Multi-factor Authentication

Multi-factor Authentication Explained


To protect student and employee data, the College is requiring all employees to enroll a phone with the College to enable multi-factor authentication through Microsoft Office 365. Once a phone is enrolled, employees will have an extra layer of security when accessing Office 365 from non-College systems.

 

What is multi-factor authentication?

Multi-factor authentication is a security protection for accounts that requires users to present two or more pieces of information before being granted access to services. Modern authentication factors include:

  1. Something you know (password),
  2. Something you have (phone/app), and
  3. Something you are (biometrics).

Employees have traditionally used their username and password (single-factor) to authenticate to College systems. When moving to Office 365, the College will require employees accessing email and Office 365 from personal systems, to provide their username, password, and approval from another device (something they have).

How do I enroll my phone?

The Microsoft Authenticator app takes a few more steps to setup, but offers the easiest user experience. Once setup, the first authentication from a personal device will trigger a prompt in the app. Employees simply need to tap "Approve" in the app to proceed with the login.

Configure the App

It is easiest to enroll from a computer with your smartphone handy.

  1. Download the Microsoft Authenticator app from the Apple Apple App Store or Google Play.
  2. Go to www.stlcc.edu/mfasetup and sign in with your STLCC email address and password.
  3. You will be greeted with a "More information required" message. Click "Next.
  4. On the "Additional security verification" page, choose "Mobile app" under Step 1, and select "Receive notifications for verification."
    Additional security verification page
  5. Click "Set up." You will see a QR code displayed on the screen along with instructions.
    QR Code to setup Authenticator App
  6. On your smartphone, open the blue Microsoft Authenticator app.
    Microsoft Authenticator App Icon
  7. Tap "Add account" (or the "plus" sign at the upper right if you have done this before).
  8. Choose "Work or school account."
    MS Authenticator Account Type
  9. Scan the QR code with the app.
  10. Wait for the enrollment to complete. Once completed, the "Next" button on the page should turn blue. Click the "Next" button.
  11. You will receive a request to validate the login on your phone. Approve it. If you do not see the notification, from the app, pull down on the screen with your finger to refresh notifications. Approve the request.
    Authenticator App Approval
  12. You will be now move to "Step 3": set up a backup method. Leave the drop-down box set to "authentication phone". Choose the United States (+1) country code, and enter the personal phone number you would like to use as your backup method.
  13. Click "Done".
  14. Test your setup: Close your previous browser window, and open a new one. Go to www.stlcc.edu/mfasetup. You will be prompted to approve the sign-in on your phone and your MFA options will be displayed.
    Validate your settings

Please contact the Help Desk with questions or issues.

How do I enroll my phone?

SMS/Text messaging is quicker to setup, but the Microsoft Authenticator app offers the easiest user experience. Once setup, the first authentication from a personal device will trigger a prompt in the app. Employees simply need to tap "Approve" in the app to proceed with the login. Text/SMS notifications require employees a code sent via SMS/text messaging to complete login.

Configure SMS/Text Approval

It is easiest to enroll from a computer with your cellphone handy.

  1. Go to www.stlcc.edu/mfasetup and sign in with your STLCC email address and password.
  2. You will be greeted with a "More information required" message. Click "Next.
  3. On the "Additional security verification" page, choose "Authentication phone" under Step 1, then select “Send me a code by text message.” Choose the appropriate country code and enter your cell phone number. Click the “Next” button to begin verification.

    Additional security verification page
  4. You will receive a text message with a code. Enter the code on the next screen and click the blue “Verify” button.
    Enter verification code
  5. You will receive a message that the verification was successful. Click “Done” and close the browser window.
    Verification complete
  6. Test your MFA setup. Open up a new browser window and go to www.stlcc.edu/mfasetup. You will be prompted for a code. Enter the code you received on your cell phone.
    Enter code
  7. Verify your setup and configure a backup phone.
    MFA settings page
  8. You are now finished setting up MFA.
    Please contact the Help Desk with questions or issues.

Frequently Asked Questions

What will this affect?

Multi-factor authentication will only be enabled for employee email and Office 365 access from personal systems. Employee email and Office 365 access from the College will not be impacted.

How does it work?

When employees log in from an unrecognized system or device, Office 365 will request approval for the login on the enrolled phone.

Why are we doing this?

Multi-factor authentication protects accounts from being accessed by unauthorized individuals in the event that account information becomes compromised.

Accounts are usually compromised because of:

  • Phishing attacks
  • Third-party service breaches where employees use the College email address and same password

Will I have to approve every login on a personal device?

No. If you trust the device when you log in, your approval is good for 30 days.

Do I have to use a smartphone?

No. You can use text messaging or voice calls as well. We do recommend using the app since it is more convenient and less disruptive.

How long does it take to set up?

It takes about 3-4 minutes.

Can I use a different authenticator app (like Google Authenticator)?

No. The Microsoft Authenticator app is the only app that works at this time.

Can I use my email app?

STLCC IT only supports email clients that are able to use "modern" authentication protocols and multi-factor authentication. A support matrix is listed below.

Email Client Platform Supported Notes
Outlook Web App Web browsers Yes Access email from the web. Use https://office365.stlcc.edu
Outlook 2016 Windows/Mac Yes  
Outlook 2013 Windows Yes Requires configuration: https://support.office.com/en-us/article/Enable-Modern-Authentication-for-Office-2013-on-Windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910
Outlook 2011 and earlier Windows/Mac No Use a supported version of Outlook, or use https://office365.stlcc.edu
Outlook iOS Yes

The Outlook email client for iOS is available at https://itunes.apple.com/us/app/microsoft-outlook/id951937596?mt=8.

 

Outlook Android Yes

The Outlook email client for Android is available at https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en.

 

Built-in Mail client iOS 11 and later Yes After enabling MFA you MUST delete and re-add your email profile.
Built-in mail client iOS 10 and earlier No Use Outlook for iOS. The Outlook email client for iOS is available at https://itunes.apple.com/us/app/microsoft-outlook/id951937596?mt=8.
Android Mail Android No Use Outlook for Android.

The Outlook email client for Android is available at https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en.

 

Built-in mail client Mac OS 10.14 and later Yes  
Built-in mail client Mac OS 10.13 and earlier No Access email from the web. Use https://office365.stlcc.edu
Thunderbird All No Access email from the web. Use https://office365.stlcc.edu
btn leftbtn right

To learn more about multi-factor authentication with Microsoft's Authenticator app, watch the video.

Back to top