Introduction to multi-factor authentication

Multi-factor authentication (MFA) is an electronic authentication method which requires you to log in using two different mechanisms. In UCT's case, this would mean using your UCT network password along with authenticating via an app on your smartphone (or a verification code sent to you via SMS).

Cybersecurity attacks are on the rise, and universities are a huge target, given the amount of personal and sensitive data they hold. With email and other online communication methods (e.g. Teams) being so critical in how we operate – especially during remote working and learning – MFA is essential to keep your UCT account, your data, and UCT's network safe.

We have enabled MFA on all UCT accounts. This applies to ServiceNow, Mimecast, LinkedIn Learning, the UCT VPN, and UCT Microsoft 365 accounts – which includes Outlook, Teams, and other Microsoft Office applications. It will be expanded to other UCT services in due course.

Navigating this article:

If... Then...
You are setting up MFA on your account. Follow these instructions to set up MFA on your account.
You have set up MFA on your end, and ICTS has enabled MFA on your account. Follow these instructions to authenticate the first time you open an MFA-enabled service on a device or browser.
You need to update your authentication method at some point in the future. Follow these instructions to change your authentication method.
You access UCT data via applications that use legacy protocols - such as an old email client. Follow these instructions to find out how legacy protocols will be managed and what you need to do.
You need help with MFA setup, authentication, or legacy protocols. Contact the IT Helpdesk for assistance.
You have questions around MFA not answered in this article. Visit the Multi-factor authentication FAQs article to find an answer.

Set up MFA on your account

When you first use your UCT account, please please follow these steps to set up MFA. If you do not set up immediately, when you open an MFA-enabled service (e.g. Outlook, Teams, or OneDrive), you will be prompted to set up.

Configure your account and set up the mobile app

Click the image below for simplified instructions. Or for full written instructions, read the steps below the graphic.

* Note: If you do not have a smartphone, please follow this procedure instead.

  1. On your computer, open the Outlook web app, log in using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password), then click Next. If you are already logged in, simply click Next.
  2. On the Additional security verification page:
    1. From the Step 1 drop-down menu, select Mobile app.
    2. Under How do you want to use the mobile app?, select Receive notifications for verification then click Set up.
  3. A Configure mobile app page opens, containing a QR code.
  4. On your mobile phone, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your phone: https://www.microsoft.com/en-us/security/mobile-authenticator-app
  5. On your mobile phone, open the app:
    1. On the privacy page, tap I agree.
    2. On the next page, in the top right-hand corner, tap Skip.
    3. On the next page, tap Add account.
    4. On the next page, tap Work or school account.
    5. You may be asked to allow the Authenticator app to use your camera / take pictures and record video. Allow the app to do so.
    6. Point your phone camera at the QR code on your computer screen (i.e. where you are setting up MFA).
      Note: If you then get a message about App Lock being enabled, tap OK.
  6. On your computer, click Next
  7. Once your authentication activation status has been checked, click Next.
  8. On your mobile phone, an Approve sign-in? notification will pop up.
    1. Tap Approve.
    2. Enter your phone’s screen lock PIN / password / pattern / biometric data if enabled (e.g. fingerprint).
  9. You are now signed in to your UCT Office 365 account on your computer.
  10. On your computer, the Additional security verification page will be displayed: Step 3: In case you lose access to the mobile app.
    1. In the left-hand drop-down menu, select your country [e.g. South Africa (+27)].
    2. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Done.
  11. On your computer, sign out of the Outlook web app, or close Microsoft Teams.
  12. When you try to log in to these services again, you’ll need to authenticate via the app. This will be required only once per computer or browser.

The authentication app is now your primary authentication method, while SMS to your mobile phone will be a backup in case you do not have a data connection.

 

Configure your account and set up your non-smartphone

Click the image below for simplified instructions. Or for full written instructions, read the steps below the graphic.

