Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

As cybersecurity threats become increasingly sophisticated, Queen's is joining institutions around the world in adopting multi-factor authentication (MFA) as a way to keep our employees’ digital assets, information and user identities safe. Multi-Factor Authentication (MFA) is an authentication method in which a user is granted access to services only after successfully presenting two or more pieces of evidence to prove their identity. MFA-enabled services at Queen's University use Microsoft's Azure MFA. 

MFA at Queen's

Learn more about how multi-factor authentication (MFA) is integrated into applications and onboarding at Queen's.

Multi-factor authentication protected applications can prompt for MFA as short as every 4 hours to up to 30 days depending on the security settings of the application. MFA may only be applied to those accounts that have enrolled in MFA or access could be blocked unless the user has MFA setup on their account.

Multifactor Authentication protected Applications

 

Application Name MFA Session Time Group(s) MFA Applied to
Campus VPN Matches VPN session Time Staff, Students, Faculty who have enrolled in MFA
Data Centre VPN Matches VPN session Time All - Enforced  
Office 365 - All applications (Exchange Online, Teams, One Drive, SharePoint etc.) 30 days Staff, Students, Faculty who have enrolled in MFA
PeopleSoft Finance 4 hours Staff, Students, Faculty who have enrolled in MFA
PeopleSoft HR 4 hours Staff, Students, Faculty who have enrolled in MFA
ServiceNow 30 days Administrators/ITS Staff only
Windows Virtual Desktop (Azure WVD) 30 days Staff, Students, Faculty who have enrolled in MFA

All Queen's Staff are required to enrol in MFA to access services such as Office 365 and PeopleSoft.

To learn more about MFA , visit the MFA Service Page.

New Employees - First Logon

When a new employee logs into an MFA protected application for the first time, they will be prompted to register for MFA.

A screenshot of the login page showing option to skip enrolling in MFA or to set up enrolment now.

If the employee is prepared to register for MFA, they can click Next to proceed with setup either via the Microsoft Authenticator App or SMS text on their mobile device. If they wish to delay registration they can select the Skip for now link and proceed to the application as normal. 

Those that skip the registration will have 14 days from that time to enrol in MFA. They will be prompted to enrol each time they log into an application and will be able to use the skip for now option until the 14 runs out, at which time they will not be able to log in until they have registered. It is important to register before the end of the 14 days to maintain access to email. 

Hardware Tokens

For employees that do not have a mobile device or do not wish to use their personal device for authentication, MFA Hardware Tokens can be requested using the MFA Token Request Form - be sure to indicate this request is for a new employee as the token may take more than 14 days to arrive if being mailed to the employees home. The employee will be removed from the MFA registration policy to ensure they do not lose access while waiting for their token.

 

Returning Employees - less than 1 year

Employees who have registered for MFA and have been on leave, or have returned within 1 year of previous employment will be required to use MFA immediately. If the employee no longer has the same mobile phone or had disposed of their hardware token they should contact the IT Services Support centre to have their previous authentication settings wiped from their account, enabling them to re-enrol.

 

Enrolling in MFA

Enrolling in MFA is easy. Check out our service page in the knowledge base to learn how to get started.

Multi-Factor Authentication

How to Sign in Using MFA

Once you've enabled MFA, it's easy to sign in to applications. Check out our tutorials in the knowledge base for more information.

Signing in with MFA

Configuring the Microsoft Authenticator App

Log into the MFA Registration Site with your NetID@queensu.ca credentials to select your preferred authentication method. IT Services strongly recommends that users enroll in MFA using the Microsoft Authenticator App, available from the Apple App Store or the Google Play Store. Check out our tutorial to learn how to configure the Authenticator app.

View the Tutorial