Multi-Factor Authentication (MFA) Guide
Multi-Factor Authentication (MFA) Guide
Updated 09/29/2023
About
Multi-factor authentication (MFA) is a method of authentication that requires
your password and an additional verification method, such as a code or token.
Below are instructions for how to set up Multi-Factor Authentication (MFA) for
your Single Sign-on (SSO) login. The approved methods for MFA are:
Microsoft Authenticator
Google Authenticator
Phone Call
Hardware Token
ITS strongly recommends for you to setup and manage your backup
authentication methods.
09/15/23 - Important Changes when using SMS Text or
Phone Call
NOTE: On September 15 2023, Microsoft will begin prompting users who
authenticate using SMS Text Message and phone call to set up the Microsoft
Authenticator when they sign into their work or school account.
You can select “Not now” to skip the “Improve your sign-ins” prompt up to 3
times, but after that, you will be forced to set up Microsoft Authenticator at the
“Protect your account” screen.
Please follow the instructions for how to use Microsoft Authenticator if you are
prompted to Improve your sign-ins or Protect your account.
Table of Contents
ABOUT ............................................................................................................................................................... 1
09/15/23 - IMPORTANT CHANGES WHEN USING SMS TEXT OR PHONE CALL ....................................................... 2
TABLE OF CONTENTS .......................................................................................................................................... 3
HARDWARE TOKEN............................................................................................................. 33
STEP 1 – REQUEST A HARDWARE TOKEN FROM THE ITS DEPARTMENT .................................................................................. 33
STEP 2 – LOGIN TO OFFICE.COM WITH YOUR SINGLE SIGN-ON (SSO) USERNAME ................................................................... 33
STEP 3 – ENTER THE VERIFICATION CODE ........................................................................................................................ 33
STEP 4 – COMPLETE OFFICE.COM LOGIN ......................................................................................................................... 34
STEP 5 - VERIFY YOUR IDENTITY WITH HARDWARE TOKEN ON NEXT LOGIN.............................................................................. 34
MANAGE YOUR BACKUP AUTHENTICATION METHODS ...................................................................................... 35
STEP 1 – SIGN INTO HTTPS://AKA.MS/MFASETUP ............................................................................................................. 35
STEP 2 – ADD, DELETE, OR CHANGE YOUR SIGN-IN METHODS .............................................................................................. 36
STEP 3A - ADD A SIGN-IN METHOD ................................................................................................................................. 37
STEP 3B - DELETE A SIGN-IN METHOD.............................................................................................................................. 38
STEP 3C - CHANGE DEFAULT SIGN-IN METHOD .................................................................................................................. 39
STEP 3D - CHANGE AN EXISTING SIGN-IN METHOD ............................................................................................................. 40
STEP 3E - SIGN IN WITH AN ALTERNATIVE METHOD ........................................................................................................... 41
TROUBLESHOOTING PROBLEMS ........................................................................................................................ 42
TROUBLESHOOTING SIGN-IN PROBLEMS ........................................................................................................................... 42
TROUBLESHOOTING OTHER PROBLEMS ............................................................................................................................ 42
RECEIVING HELP ......................................................................................................................................................... 42
SMS Text Message
NOTE: This requires a mobile device with a phone number that has SMS enabled.
* NOTE: You can select “Not now” to skip the “Improve your sign-ins” prompt up
to 3 times, but after that, you will be forced to set up Microsoft Authenticator.
Step 2 – Select “I want to set up a different method”, then select Phone.
Select I want to set up a different method. Select Phone.
NOTE: If you receive an error message here, select Resend code. The verification
code may have expired if it took too long to enter it.
Step 5 – Complete setup and Office.com login
Select Next to continue.
If prompted, select Yes or No for whether to Stay signed in with your account.
Step 6 - Verify your identity with SMS Text Message on next login
The next time you login to and are prompted to Verify your Identity:
1. Select the Text +X XXXXXXXX option.
2. Check your mobile device for a text message from Microsoft.
3. Input the verification code.
4. Select Verify to continue.
NOTE: Only “Verify” SMS text message codes that you have initiated yourself.
If you receive an unknown text prompting you to input a verification code that
you did not initiate, ignore the prompt, and contact the ITS Help Desk.
