How to: Use Microsoft multifactor authentication (MFA)


Introduction

When you attempt to sign in to some IT services at Texas Tech University, you may be prompted for Microsoft multifactor authentication (MFA). Before you can use MFA, you must set up at least one MFA method. After that, when signing in, you may choose one of your MFA options for verification using the steps below. The steps below presume that you have already set up MFA.

NOTE: Some screens may appear slightly different, depending on your operating system and the browser used.

Instructions

  1. Attempt to access a service that requires Microsoft MFA.

  2. Type your TechMail address and click Next.

    The TTU email is filled out to sign in and Next is highlighted to be selected

  3. Type your eRaider password and click Sign in.

    The password is filled out and the next button is highlighted to be selected

  4. Decide which of your options you want to use as a second factor for authenticating.

    A: Security key, USB
    1. Insert your security key.

      Pop-up that reads, "Making sure it's you. Insert your security key into the USB port."

    2. Type the PIN for your security key. Then, press Enter/return or click the appropriate button to proceed.

      Pop-up reads, "Making sure it's you" with the PIN field and "OK" button highlighted

    3. Use any of your fingers to touch the security key on the metal plate.

      Photo of security key being touched with a finger

      Pop-up reads, "Making sure it's you. Touch your security key."

    B: Security key, NFC (wireless)
    1. Choose the "Security key" option and tap Continue.

      "Sign In" pop-up in iPhone with "Security key" option and "Continue" button selected

    2. Bring the security key near the top of your phone.

      TIP: You may view a video example of this on the Yubico website.


      Pop-up reads, "Use Security Key. To continue with 'login.microsoft.com', insert and activate you security key. If you have an NFC key, bring it near the top of this iPhone."

    3. Type the PIN for the security key and tap Continue.

      Pop-up reads, "Use Security Key. Enter the PIN to unlock your security key." with PIN field and "Continue" button selected

    4. Bring the security key near the top of your phone again.

      Pop-up reads, "Use Security Key. To continue with 'login.microsoft.com', insert and activate you security key. If you have an NFC key, bring it near the top of this iPhone."

    C: Microsoft Authenticator app
    1. Note the code displayed.

      Microsoft screen reads, "Approve sign in request. Open your Authenticator app, and enter the number shown to sign in." with number below highlighted

    2. On your mobile device, open the Microsoft Authenticator app.

      iPhone home screen with Authenticator app selected

    3. Tap your TTU account.

      Authenticator app screen with TechMail account selected in a list of accounts

    4. In the authenticator app, type the code displayed on the sign-in screen that you noted earlier. Then, tap Yes.

      Pop-up reads, "Are you trying to sign in?" with number field and "Yes" button highlighted

    D: One-time code from authenticator app, hardware token, one-time password (OTP) generator, etc.
    1. Click "I can't use my Microsoft Authenticator app right now".

      NOTE: Tap this even if you intend to use the Authenticator app to get a one-time passcode.

      Microsoft screen reads, "Approve sign in request" with option at the bottom, "I can't use my Microsoft Authenticator app right now", selected

    2. Click Use a verification code.

      "Verify your identity" menu with "Use a verification code" option selected

    3. Note the code displayed in your authenticator app or token.

      Authenticator app screen with TechMail account selected in a list of accounts  TechMail account page with example "One-time password code" highlighted

    4. Type the code that was displayed in your authenticator app or on your token. Then, click Verify.

      Microsoft sign in page titled, "Enter code" with entry field and "Verify" button highlighted

    E: Text message or phone call
    1. Click "I can't use my Microsoft Authenticator app right now".

      Microsoft screen reads, "Approve sign in request" with option at the bottom, "I can't use my Microsoft Authenticator app right now", selected

    2. If you want to receive a text message with a one-time code, click Text. For a phone call, click Call.

      "Verify your identity" menu with "Text" option highlighted

    3. View your text messages and note the code that you received. If you chose the phone option, answer the phone and listen to the code being read to you.

      Text message reads, "Use verification code 123456 for Microsoft authentication." with code highlighted

    4. Type the code that you received via text message or phone call. Then, click Verify.

      Microsoft sign in page titled, "Enter code" with entry field and "Verify" button highlighted


  5. When asked whether you want to stay signed in, choose your preference.

    Microsoft asks if you want to stay signed in

Outcome

You have successfully authenticated and can access the desired service at Texas Tech University.