Body
What is MFA?
Multi-factor Authentication (MFA) is an authentication method that requires users to provide two or more verification methods to prove that the person attempting to sign in is truly the owner of the account so they can access Norwich University resources. MFA is a core component of a strong identity and access management (IAM) policy. Instead of only asking for a username and password, MFA requires multiple verification factors, which decreases the likelihood of successful phishing and cyber-attacks. MFA is a minor inconvenience versus the alternative of cyber-attacks like ransomware.
Why is MFA Important?
MFA provides additional security beyond just a username and password. Usernames and passwords are susceptible to brute force attacks that steal information and resources from you or Norwich. Using MFA, we can decrease the likelihood of cyber-attacks and keep Norwich University systems, Personally Identifiable Information (PII), financial resources, and you safe. MFA is just one of many vital resources in cybersecurity at Norwich University.
How Does MFA Work?
MFA works by requiring additional verification information (factors). One of the most common MFA factors is a one-time password (OTP). OTPs are those 4-8 digit codes often received via email, text message, or mobile app. With OTPs, Microsoft generates new codes periodically or each time an authentication request is submitted. As the name implies, the code generated can only be used once and is invalid after a set amount of time if not used immediately. When you sign in using your username and password, the system will prompt you to provide another authentication method. In some cases, you can tell the system to remember you for a set amount of time, decreasing the number of times you have to provide MFA.
Examples of MFA:
- Knowledge: Something you know, like a username and password or OTPs (OTPs can fall under knowledge and possession since phone apps can generate OTPs)
- Possession: Something you have, like a secondary email, cellphone, desk phone, physical MFA token, or mobile Authenticator app
- Inherence: Something physical about you or biometrics, like a fingerprint, retinal scan, or facial recognition
Now that we’ve gone over the importance of MFA, we can detail how to set up and utilize MFA.
MFA at Norwich University
There are two ways to set up MFA at Norwich:
- Microsoft Authenticator app on your phone or tablet - The login window will ask for a code. You would then open the Authenticator app on your phone or tablet and use your fingerprint or passcode to enter the app. Then select your Norwich account, and the code will show in the app, along with how much time you have to use that code.
Starting in January of 2023 Norwich University IT will allow only the use of an Authenticator app or hardware token.
- Hardware tokens: A hardware token is issued on a case-by-case basis and must be requested by opening a ticket. All requests are subject to approval by the Vice President for Information Technology and the Information Security team. Hardware tokens are only available for Norwich University employees.
Most of our systems utilize Microsoft for our SIngle-Sign On provider, who also provides our MFA. In September of 2020, we rolled out the setup of MFA to all Norwich users, so if you are a new employee or student, you will need to set up MFA the first time you log in. If you are an existing employee or student, you should already have this setup. If you do not have any alternate methods set up, you can follow the directions below to complete the process.
You can also watch this video for a full guide on how to set up your MFA methods:
If the video goes too fast, click the settings gear in the video window and then click "Playback speed." You can adjust it to go slower by choosing one of the numbers below 0, like ".75" or ".5" You can also pause and rewind the video if necessary.
Steps 1-9 will be the same no matter which method you want to use. When you have completed steps 1-9, you can decide which method(s) you wish to have available to you. You can set up more than one MFA, and in fact, multiple MFAs will help you if you don’t have access to your preferred MFA method when attempting to log in.
Steps 1-9 should be done on a computer!
- Open a browser and go to http://sso.norwich.edu
Note: You should bookmark this link to ensure that if we ever change SSO providers, your bookmarks will always be correct
- A Microsoft-branded window will prompt you to enter your email. Make sure you are using your Norwich email address, like this: jsmith1@norwich.edu
- Then select Next
- The window should change to a Norwich-branded window and will ask you to enter your password
- Enter your Norwich password
- Select Sign in
- The system will direct you to a screen asking for more information.
- Click Next
- The system will then direct you to a page prompting you to download the Microsoft Authenticator application to your mobile device.
Note: If Norwich has provided you with an iPad, we have already pushed the app to your iPad, so you do not need to download the app.
