About MFA

Multi-factor Authentication (MFA) is used in cloud-based applications to keep WPI data secure.

The MFA feature is a two-factor authentication process which ensures the security of your account by verifying your login through a personal device.

Upon logging in to your WPI account, if you have not done so already, you will be asked to set up MFA. It is required to access all resources that use Self-Service Password Reset or Microsoft Single Sign-On, including, but not limited to, Outlook, Canvas, OneDrive, and Zoom. You will need to complete MFA Setup within fourteen (14) days of first accessing your WPI account.

The Microsoft Authenticator app is the only form of MFA that WPI supports. The application can be found in the Google Play or Apple App Store on your mobile device and the icon for the app can be seen in the image below.

Microsoft Authenticator Icon

  • Configure the Microsoft Authenticator App
    Logging into WPI while Overseas
    This method is required to use MFA while traveling internationally. It should be setup on a device that will be used during travel. While overseas, you will need access to a good wi-fi connection in order to use the app and log into your WPI accounts.

    You will need your mobile device and a computer to configure the Microsoft Authenticator app. On your mobile device, click Install the Microsoft Authenticator App (Actions). Choose to get the app for iOS devices on the App Store or Android devices on Google Play.

    If prompted to allow notifications and/or access to the phone camera (needed to scan QR code), please click OK or Allow.

    On your mobile device:

    1. Download the Microsoft Authenticator App. 
    2. Once downloaded, launch the app.
    3. Add your WPI email account.
    4. Select School account.
    5. On your phone, you will be prompted to scan a QR code.
    Only Select Authenticator App
    The Authenticator App is the only form of MFA that WPI supports. Please ignore the other options on the Add a method page.  

    On your computer:

    • Click Update and Define Verification Methods (Actions) or if on the first time login prompt page, press the Next button
    • Press the Add sign-in method button and select Authenticator App
    • Follow the prompts by pressing Next
    • Use your mobile phone to scan the QR code on the prompt page
    Microsoft Authenticator QR Code prompt page. QR Code highlighted.

    Continue through the prompts by pressing Next. A test authentication will be sent to your phone. Match the numbers you're provided and confirm with Yes.

    When you login to a WPI resource requiring MFA, a number will be displayed. Type that number into the Authenticator app to complete the approval.

    Left: Approve sign in on login screen displays a number. Right: Authenticator app requires you to enter the number shown to sign in.

  • Remove Other MFA Options

    After adding the Microsoft Authenticator App, it is important that you remove any other options that you may have set up. If you have removed these options prior to setting up the Authenticator application, please contact the IT Service Desk. These will be phased out in the near future because there is a potential for account compromise.

    1. Click Update and Define Verification Methods (Actions).

    2. For Security Info, only keep Microsoft Authenticator Push multi-factor authentication (MFA).  For all other options click Delete to the right of the item , then press OK. A window will appear confirming the deletion.

    3. Repeat for all items until only Microsoft Authenticator Push multi-factor authentication (MFA) remains.

    4. Click profile in upper right and choose Sign out.

  • MFA First Time Login

    When you visit any site that uses Microsoft Single Sign-On, or if you navigate to Update and Define Verification Methods (in Actions menu), you will be prompted to set up your Authentication Method:  

    Prompt for First Time Setup: Keep your account secure through the Microsoft Authenticator App.

    The Microsoft Authenticator App for WPI is set to use Number Matching. This is currently the most secure MFA option, designed to combat MFA fatigue and prevent accidental approvals and attacks where users are bombarded with approval requests.  

    This 1-minute video demonstrates what MFA fatigue looks like. You can skip the long introduction and start at 0:17 to see the MFA fatigue attack demo.

  • Process for Logging in with MFA

    In this two-step process:

    1. You log into the web application using your WPI username and password.

    2. You are asked for an additional verification, which is a numerical code that you receive. 

    A new numerical code is generated each time an authentication request is submitted. After verification, you will be granted access to the application. It is vital that you carefully look at the verification username to ensure it is truly your login being authenticated.

    Unexpected Notifications from Authenticator App
    If you receive a push notification on your Microsoft Authenticator app and you didn't try to log in a few seconds ago, then select No it's not me.