Multi Factor Authentication

Multi-factor authentication (MFA) adds an additional layer of account security by requiring two or more pieces of information to gain access to our data and systems.

Click here to register for your MFA


In the coming months, all our core University systems will be upgraded to support MFA.

When you sign in to University systems, you will continue to use your University username and password, but the second piece of evidence (factor) will occur through a platform called Okta. This second piece of evidence is to verify your identity. Okta works similarly to other MFA processes you may already use when accessing services such as MyGov and online banking. 

To set up your MFA options visit: https://id.adelaide.edu.au. If the systems that you use have not been linked to MFA yet, they will not appear on your dashboard. If you have not done so yet, when you are in your dashboard, be sure to go into settings and set your security image. Your security image will become your profile image for MFA. This image is another way for you to ensure you are typing your username and password into a legitimate platform. 

You can read more about the changes and how to set MFA up in the tabs below.

Setting up MFA

    Expand
  • How do I set up or modify my MFA?

    You can set up and modify your MFA authentication options by going to: https://id.adelaide.edu.au 

    There are 4 key MFA options. If you would like further instructions open the MFA Self-Help Guide or watch the video below on how to set MFA up. 

    Here is a brief summary of the MFA options.

    1. OKTA Verify (recommended)

    This is currently the most secure MFA option and once it is set up, is the easiest to use. You can download the Okta Verify app from google play or the Apple app store. Follow the steps in Okta Verify to register the University. If you choose this option, when you log in to a University system that has MFA activated, your OKTA app will send you a notification. You simply need to confirm that it is you trying to access the system.

    If you can't find Okta Verify in your app store or your mobile phone does not support it, you may want to set up Google Authenticator.

    2. Google Authenticator

    This option enables you to use the Google Authenticator app, in addition to other authentication tools such as Authy, Last Pass and OTP Manager (see a larger list in the dot points below). When you open the Google Authenticator app on your mobile device, add UoA to your list by scanning the QR code. When you log into a UoA system with MFA, type in the code from the Authenticator tool for your UoA account. Note: the code generally lasts for around 30 seconds and then changes. 

    3. SMS Authentication

    If you choose this option, you'll need to provide your mobile phone number. When you log into a University system that has MFA activated, you will receive an SMS with a code. Type this code into the device where you are trying to access the system. Note: there is a 5-minute expiry on SMS codes.

    4. Voice Call Authentication

    This option could be used as a back up if you tend to leave your mobile at home, by setting up MFA for your landline phone in the office.

    If you choose this option, you'll need to provide your mobile or landline phone number as the number you want called. When you log into a University system that has MFA activated, you will receive a phone call (to the number you nominated) with a voice telling you the code. You will need to type this code into the device where you are trying to access the system. 

     

    Other options that you can consider:

    • If you do not have or would prefer not to use a mobile phone, then OTP Manager (One Time Password) may be the authentication tool for you. It is a desktop application that is accessible on both Windows and Mac computers. However, you would choose this option if you solely work from the one computer, or will have it with you when you using other devices.
    • If you do not have a mobile phone and move around to different devices for work purposes, then you'll need to log a request via our Self-Service Portal to request a YubiKey. This is a USB type device that you would use to obtain the MFA code from.
    • You may already have an authenticator app such as Authy or Last Pass on your mobile device which you can also use in the Google Authenticator option.
    • If you already use a YubiKey to access your system, you can continue to use one. You'll need to log a request via our Self-Service Portal to change replace your current YubiKey with one that is set up to use our OKTA MFA.
    • These are some authentication apps you could use in the Google Authenticator option that you may already have:

      • Okta Mobile App
      • Google Authenticator
      • LastPass Authenticator
      • Microsoft Authenticator
      • Authy
      • Duo
      • OTP Manager
      • SecSign
      • GAuth Authenticator

    If you choose to use these apps be mindful that the University support teams may not have experience with them.

     

    If you require further assistance to set up your MFA options you can either open the MFA Self-Help Guide or watch the video below.

    You only need to set up one authentication mode, but you may decide to set up more than one.

  • How can I register on my phone without using a QR code?

    You can register for MFA through your phone. This takes a little longer than if you were able to capture the image of the QR code with your phone, but it is still pretty quick.

    Okta Verify

    When setting up Okta Verify, you have the option to select 'No Barcode?' rather than scan the QR code. 

