Two Factor Authentication

Enable Two Factor Authentication (2FA) to enhance the security of your University IT account, reducing the potential for unauthorised access to your email, Office 365 files and other services.

What is Two Factor Authentication?

Currently you enter your University IT account username and password (one factor) to access a University web application.

As many University IT accounts have access to sensitive student, research and University information, with your help, we need to do everything we can to keep this information secure. This is particularly important at this time, with many staff working remotely and the recent increase of attacks to IT systems reported in the media.

Two Factor Authentication adds an additional (second) way to verify who you are. The two factors are:

  • Something you know (your current password)
  • Something you have (use your mobile phone to confirm its you)

Sometimes Two Factor Authentication (2FA) is referred to as Multi factor Authentication or MFA.

What do I need to use Two Factor Authentication?

To use Two Factor Authentication, you will need access to a modern smartphone:

  • You agree to use a personal device for this purpose, if you do not have a University mobile phone
  • After you register, you may need this device, each time you login to a University web application when off-campus

What do I need to know?

  • Two Factor Authentication is optional at the moment, you can choose opt in to use it on your University IT account
  • You will need to use Two Factor Authentication when off-campus
    • ‘Off-campus’ refers to when you are using home/student accommodation wifi or Visitor wifi provided by the Cloud
    • You won't need to use Two Factor Authentication when you are on campus, such as using a University PC in a student PC area or eduroam wifi
  • Only approve a sign in if you are logging to your one of the services protected by Two Factor Authentication
    • If you are not logging in, your University IT account may have been compromised and someone else is trying to access your IT account.
  • We would recommend you use the Microsoft Authenticator app for Two Factor Authentication, as this is easiest to configure and will be beneficial for future functionality
  • There are two choices for how to authenticate on your Smartphone or Tablet:
  • Receive notification for verification (Microsoft Authenticator app only)
  • Use one time verification code (6 digit number)
  • ​​​​​​​​​​​​​​If you are visiting China you will need to use a one time verification code (6 digit number). Receive notification for verification will not work
  • In the Microsoft Authenticator app, the Enable phone sign-in option is not currently supported. Avoid choosing this option.

Services protected by Two Factor Authentication

  • Blackboard VLE
  • University email
  • Office 365
  • Employee Self Service
  • MyPGR
  • Leicester Digital Library Login (EZProxy)

More services will be protected with Two Factor Authentication in future and added to this list.

Already using the Microsoft Authenticator app or equivalent?

If you have the Microsoft Authenticator App (or equivalent e.g. Google Authenticator or Authy), you will need to remove previous registrations for your university IT account. For Microsoft Authenticator:

  1. Open the Microsoft Authenticator app
  2. Check if your University IT account is registered. If your email address appears, go to the menu (three dots) > Edit accounts – click the X to delete

Now you have removed a previous registration, you are now ready to Set up Two Factor Authentication either on a computer or mobile phone or tablet.

Set up Two Factor Authentication device from a computer

The Set up Two Factor Authentication device from a computer instructions on MyWorkspace for staff (staff only) include screenshots

You can set up Two Factor Authentication using a computer, however you will need the device you want to use to verify available:

  1. Go to aka.ms/mfasetup If required, login using your University IT account username and password
  2. You will see a More information required screen. Choose Next
  3. Install the Microsoft Authenticator app on your device. Alternately, if you already use another Authenticator app and wish to use this, click on I want to set up a different method.
  4. Click Next to Set up your account.
  5. If you are using a phone or tablet, click on the link to setup the Authenticator app. Alternatively, in the Microsoft authenticator app (installed in step 3), click menu (either ⁞ (android) or + (iPhone) and choose Add Work and School account. Scan the QR code
  6. You can choose to authenticate either:
    • Receive notification for verification (Microsoft Authenticator app only)
    • Use one time verification code (6 digit number)
  7. When your IT account has been setup in Microsoft Authenticator, you will asked to try out authentication on your device. Tap to verify or enter the code that appears in the app.
  8. Click Next
  9. Click Done

Set up Two Factor Authentication from a mobile phone or tablet

The Set up Two Factor Authentication from a mobile phone or tablet on MyWorkspace for staff (staff only) instructions include screenshots

Follow this process on the device you want to use for Two Factor Authentication:

  1. Go to aka.ms/mfasetup
  2. Login using your University IT account email address and password
  3. You may see a notification asking to Stay signed in?. Only tick Yes this on devices or PCs that you don’t share with others. Otherwise tick No.
  4. You will see a More information required screen. Choose Next
  5. Install the Microsoft Authenticator app. Click on Download now. Alternately, if you already use another Authenticator app and wish to use this, click on I want to set up a different method.
  6. Tap on Pair your account to the app by clicking on this link. Choose Yes to open link on Authenticator
  7. You will see an Account added Successfully message within Microsoft Authenticator. Switch to the browser window you were using before
  8. You will be asked to try out Two Factor Authentication. Tap Next. In the notification that appears, tap APPROVE.
  9. You will see a message saying Notification approved. Click Next
  10. At the Success! Screen choose Done.
  11. You may see a notification asking to Stay signed in?. Only tick Yes this on devices or PCs that you don’t share with others. Otherwise tick No.
    A screen will appear which shows that you have added Microsoft Authenticator

Login using Two Factor Authentication

When your access webmail or any other service protected by Two Factor Authentication from a web browser off-campus (this will not apply when on campus):

  1. You may see a notification asking to ‘Stay signed in?’. Only tick Yes this on devices or PCs that you don’t share with others.
  2. Using the device you have registered, authenticate using the method you chose when you setup Two Factor Authentication
    • Tap on the notification
    • Enter one time verification code from app
  3. You will be logged and redirected to the service you requested to access

Use an alternative way to login

If you have more than one device or method set up with 2FA, you can choose to login using an alternative way from the default:

  1. Select Use a different verification option (instead of step 2 above). You see different verification options based on how many you have setup.
  2. Choose an alternate method and sign in.

If you are visiting China you will need to use a one time verification code (6 digit number). Receive notification for verification will not work

Change Two Factor Authentication methods

If you have already setup Two Factor Authentication, go to aka.ms/mfasetup. You may wish to do this if you

  • Require more than one authentication device
  • You change your device

This will show your current Default sign-in method. Click on Change to update how you authenticate:

  • Tap on notification OR
  • Enter one time verification code from app

If you are changing your device. Remove the old device, by clicking on Delete.

If you are visiting China you will need to use a one time verification code (6 digit number). Receive notification for verification will not work

What if I cannot use my Device for Two Factor Authentication?

If you can’t use any of devices for Two Factor Authentication, Contact the IT Service Desk to reset it.

Known issues

Sorry, we’ve having trouble with verifying your account. Please try again

Symptom

If you remove a device from Two Factor Authentication, you may see a Sorry, we’ve having trouble with verifying your account. Please try again error message

Resolution

Go to webmail.le.ac.uk and login again, this should allow you to login without Two Factor Authentication. You can then go to aka.ms/mfasetup to register a new device.

Share this page: