Multi-Factor Authentication (MFA) - Frequently Asked Questions (FAQs)

Multi-Factor Authentication (MFA) at Rancho Santiago Community College School District

See our Frequently Asked Questions (FAQs) below for Multi-Factor Authentication (MFA).

If you lost or replaced your phone:  Please see our section for New Phone, Lost Phone, or Stolen Device and Managing MFA Methods, or Contact the ITS Help Desk

Table of Contents

Announcements & Changes to MFA

09/15/23 - Microsoft Authenticator now required:  Important changes to MFA when using SMS Text or Phone Call

On September 15 2023, Microsoft began prompting users who authenticate using SMS Text Message and phone call to set up the Microsoft Authenticator when they sign into their work or school account.

You can select “Not now” to skip the “Improve your sign-ins” prompt up to 3 times, but after that, you will be forced to set up Microsoft Authenticator at the “Protect your account” screen.

ImproveYourSignIns.png ProtectYourAccount.png

To meet the MFA requirements please do the following:

Step 1:  Download the Microsoft Authenticator App

  1. On your phone, open the App Store or Play Store.
  2. Search for Microsoft Authenticator.
  3. Install or Get the Microsoft Authenticator app.
    1. NOTE:  Check that the app is from Microsoft Corporation. The app is free.

DownloadMSAuth1.pngDownloadMSAuth2.png

Step 2:  Sign into SSO with the Microsoft Authenticator app

  1. Open the Microsoft Authenticator app on your phone. 
    1. If prompted to accept a Privacy Policy and to share diagnostic information with Microsoft, you can choose to opt in or not.  But please select an option to continue.
  2. When prompted, allow Notifications.
  3. Select  "Add work or school account."
  4. Select "Sign in."
  5. Sign in with your Single Sign-On credentials.
  6. When prompted, "Verify your identity" with an existing MFA method, such as Text Message or Phone Call.
  7. When complete, Microsoft Authenticator will produce a successful entry for Rancho Santiago Community College School District.  
  8. Select "Finish" to finish the set-up.

Step 3. Test your access with Microsoft Authenticator

  1. On your desktop, go to https://outlook.office.com and sign in.
  2. When prompted to "Verify your identity," open the Microsoft Authenticator app and type in the two-digit code that appears on the Approve sign-in request screen in the space provided on the app.

New-MSAuth-Approval-Screen-V3.png


Alternatively, use a desktop computer and go to https://aka.ms/mfasetup and follow the steps for Microsoft Authenticator set up in our Multi-Factor Authentication Guide for Single Sign-on (SSO).

If you require assistance please contact ITS Help Desk.

Introduction to MFA

​What is Multi-Factor Authentication (MFA)?  Why do we need MFA?

Multi-factor authentication (MFA) means using at least 2 factors to authenticate your identity, consisting of:

  1. Your Password
  2. An Additional Verification method.
A common example of MFA is when you login to your bank account with a username and password, and the bank sends a text message with a verification code to confirm your login.  In this example, the first "factor" of authentication is your username and password, and the second "factor" is the verification code contained in the text message.

MFA adds an extra layer of security to protect your online accounts against cyber criminals, and helps to protect all RSCCD students, faculty, and employees from hacking, phishing, unauthorized intrusions and data leaks.

How do I setup MFA?

If you're just getting started, please refer to our Tips to get started with MFA.

If you need step-by-step instructions, please refer to our setup guides here:

Does registering for MFA give RSCCD access to my device?

No.  Registering for MFA does not give RSCCD access to your device.

What if I do not have a mobile device to use as a MFA method?

As an alternative to using a mobile phone, you can use your office phone to verify via phone call, or request a Hardware Token.

If you need help determining a suitable MFA method, please contact the ITS Help Desk.

How often do I have to authenticate?

If you're using the Outlook mobile app, Outlook desktop app, or Office365 apps in general while off-campus, you''ll be required to authenticate once every 90 days.

If you're using Outlook Web Access at https://outlook.office.com or the www.office.com website while off-campus, you'll be required to authenticate each time you sign-in.

