Body
Think of all the information linked to your St. Edward's account: Address, bank information, social security number or passwords. Protecting your account is one of our top priorities. Multi-factor authentication (MFA) adds layers beyond a password to protect your account. Here are some answers to our most common MFA questions and issues.
This article answers:
To set up MFA, read our step-by-step instructions for setting up MFA.
You're likely familiar with 2-step or second-factor authentication for your financial accounts or perhaps an online shopping account, such as Amazon. MFA is essentially the same concept, except that you can choose more than two authentication factors if you like. Simply put, MFA is about ensuring only you can access your information. MFA = Something you know (knowledge factor) + something you have or are (possession factor).
Upon joining St. Edward's University, your first step is creating a password for your account. That's something you know.
The next step is setting up a strong possession factor. You can choose something you have (like a code in an app on your phone) or something you are (like a fingerprint). IET recommends setting up multiple strong possession factors to avoid relying on a single device for access; specifically, Okta Verify on your mobile device and the Okta Verify desktop application or your laptop or tablet.
A: IET requires a strong possession factor to best protect your account from security threats. Security questions are a knowledge factor and do not meet IET's security standard. Emails and text messages are weak possession factors; they are not tied to specific devices and send codes that can be intercepted or impersonated by threat actors.
A: Nope! One authentication option does not require a smart phone. Refer to the chart below for more details.
A: We have several verification factors to choose from. Here's a comparison to help you choose the best options for your needs:
| Authentication Type |
What It Is |
Benefits |
Obstacles |
Requires A Smartphone? |
| Okta Verify Mobile Application |
- An app from the university's identity management system
|
- Can authenticate from a push notification on your phone or smartwatch
- Quick authentication
|
|
|
| Okta Verify Desktop Client |
- An app from the university's identity management system
|
- Quick authentication
- Does not require a separate device
|
- Device-specific; can only be used to authenticate on laptop or tablet where it is installed
|
|
Security Key
OR
Biometric Authenticator |
- Security Key: A USB stick that you insert into your computer
- Biometric Authenticator: Utilize a fingerprint/face reader on your computer (e.g., Windows Hello, Touch ID on Mac)
|
- Most secure option
- Quick authentication
|
- Requires purchase of additional equipment
- Has to be carried around with you and kept in a secure location
|
|
| Google Authenticator App |
- An app from Google that gives you a six-digit code
|
- The app serves various purposes, like accessing your bank or social media accounts.
|
|
|
A: No, but IET recommends establishing a backup factor in case your preferred method is unavailable. While setting up all factors is unnecessary, having a backup option helps in case your usual one is unavailable.
A: If you're using mobile credentials for campus access or Topper Tender, you already have MFA enabled on your account. However, IET recommends setting up other factors so you are not dependent on a single authentication method.
Second, check your Extra Verification section to see your setup.
Note: If you switch devices, you will have to set up MFA again. Apps like Okta Verify or Google Authenticator won't carry over MFA to a new device. If you get a new phone, don't erase your old one until you've been able to set up MFA on the new one. Otherwise, you could get prompts sent to a non-functional device and getting locked out of your account.
A: Don't ditch your old device yet! If you use apps like Okta Verify or Google Authenticator for MFA, switching to a new device wont transfer the MFA setup. If you get a new phone, don't erase your old one until you've successfully set up MFA on the new one. This prevents prompts from going to a device that doesn't work, locking you out of your account.
If you already ditched your old device and need to access Okta Verify or Google Authenticator, here is what you do next:
- If you can't access your old device and have no other accessible factors set up, contact IET Support to reset your factors.
- If you can't access your old device and have other factors set up that are not tied to it (for example, a biometric authenticator), log in as you normally would. Set up MFA, then edit to remove and add the Okta Verify or Google Authenticator factor. Use your other authentication factor for this process.
A: MFA only triggers if you are in a different location or you use a different device or browser, though some applications may require you to authorize more frequently than others due to application-specific security settings.
A: If you're in a classroom instructor station, you will not have to MFA for most apps! For faculty, all apps will bypass MFA authentication at the classroom instructor stations, with a few exceptions which will continue to enforce MFA.
- Exceptions: Apps that will continue to enforce MFA (even in instructor stations) are Crashplan, VPN, Banner Admin, BDM, Transact eAccounts, and Okta Admin.
However, if a faculty member wants to use MFA even in a classroom instructor station, they can opt-in by clicking the Instructor Station Option: Faculty opt-in to use 2nd factor at classroom instructor stations box in their Account Settings.
A: International travelers or students should make sure that Okta Verify is set up for receiving MFA notifications on their devices.
A: If you are an active/current Faculty, Staff, or Affiliate and have set up MFA, youre good to go even if your role changes. No need to reset MFA; your activation is tied to your university account. However, if you switch from active to former faculty/staff/affiliate and require access to university apps, MFA remains necessary.
For MFA setup, follow our step-by-step instructions.
A: IET support can help if you get locked out and cant access your account. We can help you reset MFA during our business hours, just like when you need help changing your password. Request help at support.stedwards.edu.