Multi-Factor Authentication
Multi-factor Authentication in Plain English
What is Happening?
In simple terms in order to get into your email you will log in using two methods. The first is the usual password. The second you can choose between downloading an app, getting a text message,getting a phone call or buying a physical hardware token.
When is it Happening?
User accounts are being be moved in batches in alphabetical order by surname. Central IT Services will send you an email before it happens.
Documentation
Central IT Services have provided documentation here: https://help.it.ox.ac.uk/mfa
Central IT Services documentation for configuring email applications to connect to Nexus365 can be found here: https://help.it.ox.ac.uk/configure-email
Do I need to do anything before Multi-factor authentication (MFA) is activated?
While it is not necessary to do anything, the transition will be easier if you are prepared. Checking that your computers and devices are compatible and have all the latest updates installed is a good starting point. Further guidance is provided on the IT Services preparing for MFA page.
What will happen when I log into Webmail (Nexus 365)
When you log in you will be prompted to set up a second factor. More details in the documentation link above
How do I set up supported mail programs
Outlook
You will not need to reconfigure Outlook but it will prompt you for a second factor like for webmail
Mac Mail
You need to be running a supported version of macOS (macOS Mojave or above), after MFA is enabled on your account you may need to remove the account and add it back again in System Preferences > Internet Accounts and select the Exchange icon.
Thunderbird
Multi-Factor Authentication works on version 78.4.3 and newer please upgrade before adding mail account.
How to set up other mail programs on computers
Some older mail programs will not work with MFA. You will need to request an app password from Central IT Services and use this in place of your normal password. More information here https://projects.it.ox.ac.uk/files/mfa-settingupapppasswordspdf
For further information please see here: https://www2.physics.ox.ac.uk/it-services/e-mail-using-text-based-client...
How to set up on phones and tablets
Android
Because phones are different it is not possible to say definitively what will work on your phone so these are general guidelines. If you are using the email client that comes with your phone, if it does not work initially after migration to MFA you will need to remove and re-add your account. When adding an account select the Microsoft Exchange icon. If it is not there most likely MFA will not work with your email client and you should use Microsoft Outlook app or gmail email apps instead. Instructions for this are available at https://help.it.ox.ac.uk/nexus365/setting-up-email.
So far we have found that the native email apps tend not to work with MFA (but may work with some models) but that Outlook and gmail apps do work (Outlook should work, gmail may depend on phone). Also you will generally need to remove and re-add your account
Apple
Make sure you are running a up to date version of iOS and If it does not work initially you may need to remove and re-add your account. When adding an account select the Microsoft Exchange icon.
Authenticator app
By far the easiest option is to install the authenticator app on a smart phone. Using the app to approve is simple and quick and it can also generate one time passcodes when there is no network signal of any kind. We recommend also setting up alternatives such as phone lines in case you lose your phone.
Please click show more for instructions on how to use the authenticator app
Next, click on the "Add method"
Followed by "Add button", once downloaded the Authentication app open and click on scan QR Code.
Approve the sign-in on your app.
Another alternative is to use the authy app. Authy app
Categories: MFA
