Go to start page

Multi-factor Authentication, MFA

Multi-factor authentication (MFA) is a method for logging in using two steps. This is to verify that it is the right person logging in. In the spring of 2023 MFA has been introduced as a requirement when you log into Microsoft's services and are outside the university's fixed and wireless network.

This means that you need to authenticate yourself when working remotely and are using Microsoft services (such as email, SharePoint, OneDrive and Teams). If you are in the premises at Chalmers, you do not need to log in via MFA as this network is marked as trusted.

The easiest way to log into Microsofts services when working remotely is through a mobile app, Microsoft Authenticator. The app can be installed both on a mobile phone provided by your employer and on a private phone. For those who for some reason cannot use the app, an alternative using a physical security key (a so-called Yubikey). The key is suitable for Windows computers but has limited functionality on Mac computers. 

From June 19 2023, you have to be connected to the university network to be able to choose a method for verification and activate MFA. 

Guides for activating MFA for Microsoft

To activate MFA, you have to be in the university's premises and connected to the university network or, if you work remotely, be connected to VPN with MFA.

The installation is carried out in two steps on computer and mobile phone and takes about five to ten minutes:

  1. Install the Microsoft Authenticator app on your phone
  2. Connect the app to your GU-account in Microsoft
     

The guide below is also available as a pdf:

Activating Multi-factor Authentication (MFA) for Microsoft services

More information on how it works to install the physical security key (Yubikey) is found under "Install MFA with physical key to computer".

Contact Service Desk through the form below if you experience problems with starting up MFA: 

To form for help with activating

  • Step 1: Install Microsoft Authenticator on your phone
    1. Download and install the Microsoft Authenticator mobile app on your mobile phone (smartphone, private or work phone). 

      Please note!
      There are other apps with similar names and icons, so make sure that it is the Microsoft Authenticator app by Microsoft Corporation that you are installing (see image below from Play Store). 

      Install from the App Store on an Apple device.
      Install from the Play Store on an Android device.
       
    2. Image of the Microsoft Autenticator app when installing

    3. If requested, give the app access to the camera (to shoot QR codes) to Notifications (to send notifications regarding login attempts) and to Location (to identify the location of approvals).

     

  • Step 2: Connect the app to your GU-account in Microsoft

    You must now specify the settings for multi-factor authentication on your computer. 

    1. On your computer, go to the webpage below. If neccessary,  log in with your GU credentials:

      https://mysignins.microsoft.com/security-info

    2. Click on Add sign-in method.
       
    3. Select Add a method and select Authenticator app from the list that appear. 
      Image on how to choose authentication method
       
    4. The next step is a control question to verify that you have downloaded the Microsoft Authenticator app. Since you have already downloaded the app, you can click Next followed by Next again. A QR code will then be shown. 
      Image on installing the Microsoft Authenticator app
      Image on how to set up MFA account
      Image on how to scan QR code

    5. On your smartphone: Launch Microsoft Authenticator and select Next followed by Next again on the Set up your account dialog box.
      Select Scan QR Code if this option is available. If the QR code option is missing, click the + sign to add the account and select Work or school account followed by Scan QR Code. 
       
    6. Point the smartphone's camera (using the app) at the QR code on the computer screen to scan it. Your account will be added. Select Next
       
    7. A test will begin, and you will have to approve the login on your phone. Follow the instructions to approve the login. Select Next once the test is completed.

      Your account is now secured with MFA!

      Image on how to test Authenticator app
      Image on approved app test
  • Alternative method: Install MFA with physical key to computer

    The physical key (Yubikey) can be used by Windows users. On Mac, Yubikey cannot be used to authenticate to Microsoft's desktop apps (such as email) but only works when logging in via the web and only when using the Chrome browser. Mac users are therefore recommended to use Microsoft Authenticator for verification instead.

    Yubikey is connected to the computer when the login is to take place. The key entails a cost of approximately SEK 700 which is paid by the respective department/unit/etc. The head makes the decision about purchasing a Yubikey. 

    Yubikey is ordered in the purchasing system from the supplier Dustin. Choose one of the models:

    • Yubikey 5C NFC, article number: 5011198563 (USB-C)
    • Yubikey 5 NFC, article number: 5011108346 (USB-A)
    • Yubikey 5C, article number: 5011108350 (USB-C, small model)

    How to activate your Yubikey

    When you have received a Yubikey, you must identify yourself and activate your Yubikey. You identify yourself either by using BankID or Freja eID Plus, or by visiting a Servicecenter with a valid ID (this potion is possible from March 1, 2023). 

