Multifactor Authentication (MFA) Configuration

Owned by Grant Guzda
Last updated: Nov 01, 2023

Please read updated requirements.

What is Multi-factor Authentication (MFA) and why is it going to be required?  

Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.  Canisius will be using challenge questions and numerical codes that can be sent to alternate email addresses and texted to cell phones.  An encrypted external authenticator application may also be used. 

One example that we all encounter is when you log into your online banking portal, and you are given a code on your cell phone to be able to log into the online accounts.  Everyone should understand the need to protect our financial and student data from those who wish to do bad things with it.  We see daily headlines in the news about companies that have had data breaches.  It is just a fact of life now in the 21st century and our digital age.  There are bad actors everywhere on the internet and users often are “tricked” into revealing their credentials.  MFA helps to protect the college from these situations and keeps these intruders out of our systems. 

Enforcing MFA ensures our data/systems are more secure. 

How to set it up

Please go under My Applications in the portal and select “Multifactor Authentication (MFA) Configuration” and fill out the security questions/phone/secondary email. You will get prompted to verify your login via MFA every time you access something that uses Single Sign on (SSO) from an “unknown” device.  We strongly suggest you try to use the security questions or the SMS (text message) option. If you prefer to use the email verification method, make sure it’s a non Canisius email address that has a complex password, and that password is not the same one you use at Canisius.  You can also use the phone recovery option to verify your account using your cell phone.  You can also use an Authenticator app to secure your account.

After you complete each section the tab will turn green if you were successful in setting it up.


The above link is how you access the MFA dashboard.

You will be prompted to enter your password again.

The above screenshot is what you will see when accessing the MFA link. 

For the account recovery section there are four options.  It is a good idea to setup at least two of them.

In the account recovery settings you can set security questions.

You can set a recovery email.  You will be sent a code that you will enter to verify your account.

You can also set your cell phone number to receive the code to verify your account. Only click UPDATE if you are changing this phone number.


You can also setup Authenticator

Authenticator

You can use an authenticator app on your mobile device, which provides a short-term code for authentication.  This is handy for your Canisius account, as well as other accounts.  

View our Tutorial on using an Authenticator App for Canisius MFA.

One popular authenticator app is Google Authenticator.  But other apps are available and work similarly.


Recent and Trusted Devices

Select your username in the upper right to select My Devices

You can untrust a device and also see where your account has been accessed from. 

When you access the portal from a device you can use any of the methods for verification that you chose.

The example above has setup the first three options.  Every user should setup at least two.

This is the screen you will see to enter in security questions.  You can select the trust this device option if this is your personal device.

You can select the send email option to receive the security code to your email.

You can also receive a text to your cell phone to receive the security code.

Trusted Devices are not prompted for additional verification methods for 30 days.

We are not using the change password option in the dashboard.  There is a link however next to your username that will take you to the change password screen.