MFA Enrollment and Approved Methods

Enroll in MFA now

Voluntary enrollment for Multi-Factor Authentication (MFA) can be initiated at this link:  https://aka.ms/mfasetup

Prior to enrollment, we would strongly recommend:

  1. Deciding beforehand what MFA methods you'd like to use
  2. Having your MFA methods ready
Mandatory enrollment for MFA begins July 17th, 2023.

Decide beforehand what MFA methods you'd like to use

Below is the approved list of MFA methods we support:

Approved MFA Methods

By deciding now, you won't be caught by surprise and can have your preferred MFA methods ready for a smooth enrollment process.

Have your MFA methods ready

For all MFA methods

Use a desktop computer or laptop to initiate the MFA setup process

We've discovered it's easier to initiate the MFA enrollment process at https://aka.ms/mfasetup from a computer, such as a desktop, laptop or tablet. 

While it's possible to set up MFA from just your mobile phone, switching between apps during the setup can be cumbersome.

Use a compatible web browser and disable adblockers to initiate the MFA setup process

For the purpose of MFA enrollment at https://aka.ms/mfasetup, we recommend using web browsers such as Google Chrome, Mozilla Firefox, Microsoft Edge, or Apple Safari. with adblockers turned off.

We've observed that some web browsers, such as DuckDuckGo and Brave, don't work well with the MFA enrollment screens.   Also, browser extensions like AdBlocker can interfere with the MFA enrollment screens.

Set up a backup MFA method

Once you've set up your initial MFA method, you can set up a secondary or backup method at https://aka.ms/mfasetup.

For step-by-step instructions, see our guides for how to ."

Approved MFA Methods and Setup Instructions

SMS.pngSMS Text Message (Easiest Method)

SMS Text Message sends a text message to your phone with a 6-digit verification code.

If you've decided to use SMS Text Message for your MFA method, we would strongly recommend having your phone on hand before the setup process.

This way, when you're asked to provide a verification code during enrollment, you'll have your phone on hand to receive the text message with the code.

Steps to set up SMS Text Message as an MFA Method:

  1. Go to https://aka.ms/mfasetup to initiate the MFA enrollment.
  2. Login with your Single sign-on username and password (e.g., LastName_FirstName@rsccd.edu, @sccollege.edu or @sac.edu).
  3. On the More Information Required screen, select Next.
  4. On the Keep your account secure screen, select "I want to set up a different method"
  5. Select Phone call, then Confirm.
  6. Enter your phone number and select "Text me a code" or "Call Me" to receive a text message or phone call to authenticate.

For step-by-step instructions with screenshots, please refer to our guides below:


MFAPhoneAlternative01.png MFAPhoneAlternative02.png

 



 


MSAuth.pngMicrosoft Authenticator

Microsoft Authenticator app allows for Push Notifications to be sent to your phone to verify sign-in requests.  You'll be prompted to enter a two-digit code in the app to verify your login.

If you've decided to use Microsoft Authenticator, we would strongly recommend that you install the Microsoft Authenticator app on your phone first.

Download the Microsoft Authenticator App

a.    On your phone, open the App Store or Play Store.
b.    Search for Microsoft Authenticator
c.    Install or Get the Microsoft Authenticator app.

NOTE:  Check that the app is from Microsoft Corporation. The app is free.

DownloadMSAuth1.pngDownloadMSAuth2.png

Once you have the app installed and notifications enabled, you can initiate voluntary enrollment for Multi-Factor Authentication (MFA)  at this link, then follow the prompts for setup:  https://aka.ms/mfasetup

For step-by-step instructions with instructions, please refer to the Microsoft Authenticator section of our guides below:

New-MSAuth-Approval-Screen-V3.png


GoogleAuth.pngGoogle Authenticator

Google Authenticator app is an alternative to Microsoft Authenticator.  It generates a 6-digit code used to verify your login instead of a push notification.

If you've decided to use Google Authenticator, we would strongly recommend installing the app on your mobile device now from the App Store or Play Store.

