MFA setup manual (detailed version)
45
MFA setup manual (detailed version) 2021.10.18 Information Media Center Ver 3.0
Transcript of MFA setup manual (detailed version)
MFA setup manual(detailed version)
2021.10.18 Information Media Center
Ver 3.0
OutlineAbout this manual p. 3
Overview of Hirodai ID and IMC Account p. 4
Schedule for mandatory MFA setting p. 5
How to log in to services IMC account / Hirodai ID p. 6
MFA setup flowchart for IMC account p. 8
Check the status of MFA settings for IMC account p. 9
Application to use MFA settings for IMC account p. 10
Set up an authentication second factor of IMC account p. 11
Sign in with app passwords p. 20
Confirmation of the second factor authentication method for IMC account p. 21
Redo the MFA settings for your IMC account from scratch p. 23
Disable MFA settings for IMC accounts p. 24
MFA setup flowchart for Hirodai ID p. 25
Check the status of MFA settings for Hirodai ID p. 26
Check the authentication method for MFA of Hirodai ID p. 28
How to set up of MFA for Hirodai ID p. 30
QAF and Links p. 35
Contact us p. 36
Supplementary information
Overview p. 38
Addition of a second authentication method for IMC account p. 39
How to create a new app password p. 432
About this manual
For security reasons, Hiroshima University will require users to log in using Multi-Factor Authentication (MFA) for services using Hirodai ID and IMC account from off-campus networks from February 1, 2022.
MFA is a method to achieve more secure authentication by adding other authentication factors (SMS authentication, smartphone apps, etc.) in addition to password authentication.
This manual is distributed to assist in setting up MFA until MFA becomes mandatory as a preparation period for setting up MFA.
This manual is intended for those who currently have access to Momiji, Iroha, Teams, and other services using Hirodai ID and IMC account.
The MFA setup procedure is introduced on Information Media Center, and this manual is designed for those who want to check their own setup status in order to ensure the setup.
3
Overview of Hirodai ID and IMC AccountTwo types of IDs are used at Hiroshima University: Hirodai ID and IMC Account.
Hirodai ID is associated with your status as a student of staff member, etc…, and is changed when your status changes. It becomes invalid as soon as you leave the university due to graduation or other reasons.
IMC account is an ID for using network services provided by Information Media Center (IMC). This account is issued only to those who are engaged in education and research at Hiroshima university and is valid for a certain period even if you leave the university. You need to renew your account and extend expiration date during your enrollment period.
You should set up MFA for both Hirodai ID and IMC account.
4
Staff member at Hiroshima Univ.Have both Hirodai ID and IMC account
Student at Hirodhima Univ.Have both Hirodai ID and IMC account
Facility userHave either Hirodai ID, IMC account, or both
Target
Hirodai ID
• My momiji
• Iroha
• Media Center
Registration System
• Microsoft EES
• Moodle
• Bb9
IMC account
• M365
• Teams
• Media Center
Registration System
• HINET
• VPN client
• OneDrive
Services that require MFA
Schedule for mandatory MFA setting2021年 2022年
August September October November December January February
Campaign websight open
Conduct briefings
Email guidance for those who have not yet set up their account
• If you don’t set up MFA for Hirodai ID / IMC account, you will not be able to use services provided Hiroshima University or IMC from off-campus after February 2022.
• There are some services that require MFA settings even for access from within the university.
• If you create a new Hirodai ID after the mandate is imposed, you will need to set up MFA when you start using services.
5
Online manual available
(Japanese)
Mandatory MFA
settingOnline manual
available(English)
How to log in to servicesfor IMC account / Hirodai ID
◆ IMC account
• You will be asked to set up MFA before using the service.
• If you don't set up MFA, you can't use the service both off-campus and on-campus (including VPN connection).
◆Hirodai ID
• The service will not be available from off-campus.
• Service is available from within the university (including VPN connection).When connecting to a VPN, you will be asked for the MFA of your IMC account.
6
Regardless of whether you are accessing from on-campus or off-campus, if you have not completed the MFA setting by January 31, 2022, you will not be able to use various services from February 1, 2022.
However, the second factor authentication may or may not be required depending on the network used for using the service by logging in the IMC account / Hirodai ID after MFA setting.
+
If you have not completed the MFA settings (After February 1, 2022);
How to log in to services for IMC account / Hirodai ID
If you have completed the MFA settings;
◆ IMC account
• For off-campus users, a second factor authentication is required in addition to the password when using services.
• From within the university, it is possible to omit the second factor authentication for the second and subsequent use of the same PC, etc., for which the second factor authentication has been performed once.Be careful not to have more than one person use the same computer for the same purpose.
7
◆ Hirodai ID
• From off-campus, a second factor authentication is required in addition to the password.
• From within the university (including VPN connections), the service can be used with only a password.MFA of IMC account is required when connecting to the VPN since the VPN is a service provided by IMC.
Can be omitted for the second and subsequent times.
Do you apply to use MFA settings for IMC account? (p.9)
Do you set up the second factor authentication method for MFA?
p. 10
p. 11
MFA set up for IMC account is complete!
MFA setup flowchart for IMC account
8
Yes
No
Do you send and receive Hirodai mail in your email client?
p. 20
Is the MFA setting for your IMC account enabled? (p. 21)
Please contact IMC (p. 36).
Check the status of MFA settings for IMC account① If you want to check on campus, connect to eduroam or turn
off Wi-Fi (LTE communication).
② Access to Microsoft365 portal site https://portal.office.comand login with IMC account + passwords.
②-A. ) The authentication page did not appear and the personal page of Microsoft 365 appears. → Redo the MFA settings for IMC account from scratch. To p.21.
②-B. )”More information required” is displayed.→The second factor authentication has not been set.To p. 11.
②-C. )The second factor authentication method page appears.
→Confirm that you can log in by entering the authentication code.
• Could login.The MFA setting for IMC account is valid.
• Could not login.Disable the MFA setting of IMC account and then set it again. To p.21. 9
②-B.
②
9
2-C.
②-A.
②-C.
Application to use MFA settings for IMC account
Please make sure to do this before setting up security on the Microsoft Office365 portal site.
① Access “Multi-factor authentication for IMC accounts” on IMC website.https://www.media.hiroshima-u.ac.jp/services/mfa/mfa4imcaccount/
② Click “Office365 multi-factor certification application form ”listed in “How to apply / cancel”.
③ At the bottom of the “MFA Configuration for IMC Account” page, select “Enable”.
④ “Accepted your configuration” is displayed. Then set up the second authentication factor followed the link, ”the procedure for setting up MFA”. → p. 11
10
②
③
④
Set up an authentication second factor of IMC account
11
Please do so after executing the Application for MFA use of IMC account (p.10).
① Access the Microsoft365 portal site.https://portal.office.com
② Enter IMC account and password to login.
③ When you see the message “More information required”, click “Next”
④ Set up the second factor authentication method from the “Additional security verification” page.
p. 12
p. 16
p. 18
②
③④
• Mobile apps
• SMS
• Telephone
Set up an authentication second factor of IMC accountMobile apps
12
① Install the “Microsoft Authenticator” app (free) on your smartphone. Search for the app from the following links depending on the device used.
• Play Store for Android devices.
• App store for iOS devices.
② Open the app after installation, Click “Add Account” and leave your smartphone as it is.
③ Check each of the following on the “Additional security verification” page.
• Step1:How should we contact you?→Mobile app
• How do you want to use the mobile app?→ Receive notifications for verification.
④ Click “Set up”.
Account
Add account ②
③
④
13
⑤ Your smartphone asks, “What kind of account are you adding?” appears on the screen. Tap “Add work or school account.”
⑥ The camera on your smartphone is activated to read the QR code. You could be asked “Sign in” or ”Scan QR code” . Select “Scan QR code”.
⑦ Read the QR code displayed in the “Configure mobile app” of the browser screen.
