Body
Think of all the information linked to your St. Edward's account: Address, bank information, social security number or passwords. Protecting your account is one of our top priorities. Multi-factor authentication (MFA) adds layers beyond a password to protect your account. Here are some answers to our most common MFA questions and issues. To set up MFA, read our step-by-step instructions for setting up MFA.
You're likely familiar with 2-step or second-factor authentication for your financial accounts or perhaps an online shopping account, such as Amazon. MFA is essentially the same concept, except that you can choose more than two authentication factors if you like. Simply put, MFA is about ensuring only you can access your information. MFA = Something you know (knowledge factor) + something you have or are (possession factor).
Upon joining St. Edward's University, your first step is creating a password for your account. That's something you know.
The next step is setting up a strong possession factor. You can choose something you have (like a code in an app on your phone) or something you are (like a fingerprint). IET recommends setting up multiple strong possession factors to avoid relying on a single device for access; specifically, Okta Verify on your mobile device and the Okta Verify desktop application or your laptop or tablet.
A: IET requires a strong possession factor to best protect your account from security threats. Security questions are a knowledge factor and do not meet IET's security standard. Emails and text messages are weak possession factors; they are not tied to specific devices and send codes that can be intercepted or impersonated by threat actors.
A: Nope! One authentication option does not require a smart phone. Refer to the chart below for more details.
A: We have several verification factors to choose from. Here's a comparison to help you choose the best options for your needs:
| Authentication Type |
What It Is |
Benefits |
Obstacles |
Requires A Smartphone? |
| Okta Verify Mobile Application |
- An app from the university's identity management system
|
- Can authenticate from a push notification on your phone or smartwatch
- Quick authentication
|
|
|
| Okta Verify Desktop Client |
- An app from the university's identity management system
|
- Quick authentication
- Does not require a separate device
|
- Device-specific; can only be used to authenticate on laptop or tablet where it is installed
|
|
Security Key
OR
Biometric Authenticator |
- Security Key: A USB stick that you insert into your computer
- Biometric Authenticator: Utilize a fingerprint/face reader on your computer (e.g., Windows Hello, Touch ID on Mac)
|
- Most secure option
- Quick authentication
|
- Requires purchase of additional equipment
- Has to be carried around with you and kept in a secure location
|
|
| Google Authenticator App |
- An app from Google that gives you a six-digit code
|
- The app serves various purposes, like accessing your bank or social media accounts.
|
|
|
A: No, but you should establish a backup factor for when your preferred method is unavailable or cannot be used on a particular device.
A: Don't ditch your old device yet! If you use apps like Okta Verify or Google Authenticator for MFA, switching to a new device wont transfer the MFA setup. If you get a new phone, don't erase your old one until you've successfully set up MFA on the new one. This prevents prompts from going to a device that doesn't work, locking you out of your account.
If you already ditched your old device and need to access Okta Verify or Google Authenticator, here is what you do next:
- If you can't access your old device and have no other accessible factors set up, contact IET Support to reset your factors.
- If you can't access your old device and have other factors set up that are not tied to it (for example, a biometric authenticator), log in as you normally would. Set up MFA, then add Okta Verify or Google Authenticator factor to your you new device using your other factor (e.g, security key or Okta FastPass). When you have successfully enrolled in Okta Verify or Google Authenticator on your new device, you should remove the MFA factor associated with your old device.
A: Yes. MFA prompts will trigger if you are in a different location or you use a different device or browser. Many applications require you to authorize more frequently than others due to application-specific security settings.
A: International travelers or students should make sure that Okta Verify is set up for receiving MFA notifications on their devices.
A: If you are an active/current Faculty, Staff, or Affiliate and have set up MFA, you are good to go even if your role changes. No need to reset MFA; your activation is tied to your university account. If you transition from active to former faculty/staff/affiliate and require access to university apps, MFA is still required.
A: IET support can help if you get locked out and cant access your account. We can help you reset MFA during our business hours, just like when you need help changing your password. Request help at support.stedwards.edu.
A: If you're in a classroom instructor station, you will not have to MFA for most apps! For faculty, all apps will bypass MFA authentication at the classroom instructor stations, with a few exceptions which will continue to enforce MFA: Crashplan, VPN, Banner Admin, BDM, Transact eAccounts, and Okta Admin.
If a faculty member wants to use MFA in a classroom instructor station, they can opt-in by clicking the Instructor Station Option: Faculty opt-in to use 2nd factor at classroom instructor stations box in their Account Settings.