    1. Go to id.adelaide.edu.au
    2. Type in your University 'a' number and password
    3. Click 'Sign in'
    4. Under Okta Verify click 'Setup'
    5. Select the type of phone you have. If it is not an iPhone, select Android
    6. Click 'Next'
    7. Under the QR code click 'can't scan?'
    8. 'Send activation link via SMS' should be selected, so leave it there (unless you would prefer another option)
    9. Select 'Australia'
    10. Type in your mobile number, but leave the first '0' off as Okta has the +61 before you add your number
    11. Click Send
    12. Open the SMS message Okta has sent you and click on the link

    Google Authenticator

    When setting up Okta with Google Authenticator, you have the option to 'Enter a setup key' rather than scan a QR code.

    1. Go to id.adelaide.edu.au
    2. Type in your University 'a' number and password
    3. Click 'Sign in'
    4. Under Google Authenticator click 'Setup'
    5. Select the type of phone you have. If it is not an iPhone, select Android
    6. Click 'Next'
    7. Under the QR code click 'can't scan?'
    8. You will see the 'Secret Key Field'. You will need to copy (or write) this code somewhere (note you can not copy and paste it)
    9. Click 'Next'
    10. Go to your Google Authenticator app
    11. Click to 'add' a new account. This may be by pressing '+' in the bottom left
    12. Type in what you would like to name your account. For example UoA MFA
    13. Type in your secret key code in 'Your Key'
    14. Click 'Add'
    15. This will take you to your authentication list. Here is where you will find the 6 digit code for the account you just set up - for you to use in id.adelaide.edu.au 
    16. Go back to id.adelaide.edu.au
    17. Type in your 6 digit authenticator code
    18. Click 'Verify'

     

  • How can I set up the OTP Manager?

    It is easier if you do have a mobile phone to use MFA authentication. But if you do not have or would prefer not to use a mobile phone, then you can open the OTP Manager (One Time Password) app on your computer. The app is accessible on both Windows and Mac computers through your web browser. For Windows users, go to: OTP Manager. For Mac users go to  MAC OTP Manager. If you are unsure of how to download an app to your computer, watch the video below.

    Another option is to use a YubiKey. If you already have one you will need to contact ITDS Service Desk and arrange for it to be seeded or to collect a new one. If you want to use a YubiKey, but don't have one, please contact the IT Service Desk to discuss your options and any additional costs that may be involved in purchasing a YubiKey.

    For further support in setting up the OTP Manager, you can watch this video:

  • Why do I need to set up my security image for MFA?

    The security image is another way for you to ensure you are entering your username and password into a protected site. The next time you sign in on the same device, you'll see your chosen 'image' in the circle above your username.

    If you do not select your own security image, Okta will select one for you. We recommend you select your own image that you would be likely to remember as it serves as an additional identification tool for you when you are logging in through MFA. For example, if you select the bridge as your image, but when you go to log in next time you have a flower as your profile image, this lets you know that the platform you are being asked to log into is not legitimate. 

    To set up your security image go into your MFA dashboard at https://id.adelaide.edu.au. Click the drop-down arrow next to your name (top right corner). Select Settings and go to the security image section. Click Edit. Click on the image you want and click Save. To check that your image has been saved, as you sign in to id.adelaide.edu.au again your image will appear after you have typed in your user name and clicked into the password field.

    When you change to a new internet browser or device, you may notice that your security image is not displayed the first time.

  • Will we need MFA for Generic Logins and Devices?

    Yes. If you are accessing a system with MFA, then you will need to set up your group authentication preference. There are rare situations around the University where a generic login may be shared on a specific device.

    Team email accounts

    A work team may have a team email account set up. In this case, you would only need to set up MFA if you interactively login. i.e. if you have your generic / shared email account set up in your personal work outlook account and are just accessing the generic / shared email as a mailbox and accessed through outlook, you won't need to set up MFA for that account.

    Shared computer or system access

    For generic accounts, it maybe be best to set up the OTP Manager on the desktop through the Google Authenticator MFA option.

    Another option would be if the generic account is accessed from one computer with a desk phone nearby, that you set up Call Authentication with the landline number.

    Or, you could copy the QR code for Okta Verify or Google Authenticator and have all users set up the one generic account in their own individual authenticator tools using the same QR image.