  1. On your computer, open the Outlook web app, log in using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password), then click Next. If you are already logged in, simply click Next.
  2. On the Additional security verification page:
    1. From the Step 1 drop-down menu, select Authentication phone.
    2. In the next drop-down menu, select your country [e.g. South Africa (+27)].
    3. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Next.
  3. A verification code is sent to your mobile phone.
  4. On your computer, enter the verification code then click Verify.
  5. Upon successful verification, click Done.
  6. If you are prompted to log in again, do so using your UCT password then enter the new verification code sent to your mobile phone and click Verify.

 

Using MFA for later sign-ins

Once MFA is enabled, when you open a UCT MFA-enabled application (e.g. Outlook, Teams, OneDrive, ServiceNow) on a different device or browser, you will be prompted to approve the login. Your method of authentication will vary based on which mechanism you are using.

* Note: Authentication is only required the first time you access your account on a computer / mobile device or browser. Thereafter, you won’t need to authenticate again unless you sign out of your account.

I’m using a mobile phone verification code to authenticate

  1. A verification code will be sent to your phone.
  2. On your computer, enter this code.

I'm using the mobile app to authenticate

Click the image below for simplified instructions. Or for full written instructions, read the steps below the graphic.

  1. On the device you’re trying to sign in with, an Approve sign in request window will come up, including an authentication number. Take note of this number.
     
  2. Code for authentication
  3. On your phone, tap the Approve sign-in? message.
    • A window will appear asking you to Enter the number shown to sign in.
    • Enter the number which appeared in step 1 above, then tap Yes.
      Phone sign-in

       

  4. When prompted, enter your phone’s screen lock PIN / password / pattern or, if enabled, biometric authentication (e.g. your fingerprint).
  5. The authentication process is complete.

 

Change your authentication method

Click the image below for simplified instructions. Or for full written instructions, read the steps below the graphic.

Depending on your circumstances, you may need to update your authentication method at some point in the future. If any of these circumstances occur, please update your authentication immediately:

Circumstance What to do
I changed my mobile phone number
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. In the line containing your mobile phone number, click Change.
  4. In the left-hand drop-down menu, select your country [e.g. South Africa (+27)].
  5. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Next.
  6. A 6-digit code is sent to the phone number you entered. Enter this code on your computer then click Next.
  7. Once the SMS is verified, click Done.
I no longer want to use my mobile phone number for the authentication service

Important: Please do not use this option unless you’ve already set the Authenticator app as your default authentication method.

