Multi Factor Authentication

Multi-factor authentication (MFA) adds an additional layer of account security by requiring two or more pieces of information to gain access to our data and systems.

Register for your MFA

The University of Adelaide now requires multi-factor authentication for a range of applications. When you sign into University systems, you will continue to use your University username and password, as well as an additional authentication to verify your identity. This is done through a platform called Okta.

 

When you are in your Okta dashboard, be sure to go into settings and set your security image. Your security image will become your profile image for MFA. This image is another way for you to ensure you are typing your username and password into a legitimate platform.

 

You can read more about the changes and how to set MFA up in the tabs below.

Setting up MFA

    Expand
  • How do I set up or modify my MFA?

    You can set up and modify your MFA authentication options by going to: https://id.adelaide.edu.au 

    There are four identity verification options. The University recommends setting up two verification methods. If you would like further instructions open the MFA Self-Help Guide or watch the video below on how to set MFA up. 

    Here is a brief summary of the MFA options.

    1. OKTA Verify (recommended)

    This is currently the most secure verification option and once it is set up, is the easiest to use. When you log in to a University system that has MFA activated, your OKTA app will send a notification to your phone or smart watch. You simply need to confirm that it is you trying to access the system by tapping the notification.

    If you can't find Okta Verify in your app store or your mobile phone does not support it, you may want to set up Google Authenticator.

    2. Google Authenticator

    This option enables you to use the Google Authenticator app, in addition to other authentication tools such as Authy, Last Pass and OTP Manager (see a larger list in the dot points below). The Google Authenticator app displays a code that changes every 30 seconds. When prompted by Okta, you will need to enter the code that Google Authenticator is displaying, before it changes. If you do not have a mobile phone, the Google Authenticator can be set up on your computer desktop.  

    3. SMS Authentication

    When you log into a University system that has MFA activated, you will click “send SMS” to receive an SMS with a code. Type this code into Okta when prompted. (Note: there is a 5-minute expiry on SMS codes.)

    4. Voice Call Authentication

    This option could be used as a back up if you tend to leave your mobile at home, by setting up MFA for your landline phone in the office.

    When you log into a University system that has MFA activated, you will receive a phone call (to the number you nominated) with a voice telling you the code. Type this code into Okta when prompted. If you choose this option, you'll need to provide your mobile or landline phone number as the number you want called.

    Other options that you can consider:

    • If you do not have or would prefer not to use a mobile phone, then OTP Manager (One Time Password) may be the authentication tool for you. It is a desktop application that is accessible on both Windows and Mac computers. However, please note that this will not work with public or shared computers.
    • If you do not have a mobile phone and move around to different devices for work purposes, then you'll need to log a request via our Self-Service Portal to request a YubiKey. This is a USB type device that you would use to obtain the MFA code from.
      • (Note: If you already use a YubiKey to access your system, you can continue to use one, however you will need to log a request via our Self-Service Portal  to change replace your current YubiKey with one that is set up to use our OKTA MFA.)
    • You may already have an authenticator app such as Authy or Last Pass on your mobile device which you can also use with the Google Authenticator option in Okta. These are some of the authentication apps you could use
      • LastPass Authenticator
      • Microsoft Authenticator
      • Authy
      • OTP Manager
      • SecSign
      • GAuth Authenticator

     

    If you choose to use these apps, be mindful that the University support teams may not have experience with them.

    If you require further assistance to set up your MFA options you can either open the MFA Self-Help Guide or watch the video below.

    You only need to set up one authentication mode, but you may decide to set up more than one.

  • I don't have a phone to use, what are my options?

    One option is to use a YubiKey. If you already have one you will need to contact ITDS Service Desk and arrange for it to be seeded or to collect a new one. If you want to use a YubiKey, but don't have one, please contact the IT Service Desk to discuss your options and any additional costs that may be involved in purchasing a YubiKey.

    You can set up and use the OTP Manager (One Time Password) app on your computer. The app is accessible on both Windows and Mac computers through your web browser. For Windows users, go to: OTP Manager . For Mac users go to  MAC OTP Manager . If you are unsure of how to download an app to your computer, please watch the video below. Please note that this option is not available for use with shared or public computers.

    For further support in setting up the OTP Manager, watch the video below.