Microsoft Authenticator
NOTE: This requires a mobile device with access to Microsoft Authenticator app.
* NOTE: You can select “Not now” to skip the “Improve your sign-ins” prompt up
to 3 times, but after that, you will be forced to set up Microsoft Authenticator.
Step 4 - At “Keep your account secure” screen, make sure you have the
Microsoft Authenticator app already installed on your phone.
If you don’t already have the Microsoft Authenticator app, download it now
following the instructions from Step 1 – Download the Microsoft Authenticator
app.
Once you have the app downloaded on your phone, select Next.
Step 5 - Follow the prompts to “Set up your account.”
a. On your phone, open the Microsoft Authenticator app. Tap “Add work or
school account.”
i. If prompted, allow notifications.
b. Select “Scan a QR Code”
c. Select Next.
Step 6 - Scan the QR code displayed on the Microsoft website.
a. Point your phone’s camera at the QR code on screen. *
b. The Microsoft Authenticator app will show “Account added successfully.” The
account name shows Rancho Santiago Community College District **
c. Select Next.
* NOTE: Scan the QR Code shown on the Microsoft website, not this guide.
** NOTE: If Step 5b fails, select “Can’t scan image” on the Microsoft webpage, or
“enter code manually” from the Microsoft Authenticator app, then following the
prompts. You may also contact ITS Help Desk for help.
If you initiated MFA setup from your phone instead of a computer:
You’ll be prompted with a screen to “Pair your account to the app by clicking this
link” instead of the QR code.
If you see this, click the link to pair the app, then click Next.
Please make sure you installed Microsoft Authenticator app or this won’t work.
If you don’t already have the Microsoft Authenticator app, download it now
following the instructions from Step 1 – Download the Microsoft Authenticator
app.
Step 7 – Follow the “Let’s try it out” prompts.
On your phone:
a. Select the Push Notification asking you to “Approve sign-in?”
b. Enter the two-digit number shown and select “Yes.” *
c. After approving the sign-in, it will show Notification approved. **
d. Select Next on the notification approved screen to continue.
* NOTE: Enter the number shown from the Microsoft site, not this guide.
** NOTE: If you can’t see the numbers, select “I can’t see the number” option
from the Microsoft Authenticator prompt app. You may also contact ITS Help
Desk for help.
Step 8 – Complete setup and Office.com login
The next screen prompts “Success! Great job! You have successfully set up your
security info. Choose ‘Done’ to continue signing in. Default sign-in method:
Microsoft Authenticator.”
Select Done to finish the set up.
If prompted, select Yes or No for whether to Stay signed in with your account.
Step 9 - Verify your identity with Microsoft Authenticator on next login
The next time you login and are prompted to Verify your Identity:
a. Select “Approve a request on my Microsoft Authenticator app.”
b. A two-digit code will appear on the screen.
c. On your phone, select the push notification to “Approve sign-in?”, or open
the Microsoft Authenticator app yourself. *
d. Enter the number shown on the screen, then select “Yes.” **
* NOTE: If your mobile phone locks with a PIN, password, fingerprint, facial
recognition, etc., you may need to verify with that to Approve sign-in.
** NOTE: Only “Approve” Microsoft Authenticator prompts that you initiate
yourself. If you receive an unknown prompt, you did not initiate, select “No, it’s
not me” on the prompt and contact the ITS Help Desk.
Google Authenticator
NOTE: This requires a mobile device with access to the Google Authenticator app.
* NOTE: You can select “Not now” to skip the “Improve your sign-ins” prompt up
to 3 times, but after that, you will be forced to set up Microsoft Authenticator.
Step 3 – Select “I want to set up a different authenticator app.
Select I want to use a different authenticator app.
Step 4 – Download and install the Google Authenticator app
On your phone, download and install the Google Authenticator app.
NOTE: The official version is from Google LLC.
Once you have downloaded and installed Google Authenticator, continue with
the set up prompts from the Microsoft website.
Google Play store (Android): App Store (iOS):
Step 5 – Set up your account and scan the QR code
On the Set up your account screen, it instructs “In your app, add a new account.”
Select Next to continue.
The Scan the QR code screen instructs: “Use the authenticator app to scan the QR
code. This will connect your authenticator app with your account.”
On your mobile device, open Google Authenticator app.