⑧ A six-digit number will appear on the screen if the smartphone loads successfully. Click “Next” in the “Configure Mobile Application” section of the browser.
Set up an authentication second factor of IMC accountMobile apps
If you cannot scan, please enter the code and URL manually.
Read the QR code
Personal account
Work or school account
Other account (Google, Facebook, etc.)
Add account
What kind of account are you adding?
When the permission to start the camera screen is displayed. Please check “Allow”..
Your account has been successfully added.
Account
⑤
Scan QR code.
⑥
⑦
⑧
14
⑨ If the text next to the “Set up” button under “Additional security verification” shows “The mobile app has been configured for notifications and verification code”, Click “Next”.
⑩ When the message “Step 2: Let’s make sure that we can reach you on your Mobile App device” appears on your web browser, “Approve Sign-in?” will appear on your smartphone screen. Tap “APPROVE”.
Set up an authentication second factor of IMC accountMobile apps
Approve Sign-in?
Account
APPROVEDENY
⑨
⑩
15
⑪ Set up an alternative method for unforeseen circumstances. Your browser will display “Step3: Enter your mobile phone number” incase you lose access to your mobile app. Add your mobile phone number and then click “Next”.
⑫ Your browser will display “Step4: Keep using your existing applications”. Copy the provided app password.
→ Your mail client may ask you for input when you send or receive Hirodai mail.
Set up an authentication second factor of IMC accountMobile apps
⑬ Register the application password. → p.20
←Click the button next to the password display to copy it.
4
⑪ ⑫
Set up an authentication second factor of IMC accountSMS verification
16
① Check or enter the following on the browser’s “Additional security verification”
• Step1:How should we contact you? → Authentication phone
• Enter the phone number where you want to receive the SMS directly bellow.
“Method”→ ”Send me a code by text message”
② Click ”Next”
③ A text message with a confirmation code will be sent to your registered smartphone/mobile
phone. Enter the authentication code in the input field under ”When you receive the verification
code, enter it here.” on your browse screen and click ”Verify”.
If you cannot receive text messages, please check the SMS
reception settings on your smartphone.
Use verification code xxxxxx for
Microsoft authentication.
Verify
①
②
③
17
④ Your browser will display “Step3: Keep using your existing applications”. Copy the
provided app password.
Set up an authentication second factor of IMC accountSMS verification
⑤ Register the app password.→ p.20
←Click the button next to the password display to copy it.
→ Your mail client may ask you for input when you send or receive Hirodai mail.
Set up an authentication second factor of IMC accountPhone verification
18
① Check or enter the following on the browser’s “Additional security verification”
• Step 1: How should we contact you?→Authentication phone
• Enter the phone number where you want to receive a call.
• “Method”→ Call me
② Click “Next”
②
①
19
③ When the message “Step2: We’re calling your phone on …” is displayed, you will receive
a phone call. Receive the call and follow the voice guidance to operate the phone.
④ Your browser will display “Step3: Keep using your existing applications”. Copy the
provided app password.
Set up an authentication second factor of IMC accountPhone verification
⑤ Register the app password.→ p.20
←Click the button next to the password display to copy it.
→ Your mail client may ask you for input when you send or receive Hirodai mail.
③ ④
Sign in with app passwords
20
Although Outlook, Mac Mail, and other email clients support MFA, you may be required to enter the app password depending on the version and receiving method. If you are repeatedly prompted to enter the password even after entering the password, please follow the steps below to enter the app password.You don't need to do this if you can use the app as before.
① After setting up MFA, you will be asked to fill in the password when you start the mail client. Enter
the application password.
② Memorize the entry of the application password. Check the following information and click OK.
• Outlook: Remember my credentials
• Thunderbird: Use Password Manager to remember this password.
When Outlook starts
When Thunderbird starts
This completes the second factor authentication setting of MFA for IMC account.
Security
Remember my credentials
Conneceting to IMC [email protected]
password
Enter your password
Use Password Manager to remember this password.
