Multi-factor Authentication

What is multi-factor authentication?

Multi-factor authentication is a security protection for accounts that requires users to present two or more pieces of information before being granted access to services. Modern authentication factors include:

1. Something you know (password),
2. Something you have (phone/app), and
3. Something you are (biometrics).

Employees have traditionally used their username and password (single-factor) to authenticate to College systems. When moving to Office 365, the College will require employees accessing email and Office 365 from personal systems, to provide their username, password, and approval from another device (something they have).

How do I enroll my phone?

The Microsoft Authenticator app takes a few more steps to setup, but offers the easiest user experience. Once setup, the first authentication from a personal device will trigger a prompt in the app. Employees simply need to tap "Approve" in the app to proceed with the login.

Configure the App

It is easiest to enroll from a computer with your smartphone handy.

1. Download the Microsoft Authenticator app from the Apple Apple App Store or Google Play.
2. Go to www.stlcc.edu/mfasetup and sign in with your STLCC email address and password.
3. You will be greeted with a "More information required" message. Click "Next.
4. On the "Additional security verification" page, choose "Mobile app" under Step 1, and select "Receive notifications for verification."
   
5. Click "Set up." You will see a QR code displayed on the screen along with instructions.
   
6. On your smartphone, open the blue Microsoft Authenticator app.
   
7. Tap "Add account" (or the "plus" sign at the upper right if you have done this before).
8. Choose "Work or school account."
   
9. Scan the QR code with the app.
10. Wait for the enrollment to complete. Once completed, the "Next" button on the page should turn blue. Click the "Next" button.
11. You will receive a request to validate the login on your phone. Approve it. If you do not see the notification, from the app, pull down on the screen with your finger to refresh notifications. Approve the request.
    
12. You will be now move to "Step 3": set up a backup method. Leave the drop-down box set to "authentication phone". Choose the United States (+1) country code, and enter the personal phone number you would like to use as your backup method.
13. Click "Done".
14. Test your setup: Close your previous browser window, and open a new one. Go to www.stlcc.edu/mfasetup. You will be prompted to approve the sign-in on your phone and your MFA options will be displayed.
    

Please contact the Help Desk with questions or issues.

How do I enroll my phone?

SMS/Text messaging is quicker to setup, but the Microsoft Authenticator app offers the easiest user experience. Once setup, the first authentication from a personal device will trigger a prompt in the app. Employees simply need to tap "Approve" in the app to proceed with the login. Text/SMS notifications require employees a code sent via SMS/text messaging to complete login.

Configure SMS/Text Approval

It is easiest to enroll from a computer with your cellphone handy.

1. Go to www.stlcc.edu/mfasetup and sign in with your STLCC email address and password.
2. You will be greeted with a "More information required" message. Click "Next.
3. On the "Additional security verification" page, choose "Authentication phone" under Step 1, then select “Send me a code by text message.” Choose the appropriate country code and enter your cell phone number. Click the “Next” button to begin verification.
   
   
4. You will receive a text message with a code. Enter the code on the next screen and click the blue “Verify” button.
   
5. You will receive a message that the verification was successful. Click “Done” and close the browser window.
   
6. Test your MFA setup. Open up a new browser window and go to www.stlcc.edu/mfasetup. You will be prompted for a code. Enter the code you received on your cell phone.
   
7. Verify your setup and configure a backup phone.
   
8. You are now finished setting up MFA.
   Please contact the Help Desk with questions or issues.

Frequently Asked Questions

What will this affect?

Multi-factor authentication will only be enabled for employee email and Office 365 access from personal systems. Employee email and Office 365 access from the College will not be impacted.

How does it work?

When employees log in from an unrecognized system or device, Office 365 will request approval for the login on the enrolled phone.

Why are we doing this?

Multi-factor authentication protects accounts from being accessed by unauthorized individuals in the event that account information becomes compromised.

Accounts are usually compromised because of:

• Phishing attacks
• Third-party service breaches where employees use the College email address and same password

Will I have to approve every login on a personal device?

No. If you trust the device when you log in, your approval is good for 30 days.

Do I have to use a smartphone?

No. You can use text messaging or voice calls as well. We do recommend using the app since it is more convenient and less disruptive.

How long does it take to set up?

It takes about 3-4 minutes.

Can I use a different authenticator app (like Google Authenticator)?

No. The Microsoft Authenticator app is the only app that works at this time.

Can I use my email app?

STLCC IT only supports email clients that are able to use "modern" authentication protocols and multi-factor authentication. A support matrix is listed below.