1. Select Get Started to Setup your first account.
2. Select Scan a QR code. (Or select add “+” and then Scan a QR code.)
3. Point your mobile phone’s camera to the QR code on screen so it scans.
On your phone, open Google Authenticator app and enter the verification code
that appears for Microsoft (Rancho Santiago Community College District).
After you have entered the code, select Next to continue.
Step 7 – Complete setup and Office.com login
The next screen prompts Success! Great job! You have successfully set up your
security info. Choose “Done” to continue signing in.
Default sign-in method: Authenticator app
Select Done to finish the set up.
If prompted, select Yes or No for whether to Stay signed in with your account.
After verification and signing in, you will return to Office.com home page for the
Microsoft 365 portal.
Step 8 - Verify your identity with Google Authenticator on next login
The next time you login and are prompted to Verify your Identity:
1. Follow the prompt to “Enter the code displayed in the authenticator app on
your mobile device”
2. On your mobile phone, open the Google Authenticator app.
3. Enter the verification code you see under Microsoft (Rancho Santiago
Community College District).
4. Select Verify to continue.
NOTE: Only “Verify” Google Authenticator verification codes that you initiate
yourself. If you receive an unknown prompt, you did not initiate, ignore the
prompt, and contact the ITS Help Desk.
Phone Call
NOTE: This requires an office phone or phone number that can receive voice calls.
* NOTE: You can select “Not now” to skip the “Improve your sign-ins” prompt up
to 3 times, but after that, you will be forced to set up Microsoft Authenticator.
Step 3 – Select “I want to set up a different method”, then select Phone.
Select I want to set up a different method. Select Phone.
On your phone, answer the call from Microsoft. Follow the prompts from the
call, and select the # key to verify the sign in.
Step 6 – Complete setup and Office.com login
Select Next to continue.
If prompted, select Yes or No for whether to Stay signed in with your account.
Step 7 – Verify your identity with Phone call on next login
The next time you login to and are prompted to Verify your Identity:
1. Select the Call +X XXXXXXXX option.
2. The Approve sign in request prompt instructs, “We’re calling your phone.
Please answer it to continue.”
3. Answer the phone call from Microsoft.
4. Press the # key to authenticate the sign-in.
NOTE: Only “verify” or authenticate phone calls from Microsoft that you have
initiated yourself.
If you receive an unknown text prompting you to input a verification code that
you did not initiate, ignore the prompt, and contact the ITS Help Desk.
Hardware Token
NOTE: This requires a physical Hardware Token provided by the ITS Department.
Proceed to Office.com login once ITS has issued your Hardware Token device.
NOTE: ITS recommends keeping the Hardware Token on your person at all times,
or locked in a secure place when not in use.
If the Hardware Token is lost or stolen, it will not to be deactivated by an admin.
Contact the ITS Help desk for help with this.
If a bad actor gains physical access to your Hardware Token they can use it to
authenticate your login, although they would also need to know your password.
Manage your backup authentication methods
Follow these steps to set up a backup authentication method or to manage your
existing MFA method(s).
* NOTE: If you don’t already have MFA, you’ll be prompted to set it up now.
Return to the Table of Contents of this guide for instructions on how to set up
your MFA method of choice.
Step 2 – Add, Delete, or Change your sign-in methods
From the Security Info page, you can change, add, or delete your sign-in
methods.
Select another method to add from the dropdown list, then select Add.
Examples of other methods would be Authenticator app or an Alternate phone.
A prompt will ask, “Are you sure you would like to delete this method for your
account?”
Select Ok to continue.
Lastly, check the Security info page to confirm the sign-in method was deleted.
Step 3c - Change Default sign-in method
To change your Default sign-in method, select Change next to Default sign-in
method.
Select another method from the dropdown list, then select Confirm.
NOTE: You need at least two sign-in methods added to change the Default sign-in
method to something else.
Step 3d - Change an existing sign-in method
To change an existing sign-in method (e.g., phone number), locate it on the list,
and select Change next to that sign-in method.
Receiving Help
Faculty and Staff may contact the ITS (Information Technology Services) Help
Desk for further assistance:
• Website: ITS Help Desk page
• Submit a Ticket: https://webhelpdesk.rsccd.edu/
• Phone: 714-564-4357 Extension 0
• Email: [email protected].