Systems up or down

 

Multi-Factor Authentication

MFA provides an extra layer of protection by adding an extra verification step when you log into UniSA websites and systems to make sure it’s really you.

Multi-factor authentication is a way of increasing the security of your account. When you login to a service you are providing a “factor” of authentication, usually a password. This is referred to as “something you know”, but there are other factors such as “something you have” and “something you are”. MFA adds the ability for you to use “something you have” to also help prove that you are who you say you are, in this case a mobile device that only you have.

The way it works is that when you login to certain UniSA services you will be asked to provide your regular account and password, and then you may be asked for a code that will be sent to your mobile device. This prevents a hostile party from using your account without your permission, as only you will have access to your mobile device so only you will be able to provide the code.

Service

Risk Factor

 

Outlook Web Access

Reduce email account takeovers and identity abuse. (e.g. impersonation of employees)

UniSA Staff

myHR

Protect personal and financial information associated with myHR stored value services

UniSA Staff

F5 Big-IP Edge Client VPN

Prevent users connecting to the UniSA network and resources using your credentials.

UniSA Staff

 

When you attempt to access the services listed above from an off-campus location, you will be prompted to enter your username and password as usual (the first ‘factor). You will then be taken to the MFA screen where you will be asked to provide a secure PIN that was sent to your authorised mobile number, which is used to verify the person logging in is really you. The first time you visit one of these MFA pages, you will be asked to enter your mobile phone number and verify the PIN Code you recieve. This number will then be used to confirm your identity on subsequent visits.

How to register your device:
Note: While you can register your device using any MFA-enabled application, we recommend performing the initial setup using either myHR or Outlook Web App (OWA) as these have the most user-friendly interfaces.

  1. Log into myHR or Outlook Web App (OWA)
  2. Type in your username and password
  3. Click the Sign in button
  4. Click Configure factor button
  5. Enter your country
  6. Insert your mobile number
  7. Click Send code
  8. Enter the verification code that you received via SMS
  9. Click the Verify button
  10. You will now successfully be logged into myHR or Outlook Web App (OWA)

Step by step instructions can be found on the Link page

How to sign in with MFA:

  1. Navigate to the login page of the UniSA service you wish to access
  2. Type in your username and password
  3. Click the Sign in button
  4. Click the Send code button
  5. Enter the verification code that you received via SMS
  6. Click the verify button
  7. You will now successfully be logged in

Step by step instructions can be found on the Link page

 

 

Passwords can be stolen, guessed and hacked and compromised user accounts have become one of the primary methods used by cyber criminals to gain access to networks and data.  New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable.

Multi-factor authentication adds a second factor of authentication as an additional layer of security to make sure that no one else can access your account, even if they know your password. The second factor of authentication is separate and independent to the password step and never uses or sees your password.

UniSA’s implementation of MFA will include all current staff accessing the services listed above

MFA is not required to any UniSA service while using a device directly connected to the wired UniSA network.

If you are not on the wired UniSA network, every time you log on to the identified services, you will be required to MFA.  Once you are logged in, you will not get prompted again until you logoff or your login times out.

UniSA defines 'Off-Campus' as any connection other than the wired UniSA staff network. This includes all external connections and the UniSA wireless network

Currently, the only approved multi-factor authentication method is SMS (Text Message).
Note: SMS text messages do require cellular access

If you do not have a mobile phone number, please contact the IT Help Desk.

The first thing you should do is contact the IT Help Desk and let them know. They can reset your factor to allow you to re-register a new number or in the case of a lost phone, they will disable the ability for your old phone to be available for MFA. Then you should follow the usual procedure for replacing a mobile phone (if this is a University owned device then work with your support team to perform this). Once you are setup with a new phone you can register it for MFA using the steps in this FAQ.

Your mobile device number is securely stored with UniSA’s provider and is only used for the purpose of your account security.

  • The SMS functionality will work overseas if you have service (international roaming).
  • If you are based overseas you can register the mobile number from the country you are in.
  • If you are going to travel overseas and will not have access to SMS functionality, please contact the IT Help Desk.