    If you require further assistance to set up your MFA options you can either open the MFA Self-Help Guide or watch the video below.

    You only need to set up one MFA method, but we recommend setting up a second option as a backup.

  • How can I register on my phone without using a QR code?

    You can register for MFA through your phone. This takes a little longer than if you were able to capture the image of the QR code with your phone, but it is still pretty quick.

    Okta Verify

    When setting up Okta Verify, you have the option to select 'No Barcode?' rather than scan the QR code. 

    1. Go to id.adelaide.edu.au
    2. Type in your University 'a' number and password
    3. Click 'Sign in'
    4. Under Okta Verify click 'Setup'
    5. Select the type of phone you have. If it is not an iPhone, select Android
    6. Click 'Next'
    7. Under the QR code click 'can't scan?'
    8. 'Send activation link via SMS' should be selected, so leave it there (unless you would prefer another option)
    9. Select 'Australia'
    10. Type in your mobile number, but leave the first '0' off as Okta has the +61 before you add your number
    11. Click Send
    12. Open the SMS message Okta has sent you and click on the link

    Google Authenticator

    When setting up Okta with Google Authenticator, you have the option to 'Enter a setup key' rather than scan a QR code.

    1. Go to id.adelaide.edu.au
    2. Type in your University 'a' number and password
    3. Click 'Sign in'
    4. Under Google Authenticator click 'Setup'
    5. Select the type of phone you have. If it is not an iPhone, select Android
    6. Click 'Next'
    7. Under the QR code click 'can't scan?'
    8. You will see the 'Secret Key Field'. You will need to copy (or write) this code somewhere (note you can not copy and paste it)
    9. Click 'Next'
    10. Go to your Google Authenticator app
    11. Click to 'add' a new account. This may be by pressing '+' in the bottom left
    12. Type in what you would like to name your account. For example UoA MFA
    13. Type in your secret key code in 'Your Key'
    14. Click 'Add'
    15. This will take you to your authentication list. Here is where you will find the 6 digit code for the account you just set up - for you to use in id.adelaide.edu.au 
    16. Go back to id.adelaide.edu.au
    17. Type in your 6 digit authenticator code
    18. Click 'Verify'

     

  • Why do I need to set up my security image for MFA?

    The security image is another way for you to ensure you are entering your username and password into a protected site. The next time you sign in on the same device, you'll see your chosen 'image' in the circle above your username.

    If you do not select your own security image, Okta will select one for you. We recommend you select your own image that you would be likely to remember as it serves as an additional identification tool for you when you are logging in through MFA. For example, if you select the bridge as your image, but when you go to log in next time you have a flower as your profile image, this lets you know that the platform you are being asked to log into is not legitimate. 

    To set up your security image go into your MFA dashboard at https://id.adelaide.edu.au. Click the drop-down arrow next to your name (top right corner). Select Settings and go to the security image section. Click Edit. Click on the image you want and click Save. To check that your image has been saved, as you sign in to id.adelaide.edu.au again your image will appear after you have typed in your username and clicked into the password field.

    When you change to a new internet browser or device, you may notice that your security image is not displayed the first time.

  • Will we need MFA for generic accounts and devices?

    Yes. If you are accessing a system with MFA, then you will need to set up your group authentication preference. There are rare situations around the University where a generic login may be shared on a specific device, or an account may be excluded from MFA If you are unsure or would like more information, please contact the ITDS Service Desk on the details at the bottom of this page.

    Team email accounts

    A work team may have a team email account set up. In this case, you would only need to set up MFA if you interactively login. i.e. if you have your generic / shared email account set up as a mailbox and accessed through outlook, you won't need to set up MFA for that account.

    Shared computer or system access

    For generic accounts, it maybe be best to set up the OTP Manager on the desktop through the Google Authenticator MFA option.

    Another option would be if the generic account is accessed from one computer with a desk phone nearby, that you set up Call Authentication with the landline number.

    Or, you could copy the QR code for Okta Verify or Google Authenticator and have all users set up the one generic account in their own individual authenticator tools using the same QR image.

    Or, you could use Google Authenticator select ‘can't scan’ and store the secure key code with each member of your team. You would all set up a new account in your individual authenticator tool using the same secure key. This is also handy for when new people join the team, or new devices are added by using the secure key.

