Multi Factor Authentication
Multi-factor authentication (MFA) adds an additional layer of account security by requiring two or more pieces of information to gain access to our data and systems.
The University of Adelaide requires multi-factor authentication for a range of applications. When you sign into University systems, you will continue to use your University username and password, as well as an additional authentication to verify your identity. This is done through a platform called Okta.
When you are in your Okta dashboard, be sure to go into settings and set your security image. Your security image will become your profile image for MFA. This image is another way for you to ensure you are typing your username and password into a legitimate platform.
To learn more about the benefits of MFA and single-sign in at the University you can watch this short video.
Setting up MFA
-
How do I set up or modify my MFA?
You can set up and modify your MFA authentication options by going to: https://id.adelaide.edu.au
There are two main identity verification options.
1. OKTA Verify (recommended)
This is currently the most secure verification option and once it is set up, is the easiest to use. When you log in to a University system that has MFA activated, your Okta Verify app will send a notification to your phone or smart watch. You simply need to confirm that it is you trying to access the system by tapping the notification.
If you can't find Okta Verify in your app store or your mobile phone does not support it, you may want to set up Google Authenticator.
You can also use the Okta Verify application directly on your computer. Guides on how to set this up can be found below
Windows SOE – Search for “Okta Verify” in Software centre
Windows personal device – Follow the link here
macOS - https://apps.apple.com/us/app/okta-verify/id490179405
2. Alternative Authenticators
This option enables you to use the Google Authenticator app, in addition to other authentication tools such as Authy, Last Pass and OTP Manager (see a larger list in the dot points below). The Google Authenticator app displays a code that changes every 30 seconds. When prompted by Okta, you will need to enter the code that Google Authenticator is displaying, before it changes. If you do not have a mobile phone, the Google Authenticator can be set up on your computer desktop. If you choose to use these apps, be mindful that the University support teams may not have experience with them.
Other options that you can consider:
- If you do not have or would prefer not to use a mobile phone, then Okta Verify for Windows and macOS may be the authentication tool for you. It is a desktop application that is accessible on both Windows and Mac computers. However, please note that this will not work with public or shared computers.
If you require further assistance to set up your MFA options please refer to the MFA Self-Help Guide.
-
I don't have a phone to use, what are my options?
You can set up and use the OTP Manager (One Time Password) app on your computer. The app is accessible on both Windows and Mac computers through your web browser.
- For Windows users, go to: OTP Manager.
- For Mac users go to: MAC OTP Manager.
If you are unsure of how to download an app to your computer, please watch the video below. Please note that this option is not available for use with shared or public computers.
For further support in setting up the OTP Manager, watch the video below.
If you require further assistance to set up your MFA options you can either open the MFA Self-Help Guide.
-
How can I register on my phone without using a QR code?
You can register for MFA through your phone. This takes a little longer than if you were able to capture the image of the QR code with your phone, but it is still pretty quick.
Okta Verify
When setting up Okta Verify, you have the option to select 'No Barcode?' rather than scan the QR code.
- Go to id.adelaide.edu.au
- Type in your University 'a' number and password
- Click 'Sign in'
- Under Okta Verify click 'Setup'
- Select the type of phone you have. If it is not an iPhone, select Android
- Click 'Next'
- Under the QR code click 'can't scan?'
- 'Send activation link via SMS' should be selected, so leave it there (unless you would prefer another option)
- Select 'Australia'
- Type in your mobile number, but leave the first '0' off as Okta has the +61 before you add your number
- Click Send
- Open the SMS message Okta has sent you and click on the link
Google Authenticator
When setting up Okta with Google Authenticator, you have the option to 'Enter a setup key' rather than scan a QR code.
- Go to id.adelaide.edu.au
- Type in your University 'a' number and password
- Click 'Sign in'
- Under Google Authenticator click 'Setup'
- Select the type of phone you have. If it is not an iPhone, select Android
- Click 'Next'
- Under the QR code click 'can't scan?'
- You will see the 'Secret Key Field'. You will need to copy (or write) this code somewhere (note you can not copy and paste it)
- Click 'Next'
- Go to your Google Authenticator app
- Click to 'add' a new account. This may be by pressing '+' in the bottom left
- Type in what you would like to name your account. For example UoA MFA
- Type in your secret key code in 'Your Key'
- Click 'Add'
- This will take you to your authentication list. Here is where you will find the 6 digit code for the account you just set up - for you to use in id.adelaide.edu.au
- Go back to id.adelaide.edu.au
- Type in your 6 digit authenticator code
- Click 'Verify'
-
Will we need MFA for generic accounts and devices?
Yes. If you are accessing a system with MFA, then you will need to set up your group authentication preference. There are rare situations around the University where a generic login may be shared on a specific device, or an account may be excluded from MFA If you are unsure or would like more information, please contact the ITDS Service Desk on the details at the bottom of this page.
Team email accounts
A work team may have a team email account set up. In this case, you would only need to set up MFA if you interactively login. i.e. if you have your generic / shared email account set up as a mailbox and accessed through outlook, you won't need to set up MFA for that account.
Shared computer or system access
For generic accounts, it maybe be best to set up the OTP Manager on the desktop through the Google Authenticator MFA option.
Or, you could copy the QR code for Okta Verify or Google Authenticator and have all users set up the one generic account in their own individual authenticator tools using the same QR image.
Or, you could use Google Authenticator select ‘can't scan’ and store the secure key code with each member of your team. You would all set up a new account in your individual authenticator tool using the same secure key. This is also handy for when new people join the team, or new devices are added by using the secure key.
What should we do if someone with generic access leaves the University?
Any time a member of the generic account moves on, the password, QR code or secure key should be changed and updated by all users.
If you require further support or advice on setting up generic accounts with MFA, please contact the ITDS Service Desk on the details at the bottom of this page, or log a request via our MyIT Portal.
-
How often will I need to authenticate through MFA/Okta?
If you only use one device, then you should only be required to authenticate with MFA every 90 days. However, there are some exceptions to this rule such as:
- Using a different web browser to access a system
- Using a different device, eg mobile phone, tablet, laptop, browser, desktop computer, etc
- Signing in from a location where it would have been impossible for you to travel to that place since your last log in
- If you clear the cache on your web browser
Some of the systems that you use also have their own rules for needing to sign in again. For example with Office 365 they have their own expiry times which may require you to log in again with your user name and password and MFA. The O365 times are:
- Web Clients (e.g. Outlook Web Access): 6 Hours
- Desktop Clients (e.g. Outlook 2019, Teams): 90 days
- Office Pro Plus License Check: 30 days
Troubleshooting with MFA
-
What happens if I change my phone number?
If you are changing your SIM card or phone number (not your phone), and you have the Okta Verify App, you can continue to use the Okta Verify App on your phone.
-
What happens if I change my phone?
If you have Okta Verify or Google Authenticate, you may need to update your authentication. Please note that you will need to have access to your old phone to be able to do this.
1. Log into your MFA profile at id.adelaide.edu.au, click settings and edit. You will be prompted to verify your identity though MFA.
2. Once verified, click Remove for the authentication linked to your old phone.
3. Download the Okta Verify or Google Authenticate app onto your new phone.
4. Click Set-up for Okta Verify or Google Authenticate to re-authenticate with your new phone.
If you do not have access to your old phone or are unable to reset your authentication for your new phone, you will need to contact the ITDS Service Desk to reset your authentication options.
Further support
For further support with Multi-Factor Authentication contact the ITDS Service Desk on 08 8313 3000.