  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. In the line containing your phone number, click Delete then confirm the deletion.
I've been using the authenticator app, and I want to add my phone number as an SMS backup option
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. Click + Add sign-in method.
  4. In the Add a method dialogue box, select Phone then click Add.
  5. In the left-hand drop-down menu, select your country [e.g. South Africa (+27)].
  6. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Next.
  7. A 6-digit code is sent to the phone number you entered. Enter this code on your computer then click Next.
  8. Once the SMS is verified, click Done.
I have been authenticating via an SMS verification code, but I now want to use the mobile app for authentication
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. Click + Add sign-in method.
  4. In the Add a method dialogue box, select Authenticator app then click Add.
  5. Under How do you want to use the mobile app?, select Receive notifications for verification then click Set up.
  6. A Configure mobile app page opens, containing a QR code.
  7. On your mobile phone, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your phone: https://www.microsoft.com/en-us/security/mobile-authenticator-app)
  8. On your mobile phone, open the app:
    1. On the privacy page, tap I agree.
    2. On the next page, in the top right-hand corner, tap Skip.
    3. On the next page, tap Add account.
    4. On the next page, tap Work or school account.
    5. You may be asked to allow the Authenticator app to use your camera / take pictures and record video. Allow the app to do so.
    6. Point your phone camera at the QR code on your computer screen (i.e. where you are setting up MFA).
  9. On your computer, click Next.
  10. Once your authentication activation status has been checked, click Next.
  11. On your mobile phone, an Approve sign-in? notification will pop up.
    1. Tap Approve.
    2. Enter your phone’s screen lock PIN / password / pattern / biometric data if enabled (e.g. fingerprint).
  12. On your computer, on the Security info page, click Set default sign-in method.
  13. Select Microsoft Authenticator – notification then click Confirm.
  14. The Authenticator app on your phone is now set as your default authentication method.
I’ve gotten a new smartphone and want to use the app for authentication on my new phone
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. In the line that reads Microsoft Authenticator followed by the model of your old phone, click Delete.
  4. Click + Add sign-in method.
  5. In the Add a method dialogue box, select Authenticator app then click Add.
  6. Under How do you want to use the mobile app?, select Receive notifications for verification then click Set up.
  7. A Configure mobile app page opens, containing a QR code.
  8. On your new mobile phone, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your new phone: https://www.microsoft.com/en-us/security/mobile-authenticator-app)
  9. On your new mobile phone, open the app:
    1. On the privacy page, tap I agree.
    2. On the next page, in the top right-hand corner, tap Skip.
    3. On the next page, tap Add account.
    4. On the next page, tap Work or school account.
    5. You may be asked to allow the Authenticator app to use your camera / take pictures and record video. Allow the app to do so.
    6. Point your phone camera at the QR code on your computer screen (i.e. where you are setting up MFA).
  10. On your computer, click Next.
  11. Once your authentication activation status has been checked, click Next.
  12. On your new mobile phone, an Approve sign-in? notification will pop up.
    1. Tap Approve.
    2. Enter your phone’s screen lock PIN / password / pattern / biometric data if enabled (e.g. fingerprint).
  13. On your computer, on the Security info page, click Set default sign-in method.
  14. Select Microsoft Authenticator – notification then click Confirm.
  15. The Authenticator app on your new phone is now set as your default authentication method.

Outdated authentication protocols

Some customers may be using applications - such as an email client - which is outdated or has been configured using legacy authentication protocols. This presents a challenge, as these protocols are more vulnerable to attacks by cyber criminals, which puts both the customer and the UCT network at risk. ICTS has enabled a policy prohibiting the use of legacy authentication protocols, ahead of Microsoft discontinuing support for these protocols in October 2022. So, if you are using these, you will need to upgrade your application as these protocols are no longer able to access UCT data.

 

How do I know if I'm using legacy protocols?

Legacy protocols would generally pop up if they access their UCT email via an older client that uses IMAP, SMTP, or POP3. Examples of these include Outlook 2010, older versions of Apple mail, and older versions of the Gmail mobile app (where the customer connects their UCT email account to the Gmail app). A list of legacy protocols which are not compatible with MFA is provided in our FAQs article.

If you are impacted by this, we have sent an email to you and ask that you please follow the requested instructions immediately.

Alternatively, if you're concerned that you may be using legacy protocols, please contact the IT Helpdesk for assistance.

 

What do I need to do?

If your application is using legacy protocols, please update it to one that uses modern authentication. For example, when it comes to email clients:

  • For PCs / laptops / Mac computers: We recommend using Outlook 2016 or later.
  • For mobile devices: We recommend the latest version of the official Outlook app (available for Android and iOS). Once you have downloaded the app, use this information when setting it up with your UCT email account.
Important: Please note that this request applies only to applications you use with your UCT account. For example, if you are accessing your UCT email via the Gmail mobile app, we ask that you remove your UCT email account from these apps and connect your UCT email account to one of those recommended above. For your personal and other non-UCT email account(s), you may continue to use your existing email clients.

 

When do I need to do it by?

ICTS prohibited these protocols in September 2022, so if you were impacted, you will need to update immediately if you want to retain access to your UCT data.

What happens if I don't update the application in time?

Once your application’s specific protocol is not supported, you will not be able to access your UCT account with that application. You won’t be able to connect, or you simply won't receive new content in that application.
Alternatively, you may receive a system email from Microsoft stating that “Your email access has been blocked.”