Systems up or down

 

Multi-Factor Authentication

MFA provides an extra layer of protection by adding an extra verification step when you log into UniSA websites and systems to make sure it’s really you.

Multi-factor authentication is a way of increasing the security of your account. When you login to a service you are providing a “factor” of authentication, usually a password. This is referred to as “something you know”, but there are other factors such as “something you have” and “something you are”. MFA adds the ability for you to use “something you have” to also help prove that you are who you say you are, in this case a mobile device that only you have.

The way it works is that when you login to certain UniSA services you will be asked to provide your regular account and password, and then you may be asked for a code or to approve a notification that will be sent to your mobile device. This prevents a hostile party from using your account without your permission, as only you will have access to your mobile device so only you will be able to provide the code or approval.

Passwords can be stolen, guessed or hacked, and compromised user accounts have become one of the primary methods used by cyber criminals to gain access to networks and data.  New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable.

Multi-factor authentication adds a second factor of authentication as an additional layer of security to make sure that no one else can access your account, even if they know your password. The second factor of authentication is separate and independent to the password step and never uses or sees your password.

When you attempt to access certain UniSA applications and services, you will be prompted to enter your username and password as usual (the first ‘factor'). You will then be taken to an additional MFA screen. The first time you visit one of these MFA pages, you will be asked to enroll an MFA factor, either SMS or a mobile application (the second 'factor'). On subsequent visits, you will be directed to an MFA screen where you will be asked to sumbit a code or approval sent to your enrolled MFA factor. This additional step is used to verify the person logging in is really you, not someone else that has stolen your credentials. 

All UniSA staff and students will be required to register and use MFA to access UniSA applications and services

Your mobile device number is securely stored with UniSA’s provider and is only used for the purpose of your account security.

  • The Okta Verify app will work anywhere once it is registered (registration requires internet connectivity)
  • The SMS functionality will work overseas if you have service (international roaming).
  • If you are based overseas you can register the mobile number from the country you are in.
  • If you are going to travel overseas and will not have access to SMS functionality, please use the Okta Verify app or contact the IT Help Desk.

UniSA supports Multi-Factor Authentication using the Okta Verify mobile application and SMS messages.
Note: SMS text messages do require cellular access

If you do not have a mobile phone, please contact the IT Help Desk.

NOTE: While you can register your device using any MFA-enabled application, we recommend performing the initial setup via the Okta portal using a PC/Mac web browser as this has the most user-friendly interface

  1. Download the Okta Verify App on the mobile device you wish to use for MFA
    1. Apple iPhone: https://itunes.apple.com/us/app/okta-verify/id490179405
    2. Android Phone: https://play.google.com/store/apps/details?id=com.okta.android.auth
    3. Other device: You will need to use the SMS authentication option, please see below
  2. Visit the website https://unisa.okta.com
  3. Sign-in with your UniSA username and password
  4. Click ‘Setup’ under the Okta Verify option
  5. Select the type of mobile device you wish to use and click Next
  6. This will present you with a QR code you can scan on your mobile device
  7. Open the Okta Verify app on your mobile device
  8. Continue through the Welcome and How it works page until you reach the Ways to Verify page. From this page, click the ‘Add Account’ button
  9. Choose the account type as Organization
  10. Select the Scan a QR Code option
  11. If prompted, allow the app access to your camera
  12. Position the QR code inside the square on the App to scan the QR code and you will be taken to a page prompting you for push notifications. On this page, select ‘Allow’
  13. If your phone prompts for app permissions to do this, select Allow
  14. You will now be presented with a message saying that your account has been added advising that your phone is set up for MFA

Or for step by step instructions (including screenshots) see the How to register for Multi-factor Authentication via the Okta Verify App page.

NOTE: While you can register your device using any MFA-enabled application, we recommend performing the initial setup via the Okta portal using a PC/Mac web browser as this has the most user-friendly interface

  1. Visit the website https://unisa.okta.com
  2. Sign-in with your UniSA credentials
  3. Click ‘Setup’ under the Okta Verify option
  4. Select the country your Mobile phone number plan is set up in is on from the drop down list, type your Mobile number in the Phone number field and click ‘Send code’
  5. You will receive an SMS notification to your mobile phone with a 6-digit code
  6. Enter this code in the ‘Enter Code’ field and click ‘Verify’
  7. If the code is correct, you will be taken to the following page which indicates you have registered successfully, and you can close this page

Or for step by step instructions (including screenshots) see the How to register for Multi-factor Authentication via SMS Code page.

