This site requires JavaScript to be enabled

Multi-Factor Authentication (MFA) at UCT

2.0 - Updated on 08-04-2024 by Yacoob Manjoo

1.0 - Authored on 17-05-2021 by Mfusi Papu

 

Direct links

Introduction

Register for MFA

Update or change your authentication method

Setup MFA using a non-smartphone or Huawei device

Reset MFA for a lost or stolen device

Report faults with MFA

 

Set up multi-factor authentication on your UCT account

Introduction

Multi-factor authentication (MFA) is an electronic authentication method which requires you to log in using two different mechanisms. In UCT's case, this would mean using your UCT network password along with authenticating via an app on your smartphone (or a verification code sent to you via SMS)

Cybersecurity attacks are on the rise, and universities are a huge target, given the amount of personal and sensitive data they hold. With email and other online communication methods (e.g. Teams) being so critical in how we operate – especially during remote working and learning – MFA is essential to keep your UCT account, your data, and UCT's network safe.

We have enabled MFA on all UCT accounts. This applies to ServiceNow, Mimecast, LinkedIn Learning, the UCT VPN, and UCT Microsoft 365 accounts – which includes Outlook, Teams, and other Microsoft Office applications. It will be expanded to other UCT services in due course.

Navigating this article:

If...Then...
You are setting up MFA on your account.Follow the these instructions instructions to set up MFA. 
You have set up MFA on your end, and ICTS has enabled MFA on your account.Follow these instructions to authenticate the first time you open an MFA-enabled service on a device or browser.
You need to update your authentication method at some point in the future.Follow these instructions to change your authentication method.
You want to set up MFA on a second deviceFollow these instructions to set up MFA on a second device (note: the second device must use the authenticator app).
You are setting up a non-smartphone or a Huawei deviceFollow these instructions to follow this procedure instead.
You access UCT data via applications that use legacy protocols - such as an old email client.Follow these instructions to find out how legacy protocols will be managed and what you need to do.
You need help with MFA setup, authentication, or legacy protocols.Follow these instructions for assistance.

Set up MFA on your account

When you first use your UCT account, please please follow these steps to set up MFA. If you do not set up immediately, when you open an MFA-enabled service (e.g. Outlook, Teams, or OneDrive), you will be prompted to set up.

Configure your account and set up the mobile app

* Note: If you do not have a smartphone, please follow this procedure instead.

  1. On your computer, open the Outlook web app, log in using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password), then click Next. If you are already logged in, simply click Next.
  2. On the Additional security verification page:
    1. From the Step 1 drop-down menu, select Mobile app.
    2. Under How do you want to use the mobile app?, select Receive notifications for verification then click Set up.
  3. A Configure mobile app page opens, containing a QR code.
  4. On your mobile phone, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your phone: https://www.microsoft.com/en-us/security/mobile-authenticator-app
  5. On your mobile phone, open the app:
    1. On the privacy page, tap I agree.
    2. On the next page, in the top right-hand corner, tap Skip.
    3. On the next page, tap Add account.
    4. On the next page, tap Work or school account.
    5. You may be asked to allow the Authenticator app to use your camera / take pictures and record video. Allow the app to