How to: Use Microsoft multifactor authentication (MFA)


Introduction

When you attempt to sign in to some IT services at Texas Tech University, you may be prompted for Microsoft multifactor authentication (MFA). Before you can use MFA, you must set up at least one MFA method. After that, when signing in, you may choose one of your MFA options for verification using the steps below. The steps below presume that you have already set up MFA.

NOTE: Some screens may appear slightly different, depending on your operating system and the browser used.

Instructions

1) Attempt to access a service that requires Microsoft MFA.

2) Type your TechMail address and click Next.

example screenshot

3) Type your eRaider password and click Sign in.

example screenshot

4) Decide which of your options you wish to use as a second factor for authenticating.

NOTE: Security keys are not currently compatible with the TTUnet VPN service.

A: Security key, USB

i) Insert your security key.

example screenshot

ii) Type the PIN for your security key. Then, press Enter/return or click the appropriate button to proceed.

example screenshot

iii) Use any of your fingers to touch the security key on the metal plate.

photo of security key being touched with a finger

example screenshot

B: Security key, NFC (wireless)

i) Choose the "Security key" option and tap Continue.

example screenshot

ii) Bring the security key near the top of your phone.

TIP: You may view a video example of this on the Yubico website at https://www.yubico.com/products/ease-of-use/?wvideo=2fxi0f4wvk.

example screenshot

iii) Type the PIN for the security key and tap Continue.

example screenshot

iv) Bring the security key near the top of your phone again.

example screenshot

C: Microsoft Authenticator app

i) Note the code displayed.

example screenshot

ii) On your mobile device, open the Microsoft Authenticator app.

example screenshot

iii) Tap your TTU account.

example screenshot

iv) In the authenticator app, type the code displayed on the sign-in screen that you noted earlier. Then, tap Yes.

example screenshot

D: One-time code from authenticator app, hardware token, one-time password (OTP) generator, etc.

i) Click "I can't use my Microsoft Authenticator app right now".

NOTE: Tap this even if you intend to use the Authenticator app to get a one-time passcode.

example screenshot

ii) Click Use a verification code.

example screenshot

iii) Note the code displayed in your authenticator app or token.

example screenshot  example screenshot

iv) Type the code that was displayed in your authenticator app or on your token. Then, click Verify.

example screenshot

E: Text message or phone call

i) Click "I can't use my Microsoft Authenticator app right now".

example screenshot

ii) If you want to receive a text message with a one-time code, click Text. For a phone call, click Call.

example screenshot

iii) View your text messages and note the code that you received. If you chose the phone option, answer the phone and listen to the code being read to you.

example screenshot

iv) Type the code that you received via text message or phone call. Then, click Verify.

example screenshot

5) When asked whether you want to stay signed in, choose your preference.

example screenshot


OUTCOME

You have successfully authenticated and can access the desired service at Texas Tech University.