ITMS

Multi-Factor Authentication (MFA)

Easy and secure access to IT services at CDU
men-wroking-laptop

ITMS has the vision to move towards a seamless and more secure login experience. In doing so, however, there are a few things we need to do along the way. To do this we need to make some changes and the first of those will be enabling Microsoft Multi-Factor Authentication (MFA).

Tip: Set up an additional method of authentication, such as your desk phone, in case you forget or lose your mobile.

Setting up MFA

How to set up MFA with mobile device - video

Instructions

How to set up alternate or additional methods of authentication

Instructions

Please note: If you haven't added your picture you will see your initials in the top right corner.

Note: Use < and > to scroll right and left

Video

I have a mail client (iOS or Mac or other application) that does not support MFA. How can I connect to it?

The preference is to use the Outlook App on these devices which is MFA aware, and then you need to remove and add your CDU email account again.

For specific instructions on how to setup mail on your own device, see connect your personal device to your CDU email account.

Why we use MFA

CDU is obliged to manage a greater cybersecurity threat than ever before. Increasing the authentication factor options, means that the greatest threat of password compromise is vastly diminished. But we know this can't just be about security.

We need to seek the right balance between security and usability matched to an aspirational goal of a password-less future. ​We envision that one day it may be as simple as entering a pin or using your face or fingerprint to authenticate to all your services.

What authentication methods are available?

Methods available include:

  • authenticator application - application on your smartphone where you get a prompt to either approve or deny the login or a six digit pin
    (NB The approve/deny will not be immediately available as default, but will be coming soon, and you will need to rely on the pin at least initially)
  • mobile phone - either an SMS message with a code you need to type in or a callback where you have to press the # key (Microsoft call this the pound key)
  • office phone - your desk phone where you receive a callback and have to press the # key
  • alternate phone - as above, but a different number, maybe your home number.
  • security key - a security fob key, such as a YubiKey
  • app password - a special password to allow applications, that can't handle MFA, to connect with such as an older email application, these need to be requested from ITMS. There is a limit of 40 app passwords per person.
Which method is more secure?

Generally application authentication is seen as a more secure option due to the encryption of the application and challenge/response system, particularly for overseas travellers.

What data is collected and what does the Microsoft Authenticator do on my phone?
  • It has no other function than enabling authentication.
  • It does not store or read data from your phone or otherwise report on, or provide third party information about you or your phone to Microsoft or ITMS.
  • unless you choose to receive SMS codes, Microsoft does not store your phone number. (If you choose SMS, the phone number is securely stored only for the purpose of sending security codes, it is not available to be reported or seen by ITMS or anyone else.)
How does MFA work with the Cisco AnyConnect VPN client?

Once you have logged into the Cisco AnyConncect VPN client with your CDU username and password.

You will be presented with the MFA verification. Unfortunately this only works with your "Default Sign-in Method" and not any secondary methods you may have added.

The default can be changed by going to you security Info and changing the verification method.

Instructions

  1. Click the 'Change' link
    MFA ITMS 1
  2. Choose another method you have previously setup
    MFA CDU ITMS 2
  3. Press the confirm button
    MFA ITMS 3

 

I left my phone at home (or it's flat), how can I use MFA?

Ideally when you set up your MFA you added your desk phone number as an alternate method.

However, if you didn't you can contact ITMS, and we can add your desk phone on your behalf.

You then need to login again and this time when the dialogue box pops up asking you to enter code select "Sign in another way".

MFA CDU ITMS - sign in another way
Is Learnline login affected?

For students there will be no additional login steps required, the Learnline portal will still provide the same login rules as before, however the login windows does look a little different.

For CDU Staff who access Learnline via the portal, theyhave to set up their new MFA preference before it can be accessed.

More information about app passwords

An app password needs to be requested from ITMS.

  • There is a limit of 40 app passwords per person.
  • App passwords aren't automatically revoked when a user account password is revoked/reset. The user should delete existing app passwords and create new ones.
  • It is recommended to create one app password per device, rather than one app password per application. Have a desktop app password or a laptop app password, then anything on a device shares the same app password. If the device is lost, then any app that uses the same password can be revoked at the same time.

Quick quiz

To check if you understand the information above, please test your knowledge with the following quiz:

All campuses contacts

We are your first point of contact for assistance with computers, the internet, telephones, printers and associated information technology equipment and services.

Service Desk
T:  08 7943 6600
Internal: Ext 6600
International: 
+618 7943 6600

Opening hours
Mon - Thu: 7:30am - 6.00pm
Friday: 7.30am - 5.30pm 

 

In-person (kiosk)
CDU Library, Red Building 8, Casuarina campus
Casuarina campus map (PDF, 1.01 MB)

Feedback
ITMS would love to hear from you.
Provide feedback