    Or, you could use Google Authenticator select ‘cant scan’ and store the secure key code with each member of your team. You would all set up a new account in your individual authenticator tool using the same secure key. This is also handy for when new people join the team, or new devices are added by using the secure key.

     

    What should we do if someone with generic access leaves the University?

    Any time a member of the generic account moves on, the password, QR code or secure key should be changed and updated by all users.

    If you require further support or advice on setting up generic accounts with MFA, please contact the ITDS Service Desk on the details at the bottom of this page, or log a request via our Self-Service Portal.

  • Can I change my MFA notification preference?

    Yes, you can change the way you authenticate for MFA. You'll just need to go into Okta and update your authentication preference and details.

    You can log into: https://id.adelaide.edu.au. Click on the dropdown arrow next to your name, click on settings and either remove or add your authentication modes.

  • As a course designer - do I need MFA for Student View in MyUni?

    Yes, you will. You will need to set your SV number up with its own authentication.

  • Why do I receive MFA emails?

    When you first register your MFA authentication options you will receive an email for each authentication option you set up. An email may also be sent to you if you log in on a new device (or use a different internet browser). Initially, this might feel a little frustrating, but the emails serve as another validation tool for you. For example, if you receive an email saying that one of your authentication options had been updated or that you have logged in on a different device, but it wasn’t you, then it serves as a notification that someone that shouldn’t be is trying to access your account and you can respond to that by contacting ITDS Service Desk.

  • Can I register multiple mobile phone numbers?

    At this stage, you can only register one phone number per authentication option. If you want to use more than one phone number, you could consider setting up SMS with one number and Voice Call with the other.

  • What is the best MFA option if I struggle to use technology quickly?

    Some of the authentication methods do change pretty quickly, so if you struggle to use technology quickly, this is the order of verification options we recommend you:

    1. Set up the Okta Verify app on your personal phone. This way you only need to click to say you are accessing the system.

    2. The SMS code lasts for around 5 minutes.

    3. The Voice Call repeats the number twice, and it means you can listen to the call while looking at your computer to type in the code.

    4. Google Authenticator app. These options tend to have a 30 second time out on the code, which can make it tricky to use quickly.

  • Why are there no systems in my dashboard?

    If you register for MFA prior to any of the systems you use being integrated, then you will not have the option to click on a system to access it from your MFA dashboard page. You will notice that this will change quite quickly as new systems are added.

  • Can I use my own YubiKey?

    You are welcome to use your own YubiKey for the purpose of MFA at the University. Not all YubiKeys are suitable for our MFA, but you can contact the ITDS Service Desk to identify if your is, and to arrange a time to have it seeded.

    If you do not have a YubiKey, and believe that all of the other authentication modes are not suitable for your work or learning environment. Please contact the ITDS Service Desk to assess your suitability for using a Univeristy owned key, or purchasing your own.

 

More about MFA

    Expand
  • What is the benefit of MFA?

    In today's environment, we are constantly faced with cyber criminals attempting to gain access to our systems and data. Adding MFA to access the University systems and data adds an additional layer of security to protect our personal and sensitive data. 

    To access our technology systems at the University that have MFA activated you will first login with your university ID and password and then, depending on your choice of notification, use your second authentication mode.

    To learn more about the benefits of MFA and single-sign in at the University you can watch this short video:

  • What systems will have MFA set up?

    It is anticipated that all University systems will be integrated with MFA. The list below identifies core systems that have been identified in the short-term. Other systems not on this list will be added. This may be in response to a request from the system owner or as an IT security risk is identified.

    October / November 2020

    • Jira 
    • Confluence 
    • Trello 
    • Blue Pulse - Elections Software ✔
    • TextMagic - SMS platform ✔
    • Cherwell ✔
    • Adobe Cloud ✔
    • Adapt -
    • VPN - coming soon
    • Office 365
    • Enrol Me - coming soon
    • PeopleSoft HR
    • PeopleSoft CS
    • PeopleSoft Finance - in progress

    January 2021

    • MyUni / Echo360
    • Gmail
    • UoA Library Systems - in progress

    If you have governance over a system that we manage within the University and would like MFA added to it for additional cyber protection, please log a request via our Self-Service Portal. Over time access to all University systems will require Multi-Factor Authentication.

  • Do I have to use MFA?

    If you access University systems that require Multi-Factor Authentication, then you will need to use it.

