About MFA
Multi-factor Authentication (MFA) is used in cloud-based applications to keep WPI data secure.
The MFA feature is a two-factor authentication process which ensures the security of your account by verifying your login through a personal device.
Upon logging in to your WPI account, if you have not done so already, you will be asked to set up MFA. It is required to access all resources that use Self-Service Password Reset or Microsoft Single Sign-On, including, but not limited to, Outlook, Canvas, OneDrive, and Zoom. You will need to complete MFA Setup within fourteen (14) days of first accessing your WPI account.
The Microsoft Authenticator app is the only form of MFA that WPI supports. The application can be found in the Google Play or Apple App Store on your mobile device and the icon for the app can be seen in the image below.
-
Configure the Microsoft Authenticator App
Logging into WPI while OverseasYou will need your mobile device and a computer to configure the Microsoft Authenticator app. On your mobile device, click Install the Microsoft Authenticator App (Actions). Choose to get the app for iOS devices on the App Store or Android devices on Google Play.
If prompted to allow notifications and/or access to the phone camera (needed to scan QR code), please click OK or Allow.
On your mobile device:
- Download the Microsoft Authenticator App.
- Once downloaded, launch the app.
- Add your WPI email account.
- Select School account.
- On your phone, you will be prompted to scan a QR code.
Only Select Authenticator AppOn your computer:
- Click Update and Define Verification Methods (Actions) or if on the first time login prompt page, press the Next button
- Press the Add sign-in method button and select Authenticator App
- Follow the prompts by pressing Next
- Use your mobile phone to scan the QR code on the prompt page
Microsoft Authenticator QR Code prompt page. QR Code highlighted. Continue through the prompts by pressing Next. A test authentication will be sent to your phone. Match the numbers you're provided and confirm with Yes.
When you login to a WPI resource requiring MFA, a number will be displayed. Type that number into the Authenticator app to complete the approval.
Left: Approve sign in on login screen displays a number. Right: Authenticator app requires you to enter the number shown to sign in.
-
Remove Other MFA Options
After adding the Microsoft Authenticator App, it is important that you remove any other options that you may have set up. If you have removed these options prior to setting up the Authenticator application, please contact the IT Service Desk. These will be phased out in the near future because there is a potential for account compromise.
1. Click Update and Define Verification Methods (Actions).
2. For Security Info, only keep Microsoft Authenticator Push multi-factor authentication (MFA). For all other options click Delete to the right of the item , then press OK. A window will appear confirming the deletion.
3. Repeat for all items until only Microsoft Authenticator Push multi-factor authentication (MFA) remains.
4. Click profile in upper right and choose Sign out.
-
MFA First Time Login
When you visit any site that uses Microsoft Single Sign-On, or if you navigate to Update and Define Verification Methods (in Actions menu), you will be prompted to set up your Authentication Method:
Prompt for First Time Setup: Keep your account secure through the Microsoft Authenticator App. The Microsoft Authenticator App for WPI is set to use Number Matching. This is currently the most secure MFA option, designed to combat MFA fatigue and prevent accidental approvals and attacks where users are bombarded with approval requests.
This 1-minute video demonstrates what MFA fatigue looks like. You can skip the long introduction and start at 0:17 to see the MFA fatigue attack demo.
-
Process for Logging in with MFA
In this two-step process:
1. You log into the web application using your WPI username and password.
2. You are asked for an additional verification, which is a numerical code that you receive.
A new numerical code is generated each time an authentication request is submitted. After verification, you will be granted access to the application. It is vital that you carefully look at the verification username to ensure it is truly your login being authenticated.
Unexpected Notifications from Authenticator App
-
Issues with Configuring the Microsoft Authenticator App
If you experience errors or are unable to configure or use the Microsoft Authenticator App, please use Get Support to contact IT for assistance.