    What should we do if someone with generic access leaves the University?

    Any time a member of the generic account moves on, the password, QR code or secure key should be changed and updated by all users.

    If you require further support or advice on setting up generic accounts with MFA, please contact the ITDS Service Desk on the details at the bottom of this page, or log a request via our Self-Service Portal.

  • Can I change my MFA notification preference?

    Yes, you can change the way you authenticate for MFA. You'll just need to go into Okta and update your authentication preference and details.

    You can log into: https://id.adelaide.edu.au. Click on the dropdown arrow next to your name, click on settings, edit the either remove or add your authentication modes.

  • Why do I receive MFA emails?

    When you first register your MFA authentication options you will receive an email for each authentication option you set up. An email may also be sent to you if you log in on a new device (or use a different internet browser). 

    Initially, this might feel a little frustrating, but the emails serve as another validation tool for you. For example, if you receive an email saying that one of your authentication options had been updated or that you have logged in on a different device, but it wasn’t you, then it serves as a notification that someone that shouldn’t be is trying to access your account and you can respond to that by contacting ITDS Service Desk.

  • Can I register multiple mobile phone numbers?

    At this stage, you can only register one phone number per authentication option. If you want to use more than one phone number, you could consider setting up SMS with one number and Voice Call with the other.

  • What is the best MFA option if I struggle to use technology?

    Some of the authentication methods do change pretty quickly, so if you struggle to use technology quickly, this is the order of verification options we recommend you:

    1. Set up the Okta Verify app on your personal phone. This way you only need to click to say you are accessing the system.

    2. The SMS code will send an SMS to your phone (like your banks might do) and lasts for around 5 minutes.

    3. The Voice Call repeats the number twice, and it means you can listen to the call while looking at your computer to type in the code.

    4. Google Authenticator app. These options tend to have a 30 second time out on the code, which can make it tricky to use quickly.

  • Can I use my own YubiKey?

    You are welcome to use your own YubiKey for the purpose of MFA at the University. Not all YubiKeys are suitable for our MFA, but you can contact the ITDS Service Desk to identify if your is, and to arrange a time to have it seeded.

    If you do not have a YubiKey, and believe that all of the other authentication modes are not suitable for your work or learning environment. Please contact the ITDS Service Desk to assess your suitability for using a Univeristy owned key, or purchasing your own.

  • Do I have to use MFA?

    If you access University systems that require Multi-Factor Authentication, then you will need to use it.

    This applies to any Staff, Student, or Visitor that requires access to the systems with MFA turned on. Initially, only key systems will have the MFA process added, but the plan is that all university systems should have it activated in the near future.

    If you or your team utilises a system and you would like MFA activated for it, please log a request via our Self-Service Portal.  

  • How often will I need to authenticate through MFA/Okta?

    If you only use one device, then you should only be required to authenticate with MFA every 90 days. However, there are some exceptions to this rule such as:

    • Using a different web browser to access a system
    • Using a different device, eg mobile phone, tablet, laptop, browser, desktop computer, etc
    • Signing in from a location where it would have been impossible for you to travel to that place since your last log in
    • If you clear the cache on your web browser 

    Some of the systems that you use also have their own rules for needing to sign in again. For example with Office 365 they have their own expiry times which may require you to log in again with your user name and password and MFA. The O365 times are:

    • Web Clients (e.g. Outlook Web Access): 6 Hours
    • Desktop Clients (e.g. Outlook 2019, Teams): 90 days
    • Office Pro Plus License Check: 30 days

More about MFA

    Expand
  • What is the benefit of MFA?

    In today's environment, we are constantly faced with cyber criminals attempting to gain access to our systems and data. Adding MFA to access the University systems and data adds an additional layer of security to protect our personal and sensitive data. 

    To access our technology systems at the University that have MFA activated you will first login with your university ID and password and then, depending on your choice of notification, use your second authentication mode.

    To learn more about the benefits of MFA and single-sign in at the University you can watch this short video:

  • What systems will have MFA set up?

    It is anticipated that all University systems will be integrated with MFA. The list below identifies core systems that have been identified in the short-term. Other systems not on this list will be added. This may be in response to a request from the system owner or as an IT security risk is identified.

    • Jira 
    • Confluence 
    • Trello 
    • Blue Pulse - Elections Software 
    • TextMagic - SMS platform 
    • Cherwell 
    • Adobe Cloud 
    • Adapt - 
    • VPN - 
    • Office 365 
    • Enrol Me - 
    • MyUni / Echo360 
    • Gmail
    • PeopleSoft Finance
    • UoA Library Systems 
    • CCSP
    • Admissions @ Adelaide

    Still to come

    • PeopleSoft HR
    • PeopleSoft CS
    • Zoom
    • Box
    • Oracle CRM
    • UoA Research Systems

    And many more!

    If you have governance over a system that we manage within the University and would like MFA added to it for additional cyber protection, please log a request via our Self-Service Portal. Over time access to all University systems will require Multi-Factor Authentication.

  • What if we're adding a new IT system?

    Our technology team will continue to integrate systems with MFA. 

    If you are adding a new system within your team, please contact the ITDS Service Desk and discuss the need for it to be integrated with MFA. This will ensure we are following the recommended guidelines to protect our data and systems at the University.

  • How does MFA align with our strategic plan?

    Future Making, states that; “The University of Adelaide will realise its purpose as a catalyst of knowledge creation and innovation, as an engine of social advancement, and as an active participant in the local, national and global economy”.

    Cutting edge technology is critical for the university to be active participants in the local, national and global economy. We need our Information Technology (IT) infrastructure to be secure and robust. This will ensure the university is seen as reliable partners in collaboration of research and education by being highly capable of protecting internal systems and data in fields of innovation and social advancement. 

    To further this resolve, the ITDS Technology Strategy, ‘Digital Future’, states that; “Knowledge and the flow of information are key to what a university does – and while wisdom and ideas are powered by people, the processes, technology and information need to be in place to support our vital work”.

    The security of information is critical for the personal privacy of university staff and students, safeguarding learning and teaching content, fortifying student results and exam papers, in addition to protecting the research data that is so valuable to our research community. 

    The Chief Operating Officer (COO), has been tasked with:
    • Enhancing technology capabilities to support the delivery of improved learning, teaching and research outcomes and a contemporary digital experience for staff and students.
    • Ensuring the ongoing security, stability, reliability of core IT infrastructure and systems. 

    For the COO to achieve this it is imperative that the current best practice solutions in technology security are fully implemented, maintained, and where required updated. MFA will support us in maintaining the integrity of the university technology systems and information.


Troubleshooting with MFA

    Expand
  • What do I do if I am locked out of Okta?

    After 10 incorrect attempts, you will be locked out of MFA for 15 minutes. 

    If you require urgent access, please contact the ITDS Service Desk on ph 08 8313 3000, or the Ask Adelaide team, who will unlock your account.

  • I left my mobile phone at home, what can I do?

    If you have set your MFA up to remember you and you are using the same device (computer) in the same way you always do, it is possible that you won't need to authenticate.

    MFA is currently set up to only require authentication each 90 days or require authentication if your behaviour (the way you access the UoA systems) has changed.

    If you need to authenticate, you will need to contact the ITDS Service Desk on 08 8313 3000, or the Ask Adelaide team for further support.

  • What happens if I change my phone number?

    If you are changing your SIM card or phone number (not your phone), and you have the Okta Verify App, you can continue to use the Okta Verify App on your phone.

    But, if you have set up SMS or Voice Call Authentication, you will need to update your authentication. Please note that you will need to have access to your old phone number to be able to do this.

    1. Log into your MFA profile at id.adelaide.edu.au, click settings and edit. You will be prompted to verify your identity though MFA.

    2. Once verified, click Remove for the authentication with your old phone number.

    3. Click Set-up for SMS and Call Authentication to re-authenticate with your new number

    4. Set up a second authentication method as a backup

    If you do not have access to your old phone number, or are unable to reset your authentication for your new phone number, you will need to contact the ITDS Service Desk to reset your authentication options. Please contact ITDS Service Desk for further support. 

  • What happens if I change my phone?

    If you have set up SMS or Voice Call Authentication, you will can continue to use this method with your new phone.

    However, if you have Okta Verify or Google Authenticate, you may need to update your authentication. Please note that you will need to have access to your old phone to be able to do this.