    This applies to any Staff, Student, or Visitor that requires access to the systems with MFA turned on. Initially, only key systems will have the MFA process added, but the plan is that all university systems should have it activated in the near future.

    If you or your team utilises a system and you would like MFA activated for it, please log a request via our Self-Service Portal.  

  • How often will I need to authenticate through MFA / Okta?

    If you only use one device, then you should only be required to authenticate with MFA every 90 days. However, there are some exceptions to this rule such as:

    • Using a different web browser to access a system
    • Using a different device, eg mobile phone, tablet, laptop, browser, desktop computer, etc
    • Signing in from a location where it would have been impossible for you to travel to that place since your last log in
    • If you clear the cache on your web browser 

    Some of the systems that you use also have their own rules for needing to sign in again. For example with Office 365 they have their own expiry times which may require you to log in again with your user name and password and MFA. The O365 times are:

    • Web Clients (e.g. Outlook Web Access): 6 Hours
    • Desktop Clients (e.g. Outlook 2019, Teams): 90 days
    • Office Pro Plus License Check: 30 days

     We should also note that your MFA session has a lifetime of 25 hours. 

  • How does MFA align with our strategic plan?

    Future Making, states that; “The University of Adelaide will realise its purpose as a catalyst of knowledge creation and innovation, as an engine of social advancement, and as an active participant in the local, national and global economy”. Cutting edge technology is critical for the university to be active participants in the local, national and global economy. We need our Information Technology (IT) infrastructure to be secure and robust. This will ensure the university is seen as reliable partners in collaboration of research and education by being highly capable of protecting internal systems and data in fields of innovation and social advancement. 

    To further this resolve, the ITDS Technology Strategy, ‘Digital Future’, states that; “Knowledge and the flow of information are key to what a university does – and while wisdom and ideas are powered by people, the processes, technology and information need to be in place to support our vital work”. The security of information is critical for the personal privacy of university staff and students, safeguarding learning and teaching content, fortifying student results and exam papers, in addition to protecting the research data that is so valuable to our research community. 

    The Chief Operating Officer (COO), has been tasked with:
    • Enhancing technology capabilities to support the delivery of improved learning, teaching and research outcomes and a contemporary digital experience for staff and students.
    • Ensuring the ongoing security, stability, reliability of core IT infrastructure and systems. 

    For the COO to achieve this it is imperative that the current best practice solutions in technology security are fully implemented, maintained, and where required updated. MFA will support us in maintaining the integrity of the university technology systems and information.

 

Troubleshooting with MFA

    Expand
  • What do I do if I am locked out of Okta?

    After 10 incorrect attempts, you will be locked out of MFA for 15 minutes. If you require urgent access, please contact the IT Service Desk on ph 08 8313 3000 who are able to unlock your account once you provide enough identification evidence.

    If you are a student, you can also visit Ask Adelaide for further support.

  • I set MFA up on my mobile, but forgot to bring it. Now what?

    Obviously having your phone with you would make logging in much smoother. There are a few options to consider here. They are:

    1. If you have set your MFA up to remember you and you are using the same device (computer) in the same way you always do, it is likely that you won't need to authenticate. MFA is currently set up to only require authentication within 90 days or require authentication if your behaviour (the way you access the UoA systems) has changed.

    2. If you need to authenticate, try logging into https://id.adelaide.edu.au and setting up or re-setting your Google Authenticator with an app such as OTP Manager on your computer or register Voice Call Authentication for a local phone.

    3. If these options don't work, contact ITDS Service Desk for further support.

  • What happens if I change my phone number?

    If you are simply changing your SIM card or phone number, you can still use the Okta Verify App on your phone.

    But, if you have a new phone number and have set up SMS or Voice Call Authentication, you may be able to update your authentication by using your computer and following these steps:

    1. If you have set your MFA up to remember you and you are using the same device (computer) in the same way you always do, it is likely that you won't need to authenticate. MFA is currently set up to only require authentication within 90 days or require authentication if your behaviour (the way you access the UoA systems) has changed.

    2. Log into your MFA profile at id.adelaide.edu.au and click Remove for the authentication with your old phone number

    3. Click Set-up for SMS and Call Authentication to re-authenticate with your new number

    If you are unable to reset your authentication for your new phone number, contact ITDS Service Desk for further support. 

  • I accidentally deleted my MFA App. What should I do?

