Multi-Factor Authentication (MFA)

Introduction

Brandon University provides Multi-Factor Authentication (MFA) for select services on campus. If you enroll in MFA, you will get added security on your user account. Enrolling in MFA also gets you a more progressive password policy applied to your user account.

We are leveraging DUO (duo.com) as our MFA provider. DUO allow us to configure your MFA experience several different ways. The recommended way it to utilize your smart phone as your second factor of authentication, you can also use SMS, landline, TouchID (MacBook Users Only), or a hardware token. There might be potential limitation if you are not using your smart phone for your second factor of authentication.

Services Protected By MFA

  • Exchange Webmail
  • VPN
  • Office 365
  • IRS
  • WordPress

Enrolling in MFA

  • Request to Enroll in Multi-Factor Authentication (MFA) at the Helpdesk.
    • Please specify what device you want to use for your second factor
      • Smart Phone (RECOMMENDED)
      • SMS
      • Landline
      • TouchID (MacBook Users Only)
      • Hardware Token
  • Once Helpdesk has enrolled your user account you will have a couple of options to get setup.
  • If you are using your Smart Phone, download the DUO Mobile app from the Apple App Store or the Google Play Store and then:
    • You will receive an email from the MFA provider (DUO).
    • Follow the steps in the email to complete the device enrollment.
  • OR
  • If you are using SMS, landline, or the hardware token the helpdesk will configure that for you at upon the enrollment request.
  • Once you have setup your device you are done and will start getting prompted for a MFA when using select services at BU.

 

Using MFA

When you are setup with MFA you will be prompted for your second factor of authentication when using any of the services that require multi-factor authentication.

There are several different authentication options when providing your second factor of authentication.

  • Smart phone/Mobile Push (RECOMMENDED)
    • When using the recommended smart phone application you will receive a notification to your phone during the authentication process.
    • You must select “Send me a Push” and then you can either approve or deny the authentication attempt. If you ever receive an authentication attempt that is not valid deny it and report it to the BU Helpdesk.
    • For more information visit the Duo Support Page for iOS or Andriod
  • SMS
    • If you are using the SMS option, you will receive a text message with a code when authenticating.
    • You must click “Enter Passcode” and then “Text me new codes
    • Enter the code you received on your via text message and click “Login
    • For more information go to the SMS Passcodes section of the Duo Phone Support Page
  • Hardware Token
    • If you are issued a hardware token you can use the numbers generated on the hardware token to login.
    • You must click “Enter Passcode” and the push the button on the hardware token.
    • Enter the code on the hardware token and click “Login“.
    • For more information go to the Hardware token Duo Support Page.
  • Landline
    • When using the landline option you will receive a phone call from Duo to authenticate.
    • You must click “Call Me“.
    • Pick up your phone and listen to the prompts.
    • For more information go to the Phone Call section of the Duo Phone Support Page.

FAQ

  • I lost my phone or hardware token what do I do?
    • Contact the Brandon University Helpdesk.
    • They can create you a bypass code that you can enter, until you retrieve your device, or they can set your user to bypass MFA for a limited amount of time.
  • I got a new phone, how do I transfer Duo to my new device?
    • Log into the DUO Device Management Portal.
    • Select “Device Options” beside the device your replaced.
    • Select “Reactivate Duo Mobile”.
    • Then follow the prompts to complete the reactivation of your new device.