Multi Factor Authentication (MFA)

The one-off setup process first requires the installation of the Microsoft Authenticator app on your smartphone before completing the MFA registration on your computer. Watch this 3-minute video, opens in a new window to gain an overall understanding.

To set up MFA you will need:

1. Smartphone
   1. A compatible smartphone with a data connection.
   2. Install the Microsoft Authenticator app from your smartphone’s app store.
2. Computer
   1. Internet access on your computer.
   2. Use an incognito (or InPrivate) browser window and the URL provided in the step-by-step guide to finish the registration of your computer.
3. Time
   1. Allow approximately 5 minutes to complete the setup.

To Start: follow the step-by-step guide, opens in a new window and set up MFA. Note: if the Microsoft Authenticator app is unavailable in your smartphone’s app store, follow this guide to set up MFA.
 

MFA is only applied to a zID when it accesses a UNSW single sign-on (SSO) application. Examples of SSO applications include Office 365 (Outlook, Teams), Moodle, SharePoint.

Most users will be prompted to verify at least once every 30 days per device used when accessing an SSO application and more often when accessing applications with a higher risk profile, such as the VPN which will prompt for MFA more frequently (e.g.,12 hours). Thereafter you will be prompted again to verify only if:

• you use a new browser
• you clear your browser cookies/cache
• you use another computer such as one found on a lectern
• you work from a new location
• you use a new Wi-Fi connection, or
• our MFA solution considers that a risk-based event may have occurred.

• Do not uninstall the Microsoft Authenticator app as you will need it to verify your sign-in when prompted periodically. Refer to the guide to use MFA.

• Always have your authenticator (smartphone or YubiKey) with you when accessing University single sign-on applications, opens in a new window.

Refer to the Support Materials section on this page for further guides and FAQs.

(Optional) Setup an MFA back up option

Microsoft Authenticator app can be installed on another smartphone or mobile device, such as an iPad, and that device is then used as your backup. For example, when you have forgotten or lost your smartphone you could use your iPad.   
 
Note: Microsoft Authenticator app cannot be installed on your computer or laptop. 

Refer to the guide to set up MS Authenticator app on a second mobile device, opens in a new window and use it as a backup.
 

When switching phones, simply transferring data/photos (or a backup/restore) from your old phone to your new phone won’t re-establish your MFA account. Note: You may see the Microsoft Authenticator app (and account) on your new smartphone, but they will not work. 

If you still have access to your old phone:

Please follow the steps in this guide (requires both your old and new phone): Transfer the Microsoft Authenticator app to a new phone (PDF, 922KB), opens in a new window prior to factory resetting your old phone. 

If you no longer have access to your old phone:

You need to request an MFA Reset. Please contact the IT Service Centre via Phone: (02) 9385 1333 or visit in person at one of the IT walk-in service centres, opens in a new window. Note: ID verification will be required.

Microsoft Authenticator app is the supported authenticator used by the University. Set up MFA by installing the Microsoft Authenticator app on your smartphone and completing the one-off registration on your computer. As soon as you set up MFA, it will be enabled for your zID.

Benefits of using the Microsoft Authenticator include:

• Easy to use via the push notification feature of the Microsoft Authenticator app.
• Free and available for Android and Apple smartphones.
• The app takes up minimal space on your device.
• The app uses minimal battery.
• The app does not have access to your phone data/apps. Refer to the Tips and Privacy Information section on this website.
• The app can be installed on other mobile devices (e.g., an iPad) as a backup.
• Verification can operate without an internet connection by way of a One-Time Password code stored within the Microsoft Authenticator app.

Refer to the Support Materials section of this page for answers to frequently asked questions.

YubiKey

A YubiKey is a physical security token and is an alternative where: 

1. Your work/study circumstances do not allow you to use your smartphone in certain environments, 
2. You don’t have a smartphone, 
3. Your smartphone operating system cannot be upgraded to the version supported by the Microsoft Authenticator app, or
4. You decline to use your personal smartphone for work/study purposes.
    

Limitations will apply, such as:

• UNSW provided YubiKeys are the property of the University and lost devices may incur a cost.
• The act of verifying your sign-in requires the YubiKey to be plugged into the computer, entering your PIN and tapping the YubiKey. 
• You must remember to carry your YubiKey everywhere when you access a University single sign-on application.
• UNSW-provided YubiKeys must be returned to the IT Service Centre when not required or the individual leaves UNSW.

Requesting a YubiKey

Staff and students should call the IT Service Centre at (02) 9385 1333 to inquire about alternatives or to understand the full limitations and conditions of using a YubiKey.

For staff: 

• Staff can request a UNSW-provided YubiKey by calling the IT Service Centre.

• The YubiKey can be picked up from the Upper Campus IT Hub walk-in service centre in Room G06, D26 Biological Sciences Building (next door to XS Cafe).

• ID verification is required.

For students: 

Students who cannot use the Microsoft Authenticator app should upgrade their smartphone's operating system to the latest version and install the Microsoft Authenticator app. If this is not possible, students can: 

• use their own YubiKey (Series 5) for authentication (independently purchased)

• seek further assistance via the Nucleus Student Hub, opens in a new window (for Sydney students) or Student Administrative Services, opens in a new window (for Canberra students) or refer to the support and development services, opens in a new window available. 

Important:

• Do not use the general IT service request option to open a service ticket or email your request for a YubiKey. All requests must be made via a phone call or in person to ensure ID verification by the UNSW IT Service Centre.

• Once you have your YubiKey, contact the IT Service Centre for a TAP code needed to set up your YubiKey. The TAP code is valid for 7 days. If the TAP code expires or you forget the code, you will need to call the IT Service Centre for a new TAP code, and ID verification will be required.

• As soon as you receive your YubiKey, follow the respective YubiKey setup guides found under the Support Materials section of this page.
  
  

Answers to questions regarding the setup and use of MFA, via MS Authenticator or a YubiKey. 

• FAQs for staff (PDF, 1055KB), opens in a new window

• FAQs for students (PDF, 1049KB), opens in a new window 
  
   

How-to guides

1. Set up MFA using Microsoft Authenticator (PDF, 1240KB), opens in a new window on your smartphone.
2. Set up MFA when Microsoft Authenticator is unavailable in your smartphone app store (PDF, 1353KB), opens in a new window Note: This guide may be useful to China-based students.
3. Set up MS Authenticator app on a second mobile device (PDF, 916KB, opens in a new window) as a backup, after setting up MFA on your primary mobile device.
4. Use Microsoft Authenticator (PDF, 1281KB)
5. Use Microsoft Authenticator without a data/internet connection (PDF, 772KB) or when push notifications are unavailable.
6. Transfer the Microsoft Authenticator app to a new phone (PDF, 1067KB), opens in a new window from your old phone (before you throw out your old phone).
7. Set up and use a YubiKey (PDF, 1284KB), opens in a new window
8. Set up and use a YubiKey for non-Windows devices (PDF, 1.17MB), opens in a new window such as Mac and Linux.

Videos

• Introduction to MFA and the setup process (MP4, 3.20 minutes), opens in a new window via YouTube