Multi-Factor Authentication (MFA)

Tags 2fa

In an effort to promote secure practices and to protect your account, Baker College has implemented Multi-Factor Authentication (MFA). We encourage you to create a strong MFA strategy. To do this, you should set up an authenticator app on more than one device and/or use an additional phone number to allow access to your account in the event that your primary verification method is inaccessible.

Visit the Frequently Asked Question (FAQ) section below for more information on MFA.

 (Click on images throughout the article to enlarge)


First Time MFA Setup

If you have not previously setup MFA, you will receive a prompt (pictured below) the next time you log in.
The more information required prompt with a Next button.

 

Enter a phone number that you will use for your primary authentication method, and follow the prompts to verify the phone with a text message or phone call.
The Keep your account secure page with a field for a phone number, and a choice between Text me a code or Call Me.
After you have added this phone, It is highly recommended to add a secondary option such as an Authenticator App.

Accessing Your MFA Settings

You may access or modify your MFA settings by visiting the Security info page.

Baker-supported MFA Verification Methods

  • Authenticator app (Microsoft Authenticator): used to generate a one-time verification code and/or allow you to approve/block login attempts.
  • Phone call: receive a phone call and press # to verify.
  • SMS (text message): receive a one-time verification code via text.

Note: While the Email method is listed as an option on the Security info page, it cannot be utilized as an MFA method. For more information on the purpose of the Email method, please see the Setting Up Recovery Methods for Self-Service Password Reset article.


Using the Microsoft Authenticator App

On the Security info page, click the "+ Add sign-in method" button (as show below).

Choose “Authenticator app” and click Add, and then click next twice.

To install the app on your mobile device, start by going to your app store (Play Store on Android or App Store on iOS) and searching for Microsoft Authenticator. To help you identify the app, this is what the icon looks like:


Open the Microsoft Authenticator app and Scan the QR code. If you cannot scan the code for any reason click "Can't scan image?" and manually enter the code that is provided.

You may get a notification stating “App Lock enabled,” click OK

Now, look back to your computer screen that has the QR code. Click Next, it will check activation status.

Once complete, it will show that the app has been configured, the “Set up” button will gray-out, and the “Next” button will light up. Click “Next.”

A notification will be sent to your device.

Click “Approve” on your device. Note: you may be prompted for your phones PIN, fingerprint, facial recognition, or whichever form of security is setup on your phone.

Finally, you will either need to sign-in first, or will be immediately directed to your settings page. Here you can set up other methods and adjust your default verification method.

It is highly recommended to include a secondary phone number for unlocking your account. In the event that your main device is lost or broken, this will provide another verification method.

Your authenticator app is now configured and ready for use the next time you log in. 

NOTE: if you get a new phone or reinstall the application on your current phone you will need to repeat the registration process detailed above before you can use the app for verification.


Using Phone/SMS (Text Message)

On the Security info page, click the "+ Add sign-in method" button (as show below).

The security info page with an arrow pointing to the + add sign in method button and below it shows all methods that are currently setup for you.

Select a phone method and verify it via a phone call or a text message. Press pound for the phone call, or enter the SMS code into the prompt.

Note: When Call or Text are set as a default option, you will be prompted to select your method upon login. The following screen may differ, based on the MFA options you have configured:

Remember, you can visit the Security info page page at any time to set your default method and update your MFA verification methods.


Frequently Asked Questions (FAQ)

  • Why is MFA being implemented?
    Protecting our users and their information is a priority for Baker College. In today’s environment, we identify a user by their Baker College provided username and password. However, what happens if that password is stolen or compromised? MFA allows us to use a second ‘different’ factor. Something you: Know (your password) and something you Have (your smartphone). As a result, if your password is compromised, your account is still protected by the second authentication method.

     
  • When MFA is activated, will my accounts stay signed in?
    Any account that is actively signed in via a browser will remain active until the browser is closed. The next time the account is accessed in a new browser session, you will be prompted for MFA verification. Accounts that are signed in via apps (i.e. Gmail on a cellphone) will not require MFA until you manually sign out or are required to sign back in, due to a password change.

     
  • What if I can't log into my account because of an issue with the MFA options I have configured?
    Contact the ITSC via email at itsc@baker.edu or phone at (800) 645-8350.

     
  • Will I need to use MFA on my smartphone/tablet?
    Yes. Any app that utilizes single sign-on (SSO) will prompt for MFA verification.


  • Will I need to use MFA to access my email?
    Yes, all services/applications that use single sign-on (SSO) will prompt for MFA. Examples are: Baker Gmail, Zoom, My Baker, Canvas, etc.

     
  • Will I need to use MFA to connect to Baker College Wireless?
    No, not at this time.


  • What happens if I lose my phone or get a new one?
    It is highly recommended to include a secondary authentication method, on a separate device, for unlocking your account. In the event that your main device is replaced, lost or broken, this will provide another method to access your account. During sign-in, on the verification screen, click "Sign in another way" or "I can't use my Microsoft Authenticator app right now" (text may vary depending on the default option you have set) to access your list of other methods. If you need to add the new device as a method, once you are logged in, you can update the Security info page

     
  • Will I ever need to re-verify my MFA setup?
    Occasionally Microsoft will prompt you to check that the Security info page still has what you would like to use. If you happen to see an old phone number or other outdated authentication methods, you should update it to keep your account secure and ensure accessibility.

     
  • Can I use an alternate email address or token as my MFA method?
    While other MFA verification options exist, the current MFA methods approved by Baker College are: phone call, text (SMS), or the Microsoft authenticator app. No other MFA methods are supported by Baker College IT at this time.

     
  • What number will phone or SMS verification come from?
    Voice call MFA verification will come from +1 (855) 330-8653. Note: sometimes the calls are routed through a carrier that doesn't support caller ID. Because of this, caller ID isn't guaranteed.
    Microsoft uses SMS short codes when sending MFA codes. There is no guarantee of consistent SMS short code numbers due to route adjustments to improve SMS deliverability.

 

 

Submit a Ticket

Details

Article ID: 99309
Created
Wed 2/26/20 1:43 PM
Modified
Thu 11/10/22 3:23 PM

Related Articles (4)

Instructions for setting up Mobile Phones to access Baker services.
Directions for setting up multiple self-service password reset options.

Related Services / Offerings (1)

For general issues logging into all systems.