Western Sydney University systems, which is Microsoft Authenticator. Please see above for more information.

What happens if I do not have my Mobile device on me?

Sign in to your account using another verification method:

  1. Sign in to your account but select the Sign-in another way link on the Two-factor verification page.

If you don't see the Sign in another way link, it means that you haven't set up any other verification methods. You'll have to contact the IT Service Desk to help sign you in to your account.

  • Choose your alternative verification method, and continue with the Multi-Factor verification process.