    If you accidentally deleted your Okta Verify app or your Google Authenticator app and don't have SMS or Voice Call authentication setup, you may need to contact the ITDS Service Desk to reset your authentication options. They will need you to identify who you are.

    But first, you could try and log into your usual computer and go to, id.adelaide.edu.au. If you can sign in to this account, click on the drop-down arrow next to your name (top right corner) click on settings. Scroll down and Remove the MFA app, then reset your preferred authentication option. You may choose to re-install the authentication app on your mobile phone.

    To avoid situations like this in the future, you may want to register more than one authentication option.

    For further support with this, you can contact the ITDS Service Desk

  • Can I still access UoA systems from overseas?

    You can, provided that you have set your MFA Authentication options up to support overseas access. For example, if you have set up Okta Verify for your MFA Authentication, then you'll need to ensure you have internet access on your mobile device to acknowledge that it is you logging into the system.

 

Things to know about MFA and our systems

    Expand
  • MFA and Jira, Confluence and Trello

    In September 2020, Jira, Confluence and Trello were integrated with MFA. These systems tend to have a 30-day sign-in policy, which means you may need to reauthenticate with MFA every 30 days. 

    Trello users will need to continue to sign in to Trello using your current university email with your name rather than your 'a' number (firstname.lastname@adelaide.edu.au). But the MFA log in will still require you to use your 'a' number as your username. 

  • MFA and Office 365

    Office 365 is a cloud-based version of Microsoft applications including Word.

    If you currently use any of the Office 365 applications through the University's license agreement, then as you sign in with your University username and password that you will occasionally need to authenticate through our MFA platform, Okta.

    Saved link not working

    If you have an old link saved to access your outlook for Office 365, try using this link: http://outlook.office365.com

    Use of IMAP

    If you have set up your own IMAP for your Office 365 products and are having issues accessing your emails, you may find it works if you re-add your account.

    Regular authentication required

      If you are needing to re-authenticate each time you log in to a university system, this may be because you have your cache set to clear your browsing history.

      Office 365 has it's own rules for needing to sign in again. For example with Office 365;

      • Web Clients (e.g. Outlook Web Access): 6 Hours
      • Desktop Clients (e.g. Outlook 2019, Teams): 90 days
      • Office Pro Plus License Check: 30 days

      There are multiple session times for Microsoft 365 services - which may mean that you need to reauthenticate through MFA more often than every 90 days. If you would like to know more about this, you could visit:

    • Can I use the Duo App?

      You can choose to use the Duo Mobile app as you currently do for cisco. However, when you set Okta Verify up, you will see how simple it is to use and you may want to consider moving to that. 

      If you access the VPN using the Duo app, you may be interested to know that VPN will be moving to this Okta second authentication method, which would mean that using the Okta Verify App will make the transition smoother.

    • MFA and ADAPT

      ADAPT is a tool that allows staff and students to access University systems and data even when we are not on campus. ADAPT can be accessed via a web browser or through the Citrix client. Adding MFA to ADAPT will increase cyber protection for our University community.

      Be Patient: When using ADAPT, especially for the first time, you may need to wait a couple of minutes for your information to be loaded into your ADAPT window. 

      MFA is set up with ADAPT to only require the second authentication mode every 90 days, however, there are some exceptions to this rule. For example:

      • If you change device or use a different internet browser
      • You may find that after 30 minutes of inactivity in ADAPT that to open something new, you will need to reauthenticate. This may be because the cache is set up to clear as your session times out. But if you already have a document or system open, even after the timeout, you can continue using them

      If you use a Citrix client and are having issues in accessing the University information, you may be able to resolve the issue by un-installing your current account in your workspace and reinstalling your account. If you are unsure on how to do this, a series of guides have been created to assist to suit different device needs. These guides will be maintained on our ADAPT webpage and in the Self Help Guides.

      Sound / microphone within ADAPT

      If you are finding that your microphone is not working in the apps such as Teams or Jabber while using ADAPT, one of the sound settings you can check is:

      1. Login to ADAPT and then into the Staff Desktop.
      2. In the Staff Desktop open the start menu.
      3. Open the settings menu.
      4. Click on the "Privacy" option.
      5. Click on the "Microphone" tab.
      6. Enable "Allow apps to access your microphone".

    Further Support

    For further support with Multi-Factor Authentication contact: