How to SetupMulti-Factor

Authentication

Center for Information Technology,Ibaraki Univ.

(last update 20200610)

1. Multi-Factor Authentication Flow

2

EnterID,PW

(3) Authenticated successfully.

(1) Authentication by your usual ID,PW (2) Auth. by another factor (one of (a),(b),(c) )

Pick up the phone

(c) Phone call

Press the #(sharp) button.

(b) SMS

Receive the code via SMS

Enter the code

(a) smartphone app

Check the codein the app.

Enter the code

About Multi-Factor Authentication (MFA)

3

The following services require MFA for off-campus access.

1. MS Office365 Web Service2. MS Office desktop application (Office installed on a PC, etc.)3. Educational Information Portal System (DreamCampus)4. Researcher Information System (Faculty Data Registration Page)5. Services using the "Gaku-Nin" (e-journals, Shibosuke, etc.)6. ALC

II. Preparation1. Decide which verification method to use for MFA.

4

Verification Method

What you must do at the authentication

Smartphone app

Enter the code (numbers) displayed in the app into the authentication dialog.You need to install the Authenticator app.

SMS Enter the code (numbers) received by SMS (short message) on your smartphone or mobile phone into the authentication dialog.

Phone call Receive call on your registered smartphone, mobile phone, or landline. Follow the voice guidance and press # button lastly.

Install Microsoft Authenticator App (free).

Be sure the app will have the icon shown on the left.

Install the app from the official site.Android：Google Play iPhone : App Store

2-1. If you choose to use a smartphone or tablet app.

5

2-2. If you choose to use SMS or phone call.Get your smart phone, cell phone or landline ready.

2. Prepare devices for MFA

3. Notes when setting up MFA

1. Please set it up from the off-campus network.(See page 27 for instructions on how to set it up on-campus.)

2. Be sure to use your PC to set up MFA.

3. If you are using Office365, sign out and restart your web browser before setting up MFA. Alternatively, use the Private Browsing feature.

4. Depending on the Windows default settings, you may not be able to start setting up MFA. If your phone number was registered already, please contact CIT.

6

4. Notes when you choose SMS as a verification method

1. Depending on your carrier's settings, you may not receive SMS messages. Check your phone's call blocking setting. Depending on the carrier, the call blocking setting may be enabled as a countermeasure against unwanted SMS.

2. There may be a time lag until the SMS arrives.

7

III. Setting up MFA

1. Access to Office365Access the CIT web page and click the Office365 button.

8

XXXXX@vc.ibaraki.ac.jp

2. Normal password authenticationIf you are not asked for password and the mail screen appears, check page 6.

The setup procedure depends on your choosing method for MFA.Please go to the appropriate settings page.

9

1. If you choose to use the app

2. If you choose to use SMS or phone call

Go to page 10.

Go to page 19.

Authenticate method using MFA is explained on page 24.

10

The following are the steps to set up MFAwhen using smartphone appas a verification method.

4. Select a verification method4-1. Select "Mobile app" in "Step 1".4-2. Click "Set up".

11

If you are asked for MFA by phone (see below) after step 2, instead of the one on the left, please contact CIT.

3. You will see a dialog that says, "More information required". Click "Next".

12

5. Linking the App and Auth. ID 6. Operation of the Authenticator app6-1. Click "Add Account".6-2. Select "Work or School Account".

App screenApp screen

on PCQR code is shown on the PC

sample

13

5-1. Scan the QR code

read this parton the PC screen with the app.

6-3. Scan the QR code

App screen

on PC

The app changes into QR code reading screen. Align the frame with the QR code on the PC screen.

Once your phone is ready to read,scan the QR code on the PC screen.

sample

14

5-2. Next settingWhen the code (number) appears on the app screen, click "Next" on the PC screen.

If you can't see "Next" button, hold down the Ctrl key and press the - (minus) key once or twice to shrink the screen, then it will become visible.

App screen

6-4. Check the app is working properly.Make sure that the Auth. ID and code (numbers) is displayed in the app.

on PCAuth. IDXXX@vc.ibaraki.ac.jp

Code (numbers)

Note: The configuration is not yet complete.

Next

"Next" is around here.

sample

15

7. Click "Contact me".

on PC

16

8. Enter Verification Password8-1. Enter the code (numbers) displayed in the app into the PC screen.8-2. Click "Verify" on the PC screen.

App Screen

on PC

The numbers in the app change every 30 seconds.If it changes, the old numbers are no longer valid.

257924

8. Registration of a fallback verification method8-1 Select your country or region and enter your phone number8-2 Click on "Done".

17

You have now set up MFA.

18

See page 24 to find an explanation of how to authenticate using MFA.

Follow these instructions to verify that MFA has been set up correctly.

19

The following are the steps to set up MFAusing SMS or phone callas a verification method.

Flow of multi-factor authenticationReceiving a code via SMS:

On the authentication dialog, select "Send code by text message" and click "Next". A code is sent to your registered phone by SMS. Enter the code on the auth. dialog.

Receiving a phone call:On the authentication dialog, select "Call me" and click "Next". A call will be made to your registered phone. Follow the voice guidance and press # button at the end.Note: If you register a home (work) landline phone, you will not be able to authenticate outside of your home (work) location.

20

If you are asked for MFA by phone (see below) after step 2, instead of the one on the left, please contact us.

3. Click "Next" to go to the phone number registration screen.

4. Register your phone number4-1. Select "Authentication phone" in "Step 1". Select your country or region

and register your phone number.4-2. Select the verification method in "Method".

Choose to receive a code by text message or receive a phone call.4-3. Click "Next".

21

4-1

4-2

5. Confirmation of registration5-1. When you select SMS

22

5-2. When you select a phone call:

If you do not receive SMS, check for a wrong phone number or call blocking.A code (numbers) is sent to your registered phone by SMS.

Enter the code on the dialog. Click "Verify".

A call will be made to your registered phone. Follow the voice guidance and press # button at the end.

23

That's all you have to do.

The following pages explain how to authenticate using MFA off campus.

Follow these instructions to verify that MFA has been set up correctly.

IV. Auth by MFA

24Note: MFA does not apply when used from within the campus.

2. Password authentication as usualIf you are not asked for password and the mail screen appears, check page 6.1. Access to Office365

Access the CIT web page and click the Office365 button.

24

XXXXX@vc.ibaraki.ac.jp

3. Auth with another verification method.If you useSmartphone app. : Enter the code on the app into the auth dialog on PC.SMS : Enter the code sent via SMS into the auth dialog on PC.Phone call: Pick up the phone, follow the voice guidance and press # button.

25Note: MFA does not apply when used from within the campus.

Once you authenticate over the phone, you can proceed.

App Screen on PCon PC

The numbers on the app change every 30 seconds. If it changes, the old numbers are no longer valid.

4. Retain MFA status for 30 days.If you check "Don't ask again for 30 days", MFA is not required on this device for the next 30 days.

26Note: Do not check the box on a device used by anyone other than yourself.

27

5. How to try out MFA on campus

Connect to the Wi-Fi with the SSID "eduroam" in an area where you can connect to campus Wi-Fi and then access Office365.

6. How to check or change your registration information

By accessing the following URL, you can change or delete devices registered for MFA, check or change your phone number.

https://account.activedirectory.windowsazure.com/Proofup.aspx