    To identify yourself and activate your Yubikey, follow the steps on the following page:

    Activate a Yubikey

  •  

    Questions and answers about MFA for Microsoft

  • Do I have to be physically at the university when I activate MFA?

    In order to register a device for MFA sign-in and ensure access to your email and other Microsoft 365 services, you need:

    • If you are on site, be connected to the university's fixed or wireless network.
    • If you work remotely be connected to VPN with MFA.
  • I am being asked to sign in with MFA even though I have not activated it yet. Why?

    You probably already have a multi-factor authentication method activated on your account (for example, on an old mobile phone or another authentication method). If that is the case, you need to delete the old method in order to start again. You do this by going to the link below and following the steps under "Resent multi-factor authentication on your Microsoft account":

    User ID management

    If you do not have another method activated from before, but it still does not work, please contact IT support. 

  • Questions about the Microsoft Authenticator app

    How do I approve login via Microsoft Authenticator?

    When you work remotely and want to log in to Microsoft's services, you will receive a message that the login must be approved via the app. You then need to enter a code and click on a button in the mobile app to approve the login.

    Are there any specific requirements regarding which model of mobile phone that is required to be able to install and use Microsoft Authenticator?

    The Microsoft Authenticator app currently requires at least the following operating system versions:

    • IOS version 14 (oldest compatible model of iPhone is 6s/6s Plus and iPhone SE)
    • Android version 8.0 (oldest compatible model of Samsung is Galaxy S7)

    Can I have the app installed on several phones?

    Yes, you can use it on several phones if you like. 

    What does the app need access to in my phone?

    In order for the app to work at its best, you need to allow access to location, to notifications and to the camera. 

    Can I have several accounts registered in Microsoft Authenticator, for example if I have two employers and use the app at both jobs?

    Yes, you can. 

    Which account should I use to create an AppleID and a Google Play account?

    Guidelines on this is found here:

    Mobile telephony - advice for apps on mobile phones

  • Questions about Yubikey

    Can I use a Yubikey that I already have?

    Yes. Just check that it is one of the approved models:

    • Yubikey 5C NFC, article number: 5011198563 (USB-C)
    • Yubikey 5 NFC, article number: 5011108346 (USB-A)
    • Yubikey 5C, article number: 5011108350 (USB-C, small model)

    Which browser should I use when activating my Yubikey?

    We recommend using the Chrome or Edge browsers.

    I cannot access the link to activate my Yubikey, what should I do?

    If you are outside the university network, you must be connected with  VPN in order to activate your Yubikey via the link Activate a Yubikey.

    Read more about connecting to VPN

    I have lost my Yubikey, what do I do?

    If you have lost your Yubikey, you need to get a new one and then activate it the same way you did with the previous one.

    I am about to quit my job, where do I leave my Yubikey?

    Give the Yubikey to your nearest head as it can be used by a new person.

  • How often do I have to approve login to Microsoft's services when working remotely?

    The session for the secure login lasts for up to 90 days and is present in the background every time you log in. Therefore, if you are using the same computer and browser, you will receive a call for MFA approximately every 90 days.

    In the beginning, when you have recently activated MFA, the call will come more often. If the system suspects risky behavior (you use different computers and are in several different places), the call may also come more often.

  • What do I have to do if I get a new phone?

    If you are using the Microsoft Authenticator app in your phone for multi-factor authentication, you need to install and activate the app in your new phone.

    The phone that you do no longer have access to also needs to be removed from Microsoft Authenticator. You do this by going to the link below and following the instructions.

    Manage multi-factor authentication on your Microsoft account

    Once your old phone has been removed, you register your new phone following the instructions in steps 1 and 2 of the guide further up on this page. 

  • Why am I unable to login to the email after activating MFA for Microsoft?

    The built-in email app on your Android or iPhone (the app with a mail icon instead of the Outlook icon) cannot handle the increased security measures that MFA requires. In order to access the email on the mobile phone, you should therefore instead install the Microsoft Outlook app, which is available in the Play store for Android and the App Store for iPhone.

    Instructions on how to add your email account to Microsoft Outlook on your phone is found here:

    Email in your phone

Film: aktivering steg för steg

Support for activating

Do you need help with activating MFA? 

To form for help with activating

Page Manager: IT|Last update: 8/21/2023
Share:

This page is printed from the following webpage:
https://medarbetarportalen.gu.se/it/user-account/multi-factor-authentication/?languageId=100001&skipSSOCheck=true
Print date: 2024-02-29

The University of Gothenburg uses cookies to provide you with the best possible user experience. By continuing on this website, you approve of our use of cookies.  What are cookies?