Multi-Factor Authentication - JHU
INTRO
JHU IT now has new authentication security protection measures in place for several of their central services in the form of Multi-factor Authentication (MFA). For example, both your online JHU W2 and Employee Self Service (ESS) in MyJH use it. The JHU VPN system from JHU requires MFA as well. ("Two factor authentication" is a type of MFA you might have heard of before.) We will see more and more JHU sites/services requiring MFA, and you will need to configure your MFA access.
Details About The JHU Multi Factor Enrollment And Use Process
For more details on JHU's implementation of MFA and and instructions on how to configure and use it, please visit WSE IT's documentation on the subject at:
JHU's MFA page to enroll or manage your MFA configuration can be found at:
The Enroll link on that page provides a helpful video showing the enrollment method.
Also, we will outline the basic steps to set up MFA directly below...
Setting Up Multi-Factor Authentication
- To get started with MFA, you will need to visit the Azure MFA Resource Center's Enrollment Page to enroll.
- That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through.
Authenticators
- As part of the MFA setup process, you will end up having to choose an authenticator method to use. There are several authenticator methods:
- Text your phone: When JHU needs you to enter your MFA code during login to JHU's MFA-required pages/apps, they will text your phone with the MFA code that you will use to enter into whatever prompt they send you.
- Use an app/program: Alternatively, you can choose to install an authenticator program on your computer (or phone.) The authenticator program, when run, will provide the 6-digit number to enter when you are prompted at JHU for your MFA code. JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code. You can download Microsoft Authenticator according to instructions from the enrollment process video. Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth. Macs, Androids and IPhones have various authenticators available as well. Note that the codes are generated using time-based factors... so, the code you generate needs to be entered soon (up to a minute) when you are prompted, otherwise, you need to generate another code.
Adding An MFA Authentication Method Or Changing Your Default MFA Authentication Method
- Once you have your MFA set up... By default, the MFA authentication process seems to make texting your phone the way JHU provides you your MFA code. Some users might want to change this from receiving a text from JHU to using an authenticator app (e.g., WinAuth on PC or a similar app on a phone, for instance) instead.
- To change your default authentication method, simply log into https://aka.ms/mfasetup Once logged in, you'll see a list of your authentication options, and you can change the default option to using a Hardware Token (Authenticator App) instead of the Phone (text) option.
- To add a new authentication method, again log into https://aka.ms/mfasetup and choose Add method (it is preceded by a blue plus sign.)
NOTE: If you have any issues with setting up Multi-factor authentication, you should contact JHU IT Support.