What Is MFA

Think of all the information linked to your St. Edwards account: Address, bank information, social security number or passwords. Protecting your account is one of our top priorities. Multi-factor authentication (MFA) adds layers beyond a password to protect your account. Here are some answers to our most common MFA questions and issues.

This article answers:

What is MFA?
What happens if I already have MFA set up, but I got a new phone?
I think I already have MFA set up, but how can I make sure?
I'm locked out of my St. Edwards account! What do I do?
Do I have to use a cell phone for MFA?
Will I have to authorize constantly once I set up MFA?
If I am a faculty member, will I have to constantly authenticate MFA in the classroom during instruction?
What happens if the deadline arrives and I don't have MFA set up yet?
What about international students, or if I travel internationally?
Do I need to set up all authentication factors?
I don't have a smartphone/I would rather not add an app to my phone/I want the most efficient authentication option/etc. Which authentication option(s) should I pick?
What if my role at St. Edward's changes?

To set up MFA, read our step-by-step instructions for setting up MFA.

Q: What is MFA?

You're likely familiar with 2-step or second-factor authentication for your financial accounts or perhaps an online shopping account, such as Amazon. MFA is essentially the same concept, except that you can choose more than two authentication factors if you like. Simply put, MFA is about ensuring only you can access your information. MFA = Something you know + something you have or are.

Upon joining St. Edward's University, your first step is creating a password for your account. That's something you know.

What other authentication factor(s) you select to protect your account is up to you. You can choose something you have (like a code sent to your phone) or something you are (like a fingerprint). The point is, it doesn't matter which authentication option you choose, as long as you have at least two factors set up, including your password. Setting up multiple authentication methods/factors is recommended by OIT to avoid relying on a single device for access.

Extra Verification screen

Q: What happens if I already have MFA set up, but I got a new phone?

A: Don't ditch your old device yet! If you use apps like Okta Verify or Google Authenticator for MFA, switching to a new device won't transfer the MFA setup. If you get a new phone, don't erase your old one until you've successfully set up MFA on the new one. This prevents prompts from going to a device that doesn't work, locking you out of your account.

If you already ditched your old device and need to access Okta Verify or Google Authenticator, here is what you do next:

If you can't access your old device and have no other accessible factors set up, contact OIT Support to reset your factors.
If you can't access your old device and have other factors set up that are not tied to it (for example, SMS, given that your number didn't change, or a biometric authenticator), log in as you normally would. Set up MFA, then edit to remove and add the Okta Verify or Google Authenticator factor. Use your other authentication factor for this process.

Q: I think I already have MFA set up, but how can I make sure?

A: If you're using mobile credentials for campus access or Topper Tender, you already have MFA enabled on your account. However, OIT recommends setting up other factors so you are not dependent on a single authentication method.

Second, check your Extra Verification section to see your setup. In the screenshot example, all factors are enabled except for Voice Call authentication. This is signaled by the Voice Call Authentication status being "Disabled," while the other factors are "Enabled."

A screenshot of the Extra Verification section in a user's profile with the authentication options listed. Each option has a status to the right of the name of the authentication option. All of the authentication options have enabled, except for "Call Authentication"

Note: If you switch devices, you will have to set up MFA again. Apps like Okta Verify or Google Authenticator won't carry over MFA to a new device. If you get a new phone, don't erase your old one until you've been able to set up MFA on the new one. Otherwise, you could get prompts sent to a non-functional device and get locked out of your account.

Q: I'm locked out of my St. Edwards account! What do I do?

A: OIT support can help if you get locked out and can't access your account. We can help you reset MFA during our business hours, just like when you need help changing your password. Request help at support.stedwards.edu/s/contact-us.

Q: Do I have to use a cell phone for MFA?

A: Nope! Three authentication options do not require a cell phone. Refer to the chart below for more details.

Q: Will I have to authorize constantly once I set up MFA?

A: MFA only triggers if you are in a different location or use a different device or browser. Faculty will not be required to MFA at classroom instructor stations (refer to the following question for details).

Q: If I am a faculty member, will I have to constantly authenticate MFA in the classroom during instruction?

A: If you're in a classroom instructor station, you will not have to MFA for most apps! For faculty, all apps will bypass MFA authentication at the classroom instructor stations, with a few exceptions, which will continue to enforce MFA.

Exceptions: Apps that will continue to enforce MFA (even in instructor stations) are Crashplan, Salesforce, VPN, Banner Admin, BDM, Transact eAccounts, and Okta Admin.

If a faculty member wants to use MFA in a classroom instructor station, they can opt in by clicking the "Instructor Station Option: Faculty opt-in to use 2nd factor at classroom instructor stations" box in their Account Settings.

A screenshot of the personal information section of St. Edward's account settings, highlighting the Instructor Station Option, showing it is unmarked.

Q: What happens if the deadline arrives and I don't have MFA set up yet?

A: Users who have not completed the MFA on their device/browser will be prompted to set up MFA factors upon first login to any app requiring SSO. Once set up, users will be logged in and can continue their work. For more details, see the step-by-step instructions for setting up MFA.

Q: What about international students, or if I travel internationally?

A: International travelers or students won't be able to receive SMS text or voice call authentication notifications. In such cases, ensure an alternate factor like Okta Verify is set up for receiving MFA notifications.

Q: Do I need to set up all authentication factors?

A: No, but it's advised by OIT to establish a backup factor in case your preferred method is unavailable. We support multiple MFA options, like SMS or Voice Call Authentication, for this purpose. While setting up all factors is unnecessary, having a backup option helps in case your usual one is unavailable. When MFA is prompted, select whichever authentication factor you've already set up to log in.

This screenshot shows two authentication options set up: Okta Verify and Security Key or Biometric Authenticator.
This user has two authentication options set up: Okta Verify and Security Key or Biometric Authenticator. When prompted for MFA, the user can choose whichever method to authenticate with.

Q: I don't have a smartphone/I would rather not add an app to my phone/I want the most efficient authentication option/etc. Which authentication option(s) should I pick?

A: We have several extra verification factors to choose from. Here's a comparison to help you choose the best options for your needs:

Authentication Type	What It Is	Potential Benefits	Potential Obstacles	Requires A Smartphone?
Okta Verify	An app from the university's identity management system	Can authenticate from a push notification on your phone or smartwatch Quick authentication	Requires a smartphone	Yes
Security Key OR Biometric Authenticator	Security Key: A USB stick that you insert into your computer Biometric Authenticator: Utilize a fingerprint/face reader on your computer (e.g., Windows Hello, Touch ID on Mac)	Most secure option Quick authentication	Requires purchase of additional equipment Has to be carried around with you and kept in a secure location	No
Google Authenticator App	An app from Google that gives you a six-digit code	The app serves various purposes, like accessing your bank or social media accounts.	Requires a smartphone	Yes
SMS Authentication	A text message sent to your phone with a six-digit code	Doesn't require a smartphone	If your phone or SIM card is stolen, your codes could be intercepted Least secure option Unavailable for international travelers or international students.	No
Voice Call Authentication	An automated phone call that gives you a five-digit code	Doesn't require a smartphone	Slowest way to log in Requires you to answer a call Unavailable for international travelers or international students.	No

Q: What if my role at St. Edward's changes?

A: If you are an active/current Faculty, Staff, or Affiliate and have set up MFA, you're good to go even if your role changes. No need to reset MFA; your activation is tied to your university account. However, if you switch from active to former faculty/staff/affiliate and require access to university apps, MFA remains necessary.

For MFA setup, follow our step-by-step instructions.

Was this helpful?

0 reviews

Print Article

Updating...