Self-Enroll vs Automatic Enrollment
You are encouraged to self-enroll in Multi-Factor Authentication today to better secure your account. All students, faculty, and staff in all Minnesota State schools will be automatically enrolled according to the following schedule (Schedules may vary slightly by school):
- Everyone can self-enroll now.
- February 2021: All IT staff and IT student workers
- April 2, 2021: All new incoming students and newly hired faculty and staff
- June 30, 2021: all currently employed staff and student workers
- October 31, 2021: all remaining faculty
- January 4, 2021: all remaining students
- March 2022: complete across the MinnState System
You may also watch these two short video tutorials on YouTube on how to activate the multi-factor authentication, or at
Multi-factor Authentication tutorial video STEP 1 :
and
Multi-factor Authentication tutorial video STEP 2:
MFA Enrollment Questions and Answers
Multi-Factor Authentication (MFA) – what is it?
MFA is a powerful security tool to help keep your <College.University Name> account safe by adding an additional layer of verification beyond your StarID and password. MFA will first be used when logging into your Microsoft Office 365 account.
How does MFA actually work?
The first time you open Office 365 applications and resources on your desktop, mobile device, or using a web-based browser, it will ask for your Login ID and password.
- If you are a student, use STARID@go.minnstate.edu
- Faculty and staff, use STARID@minnstate.edu
You will then be prompted by the system letting you know there is additional information needed – this starts MFA verification when you click “Next.”
Depending on which ways you want MFA to validate your login, the system will prompt how it is contacting you to verify it’s really you logging in.
There’s more than one way to use MFA?
Yes! There are several options for using MFA, and multiple authentication methods can be implemented at the same time for the same account holde
- Mobile Devices
Apple iPhones and iPads, Android phones and tablets, and Chromebooks are considered mobile devices. Depending on the capabilities of your particular device, some or all of the methods below can be used.
- Microsoft (MS) Authenticator App - Recommended
- Text message receiving MFA code
- Third party authentication app, such as Google or Lastpass
- Voice call saying MFA code*
- Voice-Capable Devices*
Any device that can receive a phone call and answered in real-time is considered a voice-capable device. Examples are:
- Any physical phone at home or work, connected to telephone line or internet connection for voice calls.
- A non-physical “softphone,” such as software installed on your computer, an app on your mobile device, or through a web browser, can be used.
*As long as the incoming call can be answered “live,” you can use voice calling as a method. You should NOT use a “shared” phone that can be accessible by several people, such as a department’s main phone number.
Do I pick just one MFA method?
You can choose more than one method and more than one device to use MFA!
It is recommended to use at least two different methods and, if at all possible, two different devices, using the second device as an emergency backup in case your primary method or device fails or you simply forgot your device at home.
Examples:
- Use the Microsoft Authenticator app your primary device you have with you all the time (mobile phone, iPad, etc.) and set up sending a code via text on your spouse’s or trusted family member’s device.
- Set up texting on your primary device, then set up voice call on your work or home voice line.
It is recommend to use the MS Authenticator app as your primary authentication method.
Does my device used for MFA always have to be connected?
“Connection” means the ability for the device to receive inbound communications. For mobile devices, it does not matter if the device uses cellular or wireless (WiFi) connectivity. For phones, it can be traditional phone line, wired, or WiFi connectivity.
After initial set up for the device, requiring a connection, some methods can be used while disconnected, or “offline.”These include the MS Authenticator or other third party apps that support offline code generation, such as Google Authenticator or Lastpass Authenticator.
Text messaging, voice calls, and MS Authenticator’s Notifications require connection.
None of these methods will work for me. What should I do?
If you don’t believe any of the options for MFA will work due to your unique situation, please contact <College.University Name>’s IT <Department.Service Desk> to discuss – there are some additional methods that could work for you!
What if I have other questions or encounter issues with MFA?
Normandale’s ITS Help Desk is here to help. We want this experience to be easy for you. If you have any questions, have trouble setting up MFA, or have issues after successfully using MFA, please contact us.
Setting Up MFA
BEFORE YOU BEGIN
To successfully set up MFA, you should:
- Review, understand the set up, and pick which MFA method(s) you will be using.
- Know what methods each device can support you want to use for MFA.
* It is recommend to set up at least two different methods and, if at all possible, two different devices. Remember you can Mix ‘N Match and have MFA configured on multiple devices!
(If two different devices is not possible, use at least two different methods on your primary device.)
- Prepare to have all the devices available and connected to your cellular, WiFi, or other connection to successfully confirm enabling MFA for that device.
- IF using a an authenticator app on your mobile device, such as the MS Authenticator app, download and install the app from Apple’s App Store or Google’s Play Store before starting the MFA process.
- IF using a spouse or trusted relative’s mobile phone as a secondary device, you do NOT have to have it in your possession. You can voice or video call with them and walk them through what needs to be configured on their device.
- IF you selected receiving a voice call on a phone, you will need to have it in your possession to answer the call. MFA does not work leaving a message on voicemail or any other kind of automated responses to the call.
Set up Multi-Factor Authentication
Start the MFA process
You can set up multi-factor authentication by going to:
https://www.minnstate.edu/mfa
If you are not already logged in, the page will prompt you to log in.
- If you are a student, use STARID@go.minnstate.edu
- Faculty and staff, use STARID@minnstate.edu
Once the MFA Enable page is displayed, you can start MFA by clicking on the Enable button.
The Success! page will be displayed.
MFA First-Time Setup Wizard
When you have waited a few minutes and are ready, click HERE or opening an internet browser window and go to https://login.microsoftonline.com/?whr=minnstate.edu to start the MFA First-Time Setup Wizard to complete your MFA setup.
Notice: You need to complete the MFA Wizard before you can access your emails and other information in Office 365. If you do not complete the Wizard successfully or cancel the Wizard, you will not be able to access your emails, files, or applications in Office 365 until MFA is successfully configured and verified.
Always be on your guard!
Even with MFA, criminals and bad actors will try ways to scam you!
- NO ONE, including Normandale, will ever call you to ask to press “Approve” on a notification or to give them your Authenticator app or texted code. NEVER GIVE OUT THIS INFORMATION.
- THINK BEFORE YOU AUTOMATICALLY APPROVE. If you were not logging into your account yourself, and were not expecting it…
- DO NOT ANSWER an “Approval” request coming from your Authenticator app.
- DO NOT ENTER THE REQUEST KEY(S) if you receive a voice call on your mobile device, office, or alternate phone. Ensure your spouse or trusted family doesn’t automatically enter the key(s) without checking with you first.