Multifactor authentication (MFA).
To secure your Odisee account, multifactor authentication has been implemented on your student account within our university college. Frequently asked questions and answers about this item can be found below.
-
Multifactor authentication (MFA) means, as the word suggests, authenticating with multiple factors. Everybody know the classic way of signing in with a username and password. The use of a password is just one factor, something you know. With multifactor authentication you typically have a second factor in the form of something you have.
The most common method is a smartphone app registered to your smartphone which is not transferable to an other device. In case of the Microsoft Authenticator, you will receive a push notification where you simply have to "Deny" or "Approve" your sign-in attempt. That way you prove that you have something (your smartphone) to prove that you are the one signing in to your account.
-
More and more hackers are being very creative and mainly automated in finding and abusing accounts - which can have some serieus consequences. With the classic way of working with only a username and password, the hacker has enough by knowing your password. By using multifactor authentication you add an other factor to the game, which can stop the hacker.
As long as the sign-in attempt is not approved in the smartphone-app, the hacker will not be able to enter your account. As an extra bonus, registering MFA also add extra security measures on Microsoft's end. As a user you will hardly feel anything about this, but it does keep out a lot of hackers from your account.
-
The second factor for your Odisee account is enforced on Odisee applications including the following:
-
Email (webmail, mail app, ...)
-
Microsoft Teams
-
OneDrive
-
Student platform (odisee.be)
-
Other Odisee applications (printkrediet.odisee.be, ...)
For the KU Leuven account of Odisee students, multifacor authentication is not currently enforced.
-
-
The installation of multifactor authentication is linked to the activation of your Odisee account.
Read here how to activate your Odisee account!Was your Odisee account already activated, but have you forgotten to pre-register multifactor authentication or has your registration been reset? Then you can follow these steps to register MFA:
- Surf to portal.office.com
- Log in with your username and password
- You will now be notified that more information is required to keep your account secure and to complete the activation process.
- Choose Next.
- You will receive a message that you need the 'Microsoft Authenticator' app. Choose 'Next'.
- You will get another message that will start the registration process in the 'Microsoft Authenticator' app. Select 'Next' again.
- Open the Authenticator app on your smartphone
Microsoft will ask if they can collect diagnostic information through the app to improve their service. You can choose whether to accept or reject it. - On the next screen you choose 'Scan a QR code'
- You now scan the QR code displayed on your computer screen with the app on your smartphone. The account is added to the Authenticator app and you choose 'Next' in the web browser on your computer.
- You will now see the following window on your laptop. At the same time, a request is sent to the app on your smartphone.
- On your smartphone, you must approve the registration by entering the number shown.
- If you approved the request in the app on your smartphone, you will now see a confirmation on your PC that the request is approved.
- You have now linked the app on your smartphone to your Odisee account and successfully registered your security info.
- You can now start using this method as a second factor when logging in.
- If you choose the Microsoft Authenticator app, you will receive a pushnotification on your smartphone from time to time to approve your sign-in.
- Do not delete the app as you will need it to sign in to your Odisee account.
- Now that the security info has been successfully registered you choose 'Done'.
-
The multifactor authentication remains valid for 7 days on a computer and 30 days on a smartphone. This is under the condition that clicked Yes when asked 'Stay signed in?'.
Smartphone related questions/problems
-
You unfortunately cannot register a new multifactor without your old smartphone. Therefore, please create a ticket at the ICT service desk or stop by your local ICT service desk.
-
Sorry, we can't help you further with this. You will have to go get your smartphone. Know that you can also use Odisee computers, no multifactor authentication is required on these.
-
Sorry, we can't help you further with this. Perhaps you can borrow a charger from one of your fellow students. Know that you can also use Odisee computers, no multifactor authentication is required on these.
-
Have you got a new smartphone? Then you need to re-register multifactor authentication (MFA) on it for your Odisee account. That's because MFA is device-specific when using a smartphone app. Don't delete the app on your old device yet, because you'll need the Microsoft Authenticator app to register your new device.
- Surf to https://mysignins.microsoft.com/security-info
- Log in with your Odisee account
- Execute multifactor authentication with your old device
- Click on '+ Add method'
- Choose method 'Authenticator app'
- Click on 'Add'
- Follow the instructions in the web browser
- Download the Microsoft Authenticator app on your new smartphone
- Click on 'Next' in your browser window
- At the window 'Set-up your account' click again on 'Next'
- Scan the QR code into the Microsoft Authenticator app
Are you having trouble with these steps? Take a look at the video on how to activate your Odisee account.