Once you have the app installed, you can initiate voluntary enrollment for Multi-Factor Authentication (MFA)  at this link:  https://aka.ms/mfasetup

When prompted on the "Keep your account secure" page:

  1. Select "I want to use a different authenticator app"
  2. Select "Next"
  3. When presented with a QR code, open the Google Authenticator app and scan the QR code.

For step-by-step instructions, please refer to our guides below:



Phone.pngPhone Call

Phone call allows you to use your mobile phone or office phone to receive a verification request through your phone.  With this MFA method, you'll receive a phone call from Microsoft, and be prompted to press the # (pound) key on your phone's dial pad to authenticate your login.

If you've decided to use phone calls for your MFA method, we would strongly recommend having your phone on hand before the setup process.

This way, when you're asked to provide a verification code during the set-up process, you'll have your phone on hand to receive the code via phone call.

Once you have your phone on hand, you can initiate voluntary enrollment for MFA at this link:  https://aka.ms/mfasetup

When prompted on the "Keep your account secure" page:

  1. Select "I want to set up a different method"
  2. Select "Phone"
  3. Enter your phone number and select "Call Me"

For step-by-step instructions, please refer to our guides below:





HardwareToken.pngHardware Token

Hardware token uses a One-Time Password (OTP) generated by a hardware token device, provided by ITS Help Desk, consisting of a 6-digit code used to verify your login.

If you've decided on using a Hardware Token as your MFA method, please contact ITS Help Desk so we can arrange to have one allocated and distributed for you. 

Please allow a few business days for us to provide you a hardware token, as we need to configure the device first, and then have an ITS technician coordinate a time and place for you to pick up the hardware token device.


Troubleshooting MFA Issues

Troubleshoot problems with Microsoft Authenticator

Enable Push Notifications

  1. Make sure Notifications are enabled for the Microsoft Authenticator app. 
    1. From the Microsoft Authenticator app > select Settings > Notification settings.
    2. Or, from your phone's main menu, go to Settings > Notifications.
  2. Check for Notifications manually.
    1. Open the Microsoft Authenticator app > select the three dots > select "Check for notifications."

Turn off Battery Optimization

  1. Turn off battery optimization.
    1. Open the Microsoft Authenticator app > select the three dots > select "Turn off battery optimization."   
    2. Sometimes, battery optimization settings on your phone can disable push notifications, including those from Microsoft Authenticator.

Allow Background Data Usage

  1. Allow background data usage
    1. Open the Microsoft Authenticator app > select the three dots > select "Allow background data usage."
    2. Having the background data usage enabled will ensure you get notifications on time from the Microsoft Authenticator app.

Use the Time-Based One-Time Passcode (TOTP)

If you're having trouble with Notifications, or don't have an internet connection, you can also use a Time-Based One Time Passcode (TOTP).

  1. When signing in and being prompted to "Verify your identity," select the option "I can't use my Microsoft Authenticator app right now."
  2. Select "Use a verification code."
  3. To get the verification code:
    1. Open your Microsoft Authenticator app > Select the entry for Rancho Santiago > look under the "One-time password code".  This code refreshes every 30 seconds.

Set up an alternate MFA method

You can manage your sign-in methods from the Microsoft Authenticator app itself by doing the following:

Open your Microsoft Authenticator app > Select the entry for Rancho Santiago > Select Update Security info.
This will take you to the "My sign-ins" page for your account, where you can add, remove, or edit an existing authentication method. such as SMS Text Message or Phone Call.

New Phone, Lost Phone, Stolen Device

If you lose or replace your device that has Microsoft Authenticator installed, or you are using a new phone number,  you'll need to have a backup MFA method enabled to access your account, or contact the ITS Help Desk so we can remove the registration from the old device so you can register the new device.

Set up backup MFA method

See the section on how Managing MFA Methods.

Contact the ITS Help Desk for assistance

Contact the ITS Help Desk for help if you can't manage your authentication methods.  We can help you re-enroll into MFA with your new device.

Managing MFA Methods

Access the My Sign-Ins / Security Info page

  • From a web browser:  Go to https://aka.ms/mfasetup
  • From the Microsoft Authenticator app:   Open your Microsoft Authenticator app > Select the entry for Rancho Santiago > Select Update Security info.