If you have previously enrolled in MFA via the Okta Verify App or SMS, follow the instructions below to enroll in an additional MFA factor

  1. Visit the website https://unisa.okta.com
  2. Sign-in with your UniSA credentials
  3. When prompted, MFA using your previously enrolled factor
  4. On the landing page, choose the 'Additional Factors' tab then click the 'Enrol SMS MFA' or 'Enrol Okta Verify (App) MFA' option
  5. Follow the remaining steps for enrolling the selected factor as above

PLEASE NOTE: If you select the option to enrol a factor you have already enrolled, you will receive a '403 Access Forbidden' error.

If you cannot log in using the previously configured MFA factors, please contact the IT Help Desk.

The first thing you should do is contact the IT Help Desk and let them know. They can reset your factor to allow you to re-register a new number or in the case of a lost phone, they will disable the ability for your old phone to be available for MFA. Once you are setup with a new phone you can register it for MFA using the steps in this FAQ.

  1. Navigate to the login page of the UniSA service you wish to access
  2. Type in your username and password
  3. Click the Sign in button
  4. Click the Send code button
  5. Enter the verification code that you received via SMS
  6. Click the verify button
  7. You will now successfully be logged in

Or for step by step instructions (including screenshots) see Sign-In with MFA page.

  1. Navigate to the login page of the UniSA service you wish to access
  2. Type in your username and password
  3. Click the Sign in button
  4. Click the Send Push button
  5. On your related device, press the Approve option on the notification received
    • If you do not receive a notification, open the Okta Verify app to see the Approve option.
  6. After a moment, your browser will begin loading again
  7. You will now successfully be logged in

You will be prompted for MFA when connecting to UniSA applications and service while on:

  • Remote networks, such as your home network or a mobile network;
  • UniSA Wireless;
  • UniSA student pool or barn computers.

Once you are logged in, you will not get prompted again until you logoff or your login times out.

Service

Risk Factor

Outlook Web Access

Reduce email account takeovers and identity abuse. (e.g. impersonation of employees)

myHR

Protect personal and financial information associated with myHR stored value services

F5 Big-IP Edge Client VPN

Prevent users connecting to the UniSA network and resources using your credentials.

Office 365 Applications

Prevent users accessing SharePoint, MS Teams, Webmail, etc using your credentials.

Appian Workflows

Prevent users connecting to Appian workflows using your credentials.

 

Other staff services that require MFA include:

CiAnywhere & finance workflows, ProMaster, ExpenseMe, AssetBank, myOSH, AskLibrary, AskPTC, AskCampus Central, AskOnline, Career Hub, SkillsForge, InPlace, Marketing Cloud, Service Cloud, Genesys PureCloud, StudyLink, TimeTrade.

Service

Risk Factor

Office365 Protect your data data and email
Learning Planner  Prevent users accessing and changing your data
learnonline (Moodle) Prevent users accessing and changing your data
learnonline (UniSA Online Moodle) Prevent users accessing and changing your data
Library Catalogue Prevent users using your credential to access UniSA resources
myCourseExperience (Student) Prevent users accessing and changing your data
Student Portal (myUniSA) Prevent users accessing and changing your data
Study Planner Prevent users accessing and changing your data
Teaching Prevent users using your credential to access UniSA resources
UniSA Student App Prevent users using your credential to access UniSA resources
Zoom Prevent users using your credential to access UniSA resources
eReserve Prevent users using your credential to access UniSA resources
Student Calendar Tool Prevent users accessing and changing your data
Gartner Prevent users using your credential to access UniSA resources
Library - LinkedIn Learning Prevent users using your credential to access UniSA resources
Panopto - AU Prevent users using your credential to access UniSA resources
PrintIQ Prevent users using your credential to access UniSA resources
SafeZone Prevent users using your credential to access UniSA resources
StudyLink Prevent users accessing and changing your data