- You will now see a window asking you to approve the notification in the Microsoft Authenticator app
- Approve the notification on your smartphone
- When you get the message in the browser window that the notification was approved, you have successfully registered MFA on your new device
-
No problem! You can also register using your cell phone number. Just know that this is less secure than an app and you cannot receive an SMS if you have no reception.
Registering through SMS can be done like so:
- At the step where it asks you to download the Microsoft Authenticator, click on 'I want to set up an other method' at the bottom.
- In What method would you like to use? choose 'Phone'
- Click 'Next'
- Select the country to which your cell phone number belongs
- Fill in the remaining digits of your cell phone number in there
- Click 'Next'
- You will now receive an SMS on the number entered in which Microsoft authentication is mentioned
- Did you make a mistake in the cell phone number? Then click 'Back' and repeat the steps.
- Didn't receive the SMS after some time? Then click on 'Resend code'.
- Fill in the six digits of this text in the browser window
- Click on 'Next'
- Multifactor authentication through SMS has now been successfully registered
Do you not have a cell phone either? Then we recommend to contact the student services department (STUVO). That way, we can see what we can do for you with the social service.
-
Be sure to check first that you are indeed using the Microsoft Authenticator app and that it is up-to-date. Also check your smartphone's app settings. Make sure you have allowed access to your camera for the Microsoft Authenticator app, otherwise you won't be able to scan a QR code from within the app.
- If this still does not work, then click on Can't scan image? at the MFA registration.
- In the Microsoft Authenticator, first choose to add a work or school account via QR code
- On the camera screen, click 'Or enter code manually' at the bottom.
- Next, enter the code and URL that appear in the browser window
- Once completed, click 'Next' in your browser window.
- You will now receive a push notification on your smartphone that you must approve
- Once approved, the browser window shows that the registration was successful or not
Do you prefer to use a different app? No problem! At Odisee, we leave you the choice to use any MFA app you want. Just be aware that push notifications will not work and you will always need to request a verification code in the app when signing in.
If you want to set this up, click 'I want to use a different authenticator app' at the MFA registration.
-
Are you not getting a push notification? Then it could be that your device is offline. On the login screen, choose 'I can't use my Microsoft Authenticator app right now'. Then use the method described in the question 'Where do I find the code I need to sign in?'
Please also check that your notifications for the Microsoft Authenticator app are enabled on your smartphone. In general this is asked when you use the app for the first time. You can check this in your smartphone's system settings.
It is also possible that something went wrong when registering your MFA method. In this case, we recommend having the registration of your MFA method reset. Therefore, create a ticket at the ICT service desk with a clear description of your problem or stop by your local ICT service desk.
-
If you don't get a push notification, you can also choose to enter a verification code. This can be found in the Microsoft Authenticator app in the following way.
- Open the Microsoft Authenticator app
- Tap your username
- Enter the 'eenmalige wachtwoordcode' (one-time passcode) displayed in the Microsoft Authenticator on the login page.
- Once filled out, click Verify on to sign in with your second factor.
-
Unfortunately, without an authenticator app, you can no longer perform MFA if you do not have a second method set up such as SMS. Therefore, create a ticket at the ICT service desk or stop by your local ICT service desk so they can reset your MFA registration.
Once reset, you can register MFA again. To do so, follow the FAQ-item "How to install the authenticator app for multifactor authentication?"
-
You always have a default method to complete multifactor authentication, which typically is the first method you have registered. Most of the time it can be useful to add a second method as a back-up method. You could for example have the Microsoft Authenticator app as your default method for authentication, but you could also choose to authenticate with a text message in case you have a problem with the app.
You can add extra methods as follows:
- Navigate to https://mysignins.microsoft.com/security-info
- Log in with your Odisee account
- Execute multifactor authentication with your primary method
- Click on '+ Add method'
- Choose at 'Which method would you like to use?' the method you would like to add as your second one
- Authenticator app (verification through Microsoft Authenticator or an other authenticator app)
- Phone (verification through SMS text messages)
- Security key (physical FIDO2 key)
- Click on Add
- Have you choosen the authenticator app, then you can use the FAQ item 'I have a new smartphone' for the next steps
- Have you choosen for phone, then you can use the FAQ item 'I don't have a smartphone' for the next steps
- You can now choose to change your default MFA method on the registrationpage to your liking
Other questions/problems
-
Both Odisee and Microsoft do not charge any fees for using the smartphone app or SMS for multifactor authentication. However rarely, your network provider may charge for receiving text messages. As far as we are aware, no Belgian provider charges for receiving text messages, even abroad.