MFA (Multi-Factor Authentication) - Main Page

Multi-Factor Authentication (MFA) enhances security by verifying the identity of users attempting to access SVSU software and systems. MFA requires two forms of verification:

  • First Layer: Your SVSU username and password.
  • Second Layer: Confirmation of the login attempt on a separate device, such as your phone or another mobile device.

The rationale for using MFA is straightforward: even if an unauthorized person obtains your username and password, they are unlikely to have access to your personal device. This additional step makes it significantly more difficult for unauthorized users to access your account.

On This Page

 

Begin MFA Setup: Introductory Videos

Set Up Authenticator App Method (recommended) Video

Set Up Phone Call Method

Read Your MFA Welcome Email

MFA is implemented on all new users at users at SVSU based on your role at the university.  For new employees your account is enforced with MFA after 7 days from your start date. For new/incoming students it is enforced the second week of your starting semester.

When you receive a welcome email message from MFAuth@svsu.edu you will find instructions on how to set up your user account for MFA. Note: You have one week to set up your authentication methods. If you do not set up MFA on your account, you will not be able to sign in to SVSU service or software. You will then need to contact the IT Support Center to regain access to your account.

Sample Welcome Email

From the welcome email, click the Multi-Factor Authentication User Portal link.  Or, go to mfa.svsu.edu

Select an Authentication Method

When selecting your method of authentication, it's important to consider the reliability of your cellular and Wi-Fi signals:

  • Microsoft Authenticator App: This app sends notifications through either Wi-Fi or cellular networks. When on campus, we recommend connecting to the "SVSUSecure" network for the best experience.
  • Phone Calls: These require a stable cellular network since they are made via your phone's cell service.

If you do not have a phone, you can use an Oath Token. The availability and cost depend on your role at the university:

  • Faculty/Staff: Your first Oath Token is provided free of charge. Any subsequent replacements must be purchased.
  • Students: Oath Tokens can be purchased from Campus Financial Services.

Types of Sign-In Methods

All sign-in methods can be set up from your Microsoft account, visit mfasecurity.svsu.edu A list of each sign-method is below on what to expect with your chosen method of authentication.

  • Mobile App (Recommended): View article on how to Set up the Microsoft Authenticator app.
    • Download and install the Microsoft Authenticator app on a smart device. 
    • Visit mfasecurity.svsu.edu log in with your SVSU username and password.
    • First time set up, click +Add sign-in method from the list of available methods, choose Microsoft Authenticator then follow the on-screen prompts to complete the setup.
    • After set up, when you sign into a SVSU software or system a number will display on the device you are logging into, the number that displays on your screen is what you will need to enter into the Microsoft Authenticator app. Many users find using the mobile app is the easiest sign-in method to use.
  • Phone Call: Watch this short video on how to manage and set up Phone Call sign-in.
    • Use any phone to authenticate.  Be sure it is a phone you will regularly and have it near you when you need to authenticate.  We suggest using your cell phone, but you can use your office phone (if applicable). 
    • First time set up, click +Add sign-in method, from the list of available methods, choose Phone - call then follow the on screen prompts.
    • After set up, when you enter your SVSU username and password, you will receive an automated phone call. Answer the phone and press the pound symbol, #, when prompted to approve your sign-in.
    Oath Token: View instructions Oath Token Method Setup
    • An Oath Token is a device, the size of a flash drive, that displays a unique series of numbers, on a 30 second rotation.  Note: The IT Support Center will need to register your Oath Token.
    • First time set up, click +Add sign-in method, from the list of available methods, choose Authenticator app or hardware token then follow the on screen prompts.
    • After set up, when you enter your SVSU username and password, your screen prompts you for a code. Turn on your Oath Token, a secret six digit code displays, type the numbers into the device's screen you are using.
    • SVSU faculty and staff can request their first Oath token for free from the IT Support Center.  Replacements must be purchased from Campus Financial Services. Students wishing to use an Oath Token can purchase them from Campus Financial Services.  

Mobile App Users- Note About New Phones

Should you get a new phone, you will need to install and re-activate the Microsoft Authenticator app. Visit mfasecurity.svsu.edu to set up your new phone with MFA and follow the on-screen prompts, view how to set up the mobile app with step by step instructions.

After MFA is Enabled

Below is a list of what to expect once your account has been enrolled in Multi-factor Authentication.

  • When trying to access an SVSU service, you will be prompted to authenticate using the preferred method you set. The system will not complete the log in until after it has validated your sign-in authenticating your account.
  • Your device screen displays “For security reasons, we require additional information to verify your account.” This message disappear after one minute. Below is a sample image of the screen prompt when using the mobile app.

      MFA main - mobile app - default sign in
     
  • After one minute, if you have not used your preferred method to authenticate, the screen will display "We didn't receive a response. Please try again." You will need to click on "Use a different verification option." Note: It is recommended to have more than one sign-in method set up on your account.
  • The authentication for your sign-in will be valid for that system within that browser session for eight hours (for most systems).  Unless you close the entire browser session, close the authenticated browser tabs or log out of any authenticated browser tabs.
  • If you restart your computer, use a different browser, use a private browser window, log in to a different computer, or if eight hours have passed, you will need to authenticate again.
  • If you incorrectly enter your SVSU username and password six consecutive times you will be locked out for ten minutes.

If You Are Not Trying to Login, Do Not Approve the Sign-In

If you receive a notification that your account needs authentication, but you did not initiate the log in, please do not approve the request.  Change your password immediately, then contact the IT Support Center.

Create Ticket Print Article

Details

Article ID: 126921
Created
Mon 2/1/21 12:02 PM
Modified
Fri 4/12/24 4:30 PM

Related Articles (4)

SVSU uses a Self-Service Password Reset (SSPR), allowing you to easily change or recover your password if forgotten or it has expired.
Manage account security information and sign-in methods used to verify your account during MFA and Password Reset.
This method authenticates your account using verification codes generated on the Oath Token.
Instructions on setting up the recommended sign-in method for MFA using the Microsoft Authenticator app.

Related Services / Offerings (1)

Multi-Factor Authentication instructions and options.