    1. Log into your MFA profile at id.adelaide.edu.au, click settings and edit. You will be prompted to verify your identity though MFA.

    2. Once verified, click Remove for the authentication linked to your old phone.  

    3. Download the Okta Verify or Google Authenticate app onto your new phone.

    4. Click Set-up for Okta Verify or Google Authenticate to re-authenticate with your new phone.

    If you do not have access to your old phone or are unable to reset your authentication for your new phone, you will need to contact the ITDS Service Desk to reset your authentication options. Please contact ITDS Service Desk for further support. 

  • I accidentally deleted my MFA App. What should I do?

    If you accidentally deleted your Okta Verify app or your Google Authenticator app and don't have SMS or Voice Call authentication setup, you will need to contact the ITDS Service Desk to reset your authentication options. Please contact ITDS Service Desk for further support. 

  • Can I still access UoA systems from overseas?

    You can, provided that you have set your MFA Authentication options up to support overseas access. For example, if you have set up Okta Verify for your MFA Authentication, then you'll need to ensure you have internet access on your mobile device to acknowledge that it is you logging into the system.


Things to know about MFA and our systems

    Expand
  • MFA and Jira, Confluence, and Trello

    In September 2020, Jira, Confluence, and Trello were integrated with MFA.

    These systems tend to have a 30-day sign-in policy, which means you may need to re-authenticate with MFA every 30 days. 

    Trello users will need to continue to sign in to Trello using your current university email with your name rather than your 'a' number (firstname.lastname@adelaide.edu.au). But the MFA log in will still require you to use your 'a' number as your username. 

  • MFA and Office 365

    Office 365 is a cloud-based version of Microsoft applications including Word.

    If you currently use any of the Office 365 applications through the University's license agreement, then as you sign in with your University username and password that you will occasionally need to authenticate through our MFA platform, Okta.

    Saved link not working

    If you have an old link saved to access your outlook for Office 365, try using this link: http://outlook.office365.com 

    Use of IMAP

    If you have set up your own IMAP for your Office 365 products and are having issues accessing your emails, you may find it works if you re-add your account.

    Regular authentication required

    If you are needing to re-authenticate each time you log in to a university system, this may be because you have your cache set to clear your browsing history.

    Office 365 has its own rules for needing to sign in again. For example, with Office 365;

    • Web Clients (e.g. Outlook Web Access): 6 Hours
    • Desktop Clients (e.g. Outlook 2019, Teams): 90 days
    • Office Pro Plus License Check: 30 days

    There are multiple session times for Microsoft 365 services - which may mean that you need to reauthenticate through MFA more often than every 90 days. If you would like to know more about this, you could visit:

  • MFA and ADAPT

    ADAPT is a tool that allows staff and students to access University systems and data even when we are not on campus. ADAPT can be accessed via a web browser or through the Citrix client. Adding MFA to ADAPT will increase cyber protection for our University community.

    Be Patient: When using ADAPT, especially for the first time, you may need to wait a couple of minutes for your information to be loaded into your ADAPT window. 

    MFA is set up with ADAPT to only require the second authentication mode every 90 days, however, there are some exceptions to this rule. For example:

    • If you change device or use a different internet browser
    • You may find that after 30 minutes of inactivity in ADAPT that to open something new, you will need to reauthenticate. This may be because the cache is set up to clear as your session times out. But if you already have a document or system open, even after the timeout, you can continue using them
  • MyUni and Echo360

    The most commonly reported issue with MFA and MyUni (canvas), is when you are trying to swap between your usual account and your Student View (SV) account.

    It is important to note that you will need to set your student view (SV) number up with its own MFA account. Your University account will be treated as a separate account from your Student View one. For example, if you update the password for your SV account, your other University accounts password won't be updated. 

    If you are having issues switching between the two accounts, we recommend trying these options:

    • Using a different web browser
    • Open a private tab in the same web browser
    • Using a Firefox Multi-Account Container (or similar for Chrome)
    • Clear the Cache and then try logging in 

    If none of these options work for you, contact the ITDS Service Desk for further support.

Further support

For further support with Multi-Factor Authentication contact:

  • Staff and Students - ITDS Service desk (see the contact details and links below)
  • Students – In addition to contacting the ITDS Service desk, students have the option to contact Ask Adelaide by phone, email or in person.
  •