Systems up or down

 

Multi-Factor Authentication

MFA provides an extra layer of protection by adding an extra verification step when you log into UniSA websites and systems to make sure it’s really you.

Multi-factor authentication is a way of increasing the security of your account. When you login to a service you are providing a “factor” of authentication, usually a password. This is referred to as “something you know”, but there are other factors such as “something you have” and “something you are”. MFA adds the ability for you to use “something you have” to also help prove that you are who you say you are, in this case a mobile device that only you have.

The way it works is that when you login to certain UniSA services you will be asked to provide your regular account and password, and then you may be asked for a code that will be sent to your mobile device. This prevents a hostile party from using your account without your permission, as only you will have access to your mobile device so only you will be able to provide the code.

Service

Risk Factor

 

Outlook Web Access

Reduce email account takeovers and identity abuse. (e.g. impersonation of employees)

UniSA Staff

myHR

Protect personal and financial information associated with myHR stored value services

UniSA Staff

 

When you attempt to access myHR and your UniSA Outlook Web Application from an off-campus location, you will be prompted to enter your username and password as usual (the first ‘factor). You will then be taken to the MFA screen where you will receive a prompt to activate your MFA, you can select an option to receive an SMS to request a security token (pin code) which you will use to verify that it is you (the second “factor”).

How to register your device:

  1. Log into myHR or Outlook Web App (OWA)
  2. Type in your username and password
  3. Click the Sign in button
  4. Click Configure factor button
  5. Enter your country
  6. Insert your mobile number
  7. Click Send code
  8. Enter the verification code that you received via SMS
  9. Click the Verify button
  10. You will now successfully be logged into myHR or Outlook Web App (OWA)

Step by step instructions can be found on the Link page

How to sign in with MFA:

  1. Log into myHR or Outlook Web App (OWA)
  2. Type in your username and password
  3. Click the Sign in button
  4. Click the Send code button
  5. Enter the verification code that you received via SMS
  6. Click the verify button
  7. You will now successfully be logged into myHR or Outlook Web App (OWA)

Step by step instructions can be found on the Link page

 

 

Passwords are becoming increasingly easy to compromise. They can be stolen, guessed and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable.

Multi-factor authentication adds a second layer of security to your account to make sure that your account stays safe, even if someone else knows your password. The second factor of authentication is separate and independent of the password step. MFA never uses or sees your password.

UniSA’s implementation of MFA will include all current staff accessing myHR and Outlook on the Web.

This depends on whether you are located on or off-campus. Our current policy should minimise the need for you to use MFA when you are connected from inside the UniSA hard wired network (a verified location).

If you are not on the wired network, every time you log on to the identified applications, you will get a prompt.  Once you are logged in, you will not get prompted again until you logoff or the application times out.

Off-campus is anywhere other than:

  • UniSA hard wired network
  • SMS (Text Message) Recommended for ease-of-use and security; SMS text messages do require cellular access
  • If you do not have a mobile phone number, please contact the IT Help Desk.

The first thing you should do is contact the IT Help Desk and let them know. They can reset your factor to allow you to re-register a new number or in the case of a lost phone, they will disable the ability for your old phone to be available for MFA. Then you should follow the usual procedure for replacing a mobile phone (if this is a University owned device then work with your support team to perform this). Once you are setup with a new phone you can register it for MFA using the steps in this FAQ.

Your mobile device number is securely stored with UniSA’s provider and is only used for the purpose of your account security.

  • The SMS functionality will work overseas if you have service (international roaming).
  • If you are based overseas you can register the mobile number from the country you are in.
  • If you are going to travel overseas and will not have access to SMS functionality, please contact the IT Help Desk.