From here, you can choose which method(s) to set up:
Using the Authenticator app
Please note: Other Authenticator Apps may work, but only the Microsoft Authenticator is supported by Norwich University.
You can also follow this video guide to set up the authenticator app:
If the video goes too fast, click the settings gear in the video window and then click "Playback speed." You can adjust it to go slower by choosing one of the numbers below 0, like ".75" or ".5" You can also pause and rewind the video if necessary.5
Note: You MUST carry out the instructions from the previous section on a device OTHER than the device you are setting the app up for since you will need to scan a QR code with the device that will have the app installed.
Note: If Norwich has provided you with an iPad, we have already pushed the app to your iPad, so you do not need to download the app.
NOTE: DO NOT SIGN INTO THE AUTHENTICATOR APP.
You want to add a Work or School Account and then scan QR.
- At this point, you should see this screen. Click Next to continue
k
- The page will bring you to the screen shown below. Click Next to continue
You will then see a QR code in your browser window ON YOUR COMPUTER'S browser window. Do not scan this image in this article.
- Locate and open the Microsoft Authenticator app on your phone or tablet
- Use your fingerprint or passcode to unlock the app
- Click Add Account
- Click continue when you see this screen
- Click Other to bring up the QR reader
NOTE: DO NOT SIGN INTO THE AUTHENTICATOR APP!
This will not sign you in all the way. Please use the Other account type as the instructions explain to do!
- Scan the QR code showing ON YOUR COMPUTER'S browser window with your phone or tablet. Do not scan this image in this article.
- You should now see your Norwich account and the code generator
Click this link if you need instructions on how to remove an account from the authenticator app if the account is not providing you with a code
Phish-Resistant Number Matching Multi-Factor Authentication
NOTICE: PHONE NUMBER AND SMS AUTHENTICATION ARE NO LONGER OFFERED AS A SUPPORTED MFA AS OF JANUARY 01, 2023.
If you lose access to your default MFA method and are locked out of your account, contact the Help Desk at 802-485-2456 to verify your identity and we can help you recover your account and help set up new methods.
ITS highly suggest adding multiple authentication methods to remedy this problem. Follow the directions in the next section to do this once you have access to your account.
Add, verify, edit and delete MFA methods
NOTICE: PHONE NUMBER AND SMS AUTHENTICATION WILL NO LONGER BE OFFERED IN THE NEAR FUTURE (JANUARY 2023 OR EARLIER)
You can add multiple MFA methods to your account. This action can help you if you have to factory reset your phone, get a new phone, or are you don’t have access to your other methods for whatever reason. The first MFA method you set up will be your default method. Though, if you lose access to your default method, you can opt to use another method if you have one set up.
Follow the steps below to add more MFA methods to your account
- Log in to the SSO dashboard at http://sso.norwich.edu
- Click your profile avatar in the top right of the screen
- Click View Account
- Click Update Info in the Security Info box
- The system may ask you to sign in again; please do so. If you are prompted to enter an MFA code and you do not have access to your current methods, call the Help Desk at 802-485-2456 so that we can assist you.
- Once the security info page loads, you will see any MFA methods you have set up where you can edit, verify, delete, or add more methods.
- To add more methods, click Add Method
- A drop-down window will appear where you can select a new method to add.
- Choose a method and then click Add
From here, you can follow the directions linked below for adding different methods. Skip to steps 3 for each to find instructions that will be very similar to what you will experience.
Please note: security questions are
NOT used as MFA methods.
Security questions can only be used for the self-service password reset process
If you only have security questions setup, you
MUST add more methods to your account
3. At this point, you should see this screen. Click "I want to set up a different method" to continue
4. A window will open with a drop-down box. Click the drop-down and select Email
5. When the window below loads, select and enter answers for the questions. Click Done when finished
6. You can click done to complete the process
Click this link if you need instructions on how to remove an account from the authenticator app
If you run into any issues setting any of this up, contact the Help Desk at 802-485-2456 or email helpdesk@norwich.edu to create a ticket in our ticketing system.