Multi-Factor Authentication (MFA) Frequently Asked Questions

Body

Issue/Question

What are some of the most common Multi-Factor Authentication questions?

Environment

  • Multi-Factor Authentication (MFA)

Resolution

What is Multi-Factor Authentication (MFA)?

The Multi-Factor part of MFA means that you will use another verified method to make sure you are who you say you are. There are traditionally three types of authentication factors:

  • Things you know, like a password
  • Things you have, like your mobile phone
  • Things you are, like your fingerprint

Access to MCC’s network and key applications now require MFA with things you know (your password) and things you have (your devices) to better secure your account beyond a username and password.


What verification methods are available for me to use?

  • Mobile app – notification (recommended method)
    • The Microsoft Authenticator App is downloaded on your smart phone and a verification request is sent to your phone. It asks you to complete the verification process by selecting Approve from a push notification.
  • Mobile app – verification code
    • The Microsoft Authenticator App is downloaded on your smart phone and you must type the code provided in the app into your device to complete the verification process.
  • Phone call
    • You will receive an automated call asking you to verify that you are attempting to log in. Press the # key to complete the verification process.
    • The code can be changed from # to any code that you specify.
    • This option must be configured with a cell phone number, or any number that dials directly back to you, and cannot be used with a phone number that uses a menu system.
    • Note that the automated call may come from multiple phone numbers, and not the same number every time.
  • SMS (text) message
    • You will receive a SMS (text) message with a six-digit code that you must type the code into the device to complete the verification process.
    • Note that text message may come from multiple phone numbers, and not the same number every time.
  • Physical Key (Yubi Key)
    • The YubiKey is a hardware authentication device that protects access to computers, networks, and online services. It allows users to securely log into their accounts instead of using an app, call, or text. 
    • You will need to plug into your computer in a UBC-C port or use it on an NFC reader. 

What happens after I register my device?

After the initial device registration, the next time you sign in you will be prompted to confirm your identity using the verification method you chose. 

As of July 5th, 2023 – MFA prompts may occur when signing in from both on and off campus.  


What happens if I take too long?

Each verification method will give a different response.

  • Mobile app – notification (recommended method)
    • Your request will time out. Simply click Send another request to my Microsoft Authenticator app to try again.

  • Mobile app – verification code
    • This verification method does not time-out. Instead, it waits for the correct code to be typed in. If you need another way to log in, click Sign in another way. This will take you to a screen where you can choose another method to verify your identity.

  • Phone call
    • If you didn’t get to your device quick enough, the verification request will time out and show the image below. Simply click Sign in another way and select Call to try again. Be sure to have your mobile device close before you try again.

  • SMS (text) message
    • This verification method does not time-out. Instead, it waits for the correct code to be typed in. Simply click Sign in another way and select Text to try again. Be sure to have your mobile device close before you try again.


Is there any time I won't be prompted for MFA?

When you are signed onto the Macomb network (wired or wireless) and signed in to a Macomb computer, there will be no MFA prompts.

  • This experience does not apply to personally owned devices, or ones connected to Guest Wi-Fi or when connecting off campus.
  • The sign-in experience while using a personal device or when connecting off campus may still include MFA prompts.
  • Remote users are prompted for MFA every time GlobalProtect (VPN) is used.

What happens if I run into a problem during device registration?

Although this process should be the same for everyone, there may be a slight variance in what you see. If there is a step you need help with, is confusing, problematic, or not listed, please let us know. Submit a ticket via this link (select Setting up a Device under the category of Problem with MFA) or call the Service Desk at (586) 445-7156 during regular business hours.


Why am I being prompted to register my device for another app?

Each app that accesses Macomb’s data may ask you to register your device the first time you use it with MFA enabled. An example of this is registering your device with the Teams app, then having to do with same with the Outlook app.


I accidentally denied my sign-in attempt, what should I do?

If you deny your verification attempt, you should submit a ticket via this link or call the Service Desk at (586) 445-7156 during regular business hours.


Can I change my settings once set up?

Yes, you can both add additional devices or verification methods or remove them. See the two sections below for more information.


Adding an Additional Device

If you have an additional device you would like to register, follow the steps for the corresponding verification method. If you have two phones registered for the mobile app notification, for example, both devices will prompt you to authenticate. If you only have one phone near you, you can approve your sign on and still log in. You do not have to authenticate with both devices. The other phone’s approval prompt will simply time out.


Removing a Registered Device

If you need to remove a registered device go to the MFA User Portal at: https://mysignins.microsoft.com/security-info. It will take you to the Security info page. You should see one line for every method you have set up. Then, just click Delete for any of the methods you would like to remove from your account.

If at any point you would like to re-register a device, just follow the instructions to register the device as if it were a new device.

Please review this article for additional tips to improve the MFA experience: Things that YOU can do to improve the MFA experience

Details

Details

Article ID: 112200
Created
Mon 7/20/20 3:50 PM
Modified
Fri 5/31/24 8:22 AM

Related Articles

Related Articles (5)

This article offers a step-by-step guide on how to register a phone call multi-factor authentication (MFA) method.
This article offers a step-by-step guide on how to register a SMS text message multi-factor authentication (MFA) method.
This article offers a step-by-step guide on how to register for self-service password reset (SSPR).
Explanation of different methods of Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)