Multi Factor Authentication
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is an authentication method that requires the user to provide different verification methods to gain access to a particular system or account.
MFA is being rolled out to all Nexus accounts. This means you will need additional methods of authentication to log into systems using it (such as your email) by confirming your access on a different device, such as your mobile phone.
Setting up MFA
You'll be emailed by IT letting you know when MFA will become compulsory, and telling you what you need to do.
However, you can set up your MFA sign in methods in advance (e.g. Microsoft Authenticator app, phone number(s), Yubico key) on your Single Sign-On account.
You can also download the Microsoft Authenticator app.
Helpful links
- IT Services Project Page (including documentation)
- IT Services FAQ
- MFA sign in method portal
- Configuring your email client(s)
- Outlook Webmail
- WebAuth (including resetting your SSO account passphrase)
- Microsoft Authenticator app
Common problems and how to fix them
Email client not working after MFA migration
If there is an issue with your mail client not working, please test you can log into the webmail client.
If you can, it is an application issue local to your computer.
If not, it is an account issue.
If it is just an incorrect/forgotten passphrase/password, that can be reset from the WebAuth page.
Application Issue
If an application issue, the usual fix is to remove the account from your mail client/device and then re-add it back in.
Please make sure your email client and OS are both up to date and latest versions (e.g. Outlook 2013 will not work).
Getting a MESSAGE: YOUR ACCOUNT DOES NOT EXIST
If when adding your account to an email account and it gives a "your account does not exist" type of error message, confirm if it is asking for your email address or SSO. Some clients ask for email address first and then ask for your SSO, and some will insert the email address in a field when it should use your SSO after you have put in your email address. More client specific details are available from the University pages on setting up mail clients.
e.g. kenn1234@OX.AC.UK or example.name@kennedy.ox.ac.uk