Multi-Factor Authentication - JHU

(Redirected from JHU Multi-Factor Authentication)

INTRO

JHU IT now has new authentication security protection measures in place for several of their central services in the form of Multi-factor Authentication (MFA).
For example, both your online JHU W2 and Employee Self Service (ESS) in MyJH use it. The JHU VPN system from JHU requires MFA as well. ("Two factor authentication" is a type of MFA you might have heard of before.) We will see more and more JHU sites/services requiring MFA, and you will need to configure your MFA access.
JHU uses Microsoft Azure for providing JHU's Multi Factor Authentication service.

Details About The JHU Multi Factor Enrollment And Use Process

For more details on JHU's implementation of MFA and and instructions on how to configure and use it, please visit WSE IT's documentation on the subject at:
http://wseit.engineering.jhu.edu/get-help/multi-factor-authentication
JHU's Azure MFA page to enroll or manage your MFA configuration can be found at:
https://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureLoginMFA
Also, we will outline the basic steps to set up MFA directly below...

Setting Up Multi-Factor Authentication

To get started with MFA, you will need to visit the Azure MFA Resource Center's Enrollment Page to enroll.
That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through.

Authenticators

As part of the MFA setup process, you will end up having to choose an authenticator method to use. There are several authenticator methods:
  • Text your phone: When JHU needs you to enter your MFA code during login to JHU's MFA-required pages/apps, they will text your phone with the MFA code that you will use to enter into whatever prompt they send you.
  • Use an app/program: Alternatively, you can choose to install an authenticator program on your computer (or phone.) The authenticator program, when run, will provide the 6-digit number to enter when you are prompted at JHU for your MFA code. JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code. You can download Microsoft Authenticator according to instructions from the enrollment process video. Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth. Macs, Androids and IPhones have various authenticators available as well. Note that the codes are generated using time-based factors... so, the code you generate needs to be entered soon (up to a minute) when you are prompted, otherwise, you need to generate another code.


Adding An MFA Authentication Method Or Changing Your Default MFA Authentication Method

Once you have your MFA set up... By default, the MFA authentication process seems to make texting your phone the way JHU provides you your MFA code. Some users might want to change this from receiving a text from JHU to using an authenticator app (e.g., WinAuth on PC or a similar app on a phone, for instance, as described above) instead.
  • To change your default authentication method, simply log into https://mysignins.microsoft.com/security-info Once logged in, if you're not directed directly to the Security Info page, simply click Security info on the left. You'll see a list of your authentication options, and you can change the default option to using a Hardware Token (Authenticator App) instead of the Phone (text) option.
  • It is also recommended to add an additional authentication method -- should your phone (or your app) be unavailable, you will have an alternative method with which to authenticate with MFA. To add a new/additional authentication method, again log into https://mysignins.microsoft.com/security-info (and click Security info on the left, if needed) and choose Add method (it is preceded by a blue plus sign.)


NOTE: If you have any issues with setting up Multi-factor authentication, you should contact JHU IT Support.