Multi-factor Authentication
To protect student and employee data, the College is requiring all employees to enroll
a phone with the College to enable multi-factor authentication through Microsoft Office
365. Once a phone is enrolled, employees will have an extra layer of security when
accessing Office 365 from non-College systems.
What is multi-factor authentication?
Multi-factor authentication is a security protection for accounts that requires users to present two or more pieces of information before being granted access to services. Modern authentication factors include:
- Something you know (password),
- Something you have (phone/app), and
- Something you are (biometrics).
Employees have traditionally used their username and password (single-factor) to authenticate to College systems. When moving to Office 365, the College will require employees accessing email and Office 365 from personal systems, to provide their username, password, and approval from another device (something they have).
How do I enroll my phone?
The Microsoft Authenticator app takes a few more steps to setup, but offers the easiest user experience. Once setup, the first authentication from a personal device will trigger a prompt in the app. Employees simply need to tap "Approve" in the app to proceed with the login.
Configure the App
It is easiest to enroll from a computer with your smartphone handy.
- Download the Microsoft Authenticator app from the Apple Apple App Store or Google Play.
- Go to www.stlcc.edu/mfasetup and sign in with your STLCC email address and password.
- You will be greeted with a "More information required" message. Click "Next.
- On the "Additional security verification" page, choose "Mobile app" under Step 1,
and select "Receive notifications for verification."
- Click "Set up." You will see a QR code displayed on the screen along with instructions.
- On your smartphone, open the blue Microsoft Authenticator app.
- Tap "Add account" (or the "plus" sign at the upper right if you have done this before).
- Choose "Work or school account."
- Scan the QR code with the app.
- Wait for the enrollment to complete. Once completed, the "Next" button on the page should turn blue. Click the "Next" button.
- You will receive a request to validate the login on your phone. Approve it. If you
do not see the notification, from the app, pull down on the screen with your finger
to refresh notifications. Approve the request.
- You will be now move to "Step 3": set up a backup method. Leave the drop-down box set to "authentication phone". Choose the United States (+1) country code, and enter the personal phone number you would like to use as your backup method.
- Click "Done".
- Test your setup: Close your previous browser window, and open a new one. Go to www.stlcc.edu/mfasetup. You will be prompted to approve the sign-in on your phone and your MFA options will
be displayed.
Please contact the Help Desk with questions or issues.
How do I enroll my phone?
SMS/Text messaging is quicker to setup, but the Microsoft Authenticator app offers the easiest user experience. Once setup, the first authentication from a personal device will trigger a prompt in the app. Employees simply need to tap "Approve" in the app to proceed with the login. Text/SMS notifications require employees a code sent via SMS/text messaging to complete login.
Configure SMS/Text Approval
It is easiest to enroll from a computer with your cellphone handy.
- Go to www.stlcc.edu/mfasetup and sign in with your STLCC email address and password.
- You will be greeted with a "More information required" message. Click "Next.
- On the "Additional security verification" page, choose "Authentication phone" under
Step 1, then select “Send me a code by text message.” Choose the appropriate country
code and enter your cell phone number. Click the “Next” button to begin verification.
- You will receive a text message with a code. Enter the code on the next screen and
click the blue “Verify” button.
- You will receive a message that the verification was successful. Click “Done” and
close the browser window.
- Test your MFA setup. Open up a new browser window and go to www.stlcc.edu/mfasetup. You will be prompted for a code. Enter the code you received on your cell phone.
- Verify your setup and configure a backup phone.
- You are now finished setting up MFA.
Please contact the Help Desk with questions or issues.
Frequently Asked Questions
What will this affect?
Multi-factor authentication will only be enabled for employee email and Office 365 access from personal systems. Employee email and Office 365 access from the College will not be impacted.
How does it work?
When employees log in from an unrecognized system or device, Office 365 will request approval for the login on the enrolled phone.
Why are we doing this?
Multi-factor authentication protects accounts from being accessed by unauthorized individuals in the event that account information becomes compromised.
Accounts are usually compromised because of:
- Phishing attacks
- Third-party service breaches where employees use the College email address and same password
Will I have to approve every login on a personal device?
No. If you trust the device when you log in, your approval is good for 30 days.
Do I have to use a smartphone?
No. You can use text messaging or voice calls as well. We do recommend using the app since it is more convenient and less disruptive.
How long does it take to set up?
It takes about 3-4 minutes.
Can I use a different authenticator app (like Google Authenticator)?
No. The Microsoft Authenticator app is the only app that works at this time.
Can I use my email app?
STLCC IT only supports email clients that are able to use "modern" authentication protocols and multi-factor authentication. A support matrix is listed below.
Email Client | Platform | Supported | Notes |
Outlook Web App | Web browsers | Yes | Access email from the web. Use https://office365.stlcc.edu |
Outlook 2016 | Windows/Mac | Yes | |
Outlook 2013 | Windows | Yes | Requires configuration: https://support.office.com/en-us/article/Enable-Modern-Authentication-for-Office-2013-on-Windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910 |
Outlook 2011 and earlier | Windows/Mac | No | Use a supported version of Outlook, or use https://office365.stlcc.edu |
Outlook | iOS | Yes |
The Outlook email client for iOS is available at https://itunes.apple.com/us/app/microsoft-outlook/id951937596?mt=8.
|
Outlook | Android | Yes |
The Outlook email client for Android is available at https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en.
|
Built-in Mail client | iOS 11 and later | Yes | After enabling MFA you MUST delete and re-add your email profile. |
Built-in mail client | iOS 10 and earlier | No | Use Outlook for iOS. The Outlook email client for iOS is available at https://itunes.apple.com/us/app/microsoft-outlook/id951937596?mt=8. |
Android Mail | Android | No | Use Outlook for Android.
The Outlook email client for Android is available at https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en.
|
Built-in mail client | Mac OS 10.14 and later | Yes | |
Built-in mail client | Mac OS 10.13 and earlier | No | Access email from the web. Use https://office365.stlcc.edu |
Thunderbird | All | No | Access email from the web. Use https://office365.stlcc.edu |