What is MFA?
Security breaches due to compromised credentials have unfortunately become a regular occurrence. With an increasing number of passwords to remember, people are prone to re-use the same passwords for many accounts or to use passwords with easy-to-use and easy-to-access information (date of birth, names of family members or pets, etc.). When other non-University services (social networks, websites, etc.) have breaches, these in turn can lead to your credentials being compromised and used to access confidential or restricted University information.
MFA works on these principles: what the user knows (their password), what the user has (their smartphone or a physical device that generates one-time passwords), what the user is (e.g., their fingerprint or iris).
Instructions to set up MFA
Compatible devices for MFA
In order to authenticate via MFA, you will need to install the Microsoft Authenticator mobile app. It can only be installed on iOS and Android mobile devices (phones and/or tablets). Your privacy is of the utmost importance to us. The mobile app does not track your location, nor does it provide the University with any personal information about you or your devices.
If you do not own a compatible device for MFA, you may request a physical token by submitting a Service Desk request. A physical token is a small device that generates and displays a passcode for users to authenticate on MFA. When you submit a request for a token, it will be configured for you and you will be contacted to arrange procurement. Tokens can be either picked up at a scheduled time at 110 Séraphin-Marion on the uOttawa main campus or shipped Canada-wide (shipping times subject to courier).
MFA uses the Microsoft Authenticator mobile app on your iOS or Android device or a physical token to authenticate. You can proceed to use VPN or login to web applications with MFA without issue on Windows, Mac or Linux.
We strongly recommend enrolling more than one device, as this will ensure you always have a backup. The MFA portal allows up to five devices to be enrolled. If you encounter issues, please submit a Service Desk request.
MFA and VPN access
Once you enrol, you will be required to authenticate using MFA the next time you login to VPN. For all MFA-enabled web applications (e.g.: BrightSpace, uoCampus, Microsoft 365), MFA will be activated within 24 hours.
The academic/research community is required to use MFA without exception.
Once you enrol, you will be required to authenticate using MFA the next time you login to VPN. For all MFA-enabled web applications (e.g.: BrightSpace, uoCampus, Microsoft 365), MFA will be activated within 24 hours.
NOTE: This change applies to those who connect to the University’s VPN services. Since retired staff cannot access VPN, they are not required to enrol in MFA.
Example of VPN in action
You are working off-campus and need to use the VPN client. Open your laptop, click on Connect in the Cisco AnyConnect VPN login box, and enter your account and password. A new step gets introduced: a yellow warning symbol appears in the VPN client and a notification is sent to your phone asking you to verify your identity. Click Approve and you will see the usual Welcome to the University of Ottawa pop-up message. You can then proceed with your normal activities.