Enter your password for [email protected] on outlook.office365.com: c123456
Confirmation of the second factor authentication method for IMC account
You can check the second factor authentication method you have set up by following these steps.
① Access the Microsoft portal site https://portal.office.com.
② Click the circular icon in the upper right corner (Next to the ”?” icon).
③ Your account name and email address will be displayed just bellow the icon you clicked. Click
on the “View account”
④ The account information summary page will appear. Click on “Security info” from the menu on
the left.
213.
②
④
③
22
⑤ The authentication method you have set up and the default signing method will be displayed.
The authentication method you normally use for MFA.
自分の設定した認証方法一覧
Verification by SMS or by voice telephone.
Verification by mobile app.
A unique password to register for apps that do not support MFA.
Confirmation of the second factor authentication method for IMC account
Phone-text SMS verificationPhone-call Verification by voice phoneMicrosoft Authenticator Verification by the mobile apps.
Redo the MFA settings for IMC account from scratch
23
In the following situations, you will need to disable the MFA settings for your IMC account and
then redo the MFA settings.
• A case of that you have registered incorrect information (email address, phone number) for
the second authentication method and are unable to log in with MFA.
• A case of that you have set up the security of the Microsoft office365 portal requesting the
use of MFA settings for your IMC account (p. 10).
In this case, even if you enter the code by MFA, the error page appears and you cannot login.
Please follow the procedure of "Disable MFA setting for IMC account" (p.24), and then follow the
procedure of MFA setting (p.10 or later).
If you are still unable to login after redoing the MFA settings for IMC account, please contact
IMC.
https://www.media.hiroshima-u.ac.jp/helpdesk/posting/
Disable MFA settings for IMC account
24
How to request deactivation of MFA settings for IMC account.
① Access to https://www.media.hiroshima-u.ac.jp/services/mfa/mfa4imcaccount/ .
② Click “Office365 multi-factor certification application form ”listed in “How to apply / cancel”.
③ At the bottom of the “MFA Configuration for IMC Account” page, select “Disable”.
④ “Accepted your configuration” is displayed. Pleas make sure that "Configuration you selected" is set to "Disable".
⑤ Apply for using MFA settings of IMC account (p. 10) and complete the procedure again.
③④
Do you have MFA enabled for Hirodai ID? (p. 26)
p. 28
MFA set up for Hirodai ID is complete!
Do you set up the MFA authentication method?
p. 30
Yes
No
MFA set up flowchart for Hirodai ID
25
Is the MFA setting for your Hirodai ID enabled? (p. 26) Please contact IMC (p. 36).
Check the status of MFA settings for Hirodai ID
① Access the Media Center Registration System
https://reg.huc.hiroshima-u.ac.jp/
② Click “Login with Hirodai ID”.
③ Enter Hirodai ID and password and click the login button.
26
①②
HIRODAI ID
HIRODAI Password
②
27
③ If the language displayed in your browser is Japanese, please change the display language. Click on "Japanese" in the upper right corner of the screen to select English as the language that can be displayed.
④ Click on the ”Hirodai ID” next to the “Information Media Center registration system”.
⑤ Click “Multi-factor authentication settings (Other window).
⑥ The login screen “Multi-factor authentication setting in Hirodai ID” appears. If “Display language” is “日本語”, please select “English”.
⑦ Enter Hirodai ID and password to login.
Check the status of MFA settings for Hirodai ID
③
Change English
④
⑤
HIRODAI ID
HIRODAI Password
⑦
Change English⑥
28
⑧ -1. User information of MFA setting for Hirodai ID is displayed.
Multi-factor Authentication Setup Status
• Disabled : MFA settings is invalid. Click the “Multi-factor Authentication Setup” button. → p. 30.
• Enabled : MFA settings is valid.
• If you access from off-campus + MFA setting is enabled, the “Confirm Authentication Code” screen will appear.
• After entering the authentication code, the user information page will be displayed.
Check the status of MFA settings for Hirodai ID
⑧-1.
⑧-2.
HIRODAI ID
HIRODAI Password
⑧ -2. The “Confirm Authentication Code” screen appears (access from off-campus only).
