Difference between revisions of "Multi-Factor Authentication - JHU"

Line 18: Line 18:
 
:[http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA]  -->
 
:[http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA]  -->
 
<!-- :[http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA/Users/index.html http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA/Users/index.html] -->
 
<!-- :[http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA/Users/index.html http://www.it.johnshopkins.edu/services/directoryservices/jhea/MFA/Users/index.html] -->
 +
 +
== Setting Up Multi-Factor Authentication==
 +
 +
<!--'''NOTE:  In order for some of the links below to bring you to the correct site, you may need to be on the JHU network (or the JHU VPN.)''' -->
 +
 +
:To get started with MFA, you will need to visit the Azure MFA Resource Center's '''''[http://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureMFAEnrollment  Enrollment Page]''''' to enroll. <!--  your JHED ID to have it work in conjunction with what JHU calls its ''myIT Login Code''.-->
 +
 +
:That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through.
 +
 +
===Authenticators===
 +
 +
:As part of the MFA setup process, you will end up having to choose an '''authenticator''' method to use.  There are several authenticator methods:
 +
 +
* Text your phone:  When JHU needs you to enter your MFA code during login to JHU's MFA-required pages/apps, they will text your phone with the MFA code that you will use to enter into whatever prompt they send you.
 +
 +
* Use an app/program:  Alternatively, you can choose to install an authenticator  program on your computer (or phone.)  The authenticator program, when run, will provide the 6-digit number  to enter when you are prompted at JHU for your MFA code.  JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code.  You can download Microsoft Authenticator according to instructions from the enrollment process video.  Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth.  Macs, Androids and IPhones have various authenticators available as well.  Note that the codes are generated using time-based factors... so, the code you generate needs to be entered soon (up to a minute) when you are prompted, otherwise, you need to generate another code.
 +
 +
:<!--NOTE: If you want to change your authenticator method or manage your MFA at some point, please first visit the main [https://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureLoginMFA Azure MFA page] and then click on ''Manage Azure MFA''.-->
 +
  
 
==Adding An MFA Authentication Method Or Changing Your Default MFA Authentication Method==
 
==Adding An MFA Authentication Method Or Changing Your Default MFA Authentication Method==

Revision as of 18:15, 8 December 2020

INTRO

JHU IT now has new authentication security protection measures in place for several of their central services in the form of Multi-factor Authentication (MFA). For example, both your online JHU W2 and Employee Self Service (ESS) in MyJH use it. The JHU VPN system from JHU requires MFA as well. ("Two factor authentication" is a type of MFA you might have heard of before.) We will see more and more JHU sites/services requiring MFA, and you will need to configure your MFA access.

Details About The JHU Multi Factor Enrollment And Use Process

For more details on JHU's implementation of MFA and and instructions on how to configure and use it, please visit WSE IT's documentation on the subject at:

http://wseit.engineering.jhu.edu/get-help/multi-factor-authentication

JHU's MFA page to enroll or manage your MFA configuration can be found at:

https://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureLoginMFA

The Enroll link on that page provides a helpful video showing the enrollment method.


Setting Up Multi-Factor Authentication

To get started with MFA, you will need to visit the Azure MFA Resource Center's Enrollment Page to enroll.
That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through.

Authenticators

As part of the MFA setup process, you will end up having to choose an authenticator method to use. There are several authenticator methods:
  • Text your phone: When JHU needs you to enter your MFA code during login to JHU's MFA-required pages/apps, they will text your phone with the MFA code that you will use to enter into whatever prompt they send you.
  • Use an app/program: Alternatively, you can choose to install an authenticator program on your computer (or phone.) The authenticator program, when run, will provide the 6-digit number to enter when you are prompted at JHU for your MFA code. JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code. You can download Microsoft Authenticator according to instructions from the enrollment process video. Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth. Macs, Androids and IPhones have various authenticators available as well. Note that the codes are generated using time-based factors... so, the code you generate needs to be entered soon (up to a minute) when you are prompted, otherwise, you need to generate another code.


Adding An MFA Authentication Method Or Changing Your Default MFA Authentication Method

Once you have your MFA set up... By default, the MFA authentication process seems to make texting your phone the way JHU provides you your MFA code. Some users might want to change this from receiving a text from JHU to using an authenticator app (e.g., WinAuth on PC or a similar app on a phone, for instance) instead.
  • To change your default authentication method, simply log into https://aka.ms/mfasetup Once logged in, you'll see a list of your authentication options, and you can change the default option to using a Hardware Token (Authenticator App) instead of the Phone (text) option.
  • To add a new authentication method, again log into https://aka.ms/mfasetup and choose Add method (it is preceded by a blue plus sign.)


NOTE: If you have any issues with setting up Multi-factor authentication, you should contact JHU IT Support.