Guide for MFA – Multi Factor Authentication for office365 and Technion email service

Enabling MFA-Multi Factor Authentication was decided by Technion Management as a must for all users, and it’s a process which the end user can perform independently following these simple steps:

  1. Choosing authentication method – from a list (see later), and installing if necessary.
  2. Configure the authentication method in the account.
  3. Check the authentication method is configured and working well.
  4. Report using an online form about the successful completion of the MFA.
  5. After receiving the online form, the MFA will be enforced by Technion CC.

Please note that from stage 4, you need to make sure that the authentication method that you configured is available with you regularly.

step 1 – Choosing authentication method

We recommend the following two methods:

  1. Authy – authentication application on the smartphone.
    • The application produces a unique 6-digit code, changing every minute.
    • Supported on all OS, and has an encrypted backup.
    • Can add multiple devices and easily transfer configuration among them.
  2. Receiving SMS via the smartphone
    • this option will not work if there is no cellular coverage or if are abroad with no cell/data plan.
    • This option is less secure, so it’s only serving as a backup for the first method.

Please install the Authy app on your device:

  • Android – from Google Store
  • iPhone – from App Store
  • Desktop – according to your OS from the website http://www.authy.com

May watch the following clip to see how to install the app and how to configure your MFA for your email account.

step 2 – Configuring MFA

Configuring MFA by the end user – some differences in the pics shown in this guide may appear on your screen – The changes are due to different versions of the service.

After choosing the authentication methods and installing the authtication app (as in step 1) – you need to configure the MFA in your email account.

  • Browse to outlook.technion.ac.il and login with your technion username and password.
  • Click on your pic which is on your right corner of the page – if you don’t have a pic there will be a generic head pic or your initials in a circle.
  • On the menu click My Account or View Account
This image has an empty alt attribute; its file name is image-14.png
  • On the tile “Security Info” click Update Info
This image has an empty alt attribute; its file name is image-15.png
  • Click the Add Method
This image has an empty alt attribute; its file name is image-16.png
  • On the menu, please select the your desired authentication method. We choose the Authenticator app. Please note that choosing “phone” will let you choose between a call or SMS as you please.
This image has an empty alt attribute; its file name is image-17.png
  • Continue as instructed on the window – here we recommend choosing “I want to use a different authenticator app” (the one you installed on your smartphone or desktop)
This image has an empty alt attribute; its file name is image-18.png
  • After clicking next you will get a QR code on your screen which you need to scan using your app on your smartphone.
  • Open your Authy app on your smartphone and click the + sign to Add Account. Allow the use of your camera and scan the QR code, and save the record as instructed. Once you’re done you will get a 6-digit random sequence running on your smartphone.
  • Click next on the website page with the QR code.
  • The website will ask you to type the 6-digits code from your cellphone app, and once you do it – the method is configured successfully.

step 3 – add more methods and check

  • After choosing the first method you may add a second one (we recommend SMS), in case you encounter a problem. Click Add Method and follow the same as in step 2.
    • add phone – you may register your cellphone number and choose to get an SMS.
    • If you choose MFA using your office phone – you will get a phone call and will need to press the # sign and hangup.
    • You may add a method or change the default at any time once the MFA is active.
  • When using more than one authentication method you may choose the default one. On the line Default Sign-In Method click the “Change” and from the list of your methods choose the desired method.
This image has an empty alt attribute; its file name is image-19.png
  • In case your login fails (with MFA), during regular use, as in the following:
This image has an empty alt attribute; its file name is image-20.png
  • you may choose to “Sign In another Way” and choose the desired method from your other methods for MFA.

step 4 – Report to Technion CC

step 5 – Enforcement of MFA

  • The automatic enforcement of MFA on your account will be activated only after you fill and send the online form (in step 4).
  • After receiving the online form (by CC) the activation is being done manually so there may be a delay of few hours and even days until the MFA is enforced.
  • Once the MFA is forced you will need to authenticate your login using the method you chose on every device and any browser you use.
  • On devices that belong to you only, you may mark “Trust this device for the next 30 days” so you can avoid the MFA for the next 30 days.

Remarks

  1. If you have partners using the email account – ie it is not your personal email account BUT a secondary email account shared with a research coordinator, or a research colleague etc) – you may need to act as in the following link.
  2. For Applications that do not support microsoft MFA you may use App Password. For example App Password is used for mail applications that do not support MFA. App Password method is forbidden to use on a device which is not yours or which is shared by you and others.
  3. After chnaging the configuration it is recommended to sign out and login to office 365.

Andoid users – Please note that the built-in mail application currently doesn’t support MFA, so it is recommended installing the outlook app and configure your email account.