The MFA setting is functioning effectively.
Check the authentication method for MFA of Hirodai ID
① If you want to check on-campus, connect to eduroam
or turn off Wi-Fi (LTE communication).
② Access to Momiji or Iroha.
③ The page for MFA authentication is displayed after entering the Hirodai ID and password.
④ Click on the Authentication Method tab. You can check the second factor authentication method you have set.
29
③
④
How to set up of MFA for Hirodai ID① Access the Media Center Registration System and
login entering Hirodai ID and the password. You can see the User information (p.26-28).
② Click the “Multi-factor Authentication Setup” button.
③ Select one from following list as the second authentication method.
• Token app.
• Email.
• Backup code.
• If you haven’t set up any authentication method, we recommend setting up a token app or email.
• Authentication by backup code is intended for use when normal authentication does not work.
④ Click “Next”.
30
②
④
③
①Install Microsoft Authenticator app from Googleplay or Apple store on your phone or
tablet.
Google Authenticator is also OK.
②Open the app and tap ”Add account” or the “+” button in the upper right corner if you
already have another multi-factor setup.
③Tap “Work or School Account”. (The camera will start up.)
If you asked for permission to access the camera, grant it.
How to set up of MFA for Hirodai IDToken apps
31
①
Microsoft Authenticator
②
or
「add account」
③
④ Select “Use a Token Application” in the “Multi-factor Authentication Setup” page.
⑤ Read the QR code with the smartphone application installed in step ③.
⑥ Then click the “Next” button in the browser.
⑦ The authentication code will appear in the app.
⑧ Enter the code in the column of “Authentication Code”.
⑨ Click “Confirm”.
⑩ When “Multi-factor Authentication Setup Status” is Enabled in the “User information”
page, the settings is completed.
④
How to set up of MFA for Hirodai IDToken apps
32
QR codeScan
QRcode
⑤
⑦ 809692⑧
⑨
⑩
⑥
① Select ”Send Authentication Code by e-mail.” in the “Multi-factor Authentication Setup”
page and enter the e-mail address to receive the code.
Email address other than Hirodai mail are recommended.
②Click “Next”.
③Receive an email with an authentication code.
④Enter the one-time password in the authentication code.
⑤Click ”Confirm”.
⑥When “Multi-factor Authentication Setup Status” is Enabled in the “User information”
page, the settings is completed.
①
How to set up of MFA for Hirodai IDE-mails
②
③
33
Enter the email address to receive the code
④
⑤
⑥
①Select ” Display Backup Codes.” in the “Multi-factor Authentication Setup”.
②Click “Next”.
③You will see the backup code in the browser, so be sure to refrain from everything here!
④Click “Back”.
The settings is completed.
Backup codes, as the name implies, are for backup in case you don’t receive your code in the app or in your mail. Make sure you keep it safe!
How to set up of MFA for Hirodai IDBackup codes
34
①
②
③
④
FAQ and Links
Links
This is a list of sites about Multi-Factor Authentication (MFA).
• Information Media Center, Hiroshima University.https://www.media.hiroshima-u.ac.jp/
• Multi-factor Authentication.https://www.media.hiroshima-u.ac.jp/services/mfa/
• Multi-factor Authentication for Hirodai ID.https://www.media.hiroshima-u.ac.jp/services/mfa/mfa4hirodaiid/
• Multi-factor Authentication for IMC account.https://www.media.hiroshima-u.ac.jp/services/mfa/mfa4imcaccount/
• Media Center Registration System.https://reg.huc.hiroshima-u.ac.jp/
35
FAQFAQ about Multi-Factor Authentication (MFA) is summarized in the following website.
https://help.media.hiroshima-u.ac.jp/?sid=719&lang=ja&action=show&cat=27
Contact us
Information Media Center, Hiroshima University.
Inquiry Form.
https://www.media.hiroshima-u.ac.jp/helpdesk/posting/
• Please also check the FAQ for the most frequently asked questions, where you will find information on how to deal with the problem.