Both methods will take you to the "My Sign-ins / Security Info" page for your account, where you can add, remove, or edit an existing authentication method. such as SMS Text Message or Phone Call.   This includes removing, editing, or adding new MFA methods, such as in the event of replacing your mobile device or phone number.

On the Security Info page, we strongly suggest setting up a secondary Authentication method using the “Add sign-in” button.

MFASecurityInfo.png

Please note that you'll be required to authenticate using MFA to access https://aka.ms/mfasetup.  If you only had one MFA method available, and it's no longer working, you won't be able to log in here.

If you're unable to manage your authentication methods, please contact the ITS Help Desk for assistance with MFA.  We can help you remove, edit, or add another MFA method if you lose access to or replace your original device.

Remove and re-add Microsoft Authenticator as an MFA method

If you're using the Microsoft Authenticator app from a new phone, it may no longer work from the new phone.  To fix this, please apply the following steps.

Steps to remove/re-add Microsoft Authenticator as an MFA method when using a new device:

  1. Access the "My sign-ins" page to manage your MFA methods.
    1. From a web browser:  Go to https://aka.ms/mfasetup
    2. From the Microsoft Authenticator app:   Open your Microsoft Authenticator app > Select the entry for Rancho Santiago > Select Update Security info.
  2. Remove the existing Microsoft Authenticator method listed there.
  3. Select Add > Authenticator app to go through the MFA enrollment process again with the Microsoft Authenticator app on your new phone, as if you're setting it up for the first time.
If you're unable to manage your authentication methods, please contact the ITS Help Desk for assistance with MFA.  We can help you remove, edit, or add another MFA method if you lose access to or replace your original device.

Remove old phone number and add a new phone number as an MFA method

If you received a new phone number and can no longer authenticate using SMS Text Message or phone call, you may need to remove the old phone number and add the new phone number as an MFA method.    To fix this, please apply the following steps.

Steps to remove an old phone number and add a new phone number as an MFA method:
  1. Access the "My sign-ins" page to manage your MFA methods.
    1. From a web browser:  Go to https://aka.ms/mfasetup
    2. From the Microsoft Authenticator app:   Open your Microsoft Authenticator app > Select the entry for Rancho Santiago > Select Update Security info.
  2. Login to https://aka.ms/mfasetup to manage your authentication methods.
  3. Remove the existing phone number listed there. 
  4. Select Add > Phone number to go through the MFA enrollment process again with the new phone number.

If you're unable to login to manage your authentication methods, please contact the ITS Help Desk for assistance with MFA.  We can help you remove, edit, or add another MFA method if you lose access to or replace your original device.

Applications and MFA

What applications require MFA?  Is Canvas and Self-Service Affected?

Faculty and staff are required to use MFA when accessing certain District resources while outside of campus or the District network (e.g., working from home, while traveling, etc).

At this time, MFA is required for the following applications while working off campus:

  • Microsoft Office365, which includes:
    • Outlook Email (Exchange Online) at https://outlook.office.com
    • Outlook app for mobile devices
    • Microsoft Teams
    • OneDrive
    • OneNote
    • Microsoft Office365 desktop apps (such as Word, Excel, PowerPoint, etc)
    • The www.office.com website and any related Microsoft services that use this login.
At this time, Canvas and Self-Service are not affected by MFA requirements.  (If you are accessing the link to email from Self-Service, this points to Office365, and would require you to use MFA).

Starting on July 17​, 2023, when you're not on campus and try to use one of the applications mentioned above, you'll be asked to set up an MFA (Multifactor Authentication) method.  If you already have an MFA method set up, you'll be asked to confirm your identity using your MFA method.

How to receive assistance with MFA

Contact the ITS Help Desk for assistance

Contact the ITS Help Desk for help if you can't manage your authentication methods.  We can help you re-enroll into MFA with your new device.

(You've reached the end of the page.  Select this link to return to the top of the page.)





To fix this, please do the following.