• When contacting us, it would be very helpful if you could take a screenshot of the screen when the problem occurs and attach a picture.
36
Supplementary information
37
Overview
1. Set multiple authentication methods for the second factor of MFA.
It is recommended to set up more than one authentication method for the second factor of MFA in case of
a shortage. For example, the following situations can be cited.
• Smartphone applications do not work properly.
• You have lost your smartphone.
• The phone number that I had set for MFA is no longer available.
The case of setting up an additional authentication method for the second factor of the Hirodai ID
→ See p. 30 and following.
The case of setting up an additional second factor authentication for IMC accounts.
→ See p.39 and following.
2. Setting the app password
The application password will be created when the MFA is first set up for the IMC account, but it can also
be set individually. p. 44.
38
39
Refer to “Confirmation of the second factor authentication method for IMC account” (p. 21) and display the account security information page.
① Select the item you want to set for the second authentication method and click.
• Authenticator app → p. 40
• Call by Phone → p. 41
• SMS by Phone → p. 42
Addition of a second authentication method for IMC account
Phone
① Install Microsoft Authenticator app from Googleplay or Apple store on your phone or tablet.Google Authenticator is also OK.
② Open the app and tap ”Add account” or the “+” button in the upper right corner if you already have another multi-factor setup.
③ Tap “Work or School Account”. (The camera will start up.)If you asked for permission to access the camera, grant it.
④ Confirm the account name displayed on your smartphone, and click the "Approve" button.
⑤ "Microsoft Authenticator" will be added to the sign-in method in the security information of the Microsoft365 portal.
This completes the setting of multi-factor authentication using the Authenticator app.
Addition of a second authentication method for IMC accountAuthenticator apps
40
①
Microsoft Authenticator
②
③
DENY APPROVE
④
⑤
① Enter the phone number to be used for authentication.
② Check “Call me” and click “Next”.
③ You will receive a call at the phone number you entered, please follow the instructions.
④ When the registration is complete, a pop-up window will appear on your computer saying“. You have successfully registered.
⑤ “Phone" is added to the sign-in method for security information in the Microsoft365 portal.
This completes the configuration of maloti-factor authentication with the authentication application.
Addition of a second authentication method for IMC accountTelephone authenticator
41
②
①
④
⑤
③
Addition of a second authentication method for IMC accountAuthentication of SMS
① Enter the phone number to be used for authentication.
② Check “Send me a code by text message” and click “Next”.
③ You will receive an SMS with an authentication code (6 digit) on your registered phone. Fill in the code in the pop-up on your computer screen.
④ When the registration is completed, the message "You have successfully registered.” will be displayed on your computer.
⑤ Phone" will be added to the sign-in method in the security information of the Microsoft365 portal.
This completes the configuration of multi-factor authentication with the authentication app.
④
42
②
①
123456
③
⑤
How to create a new app password
43
If you cannot use MFA due to the version or receiving method of your email client, such as Thunderbird, Outlook, or Mail on Mac, you will need to enter the application password.
It will be registered when the second factor authentication is set up for the first time in your IMC account, but it can also be set up individually in the following ways.
① Access the Microsoft portal site, https://portal.office.com.
② Click on the circular icon in the upper right corner (next to the "? icon).
③ Your account name and email address will be displayed just below the icon you clicked. Click on the “View account" link.
②
③
44
④ The Account Information Summary page will appear. Click "Security info" from the menu on the left.
⑤ Click "+Add method" that appears near the center of the screen.
⑥ Select "App password".
How to create a new app password
④
Phone
⑤
6.
45
⑦ Enter a name to distinguish it from other passwords, and click "Next.
⑧ The application password will be generated automatically. Make a copy of the text in the "Password:" field.
⑨ Click “Done".
⑩ Confirm that the app password name you set in step 4 is displayed on the security information page.
This completes the setting of the application password.
To register the application password to your mail client, go to p.20.
How to create a new app password
⑦
←Click the button next to the password display to copy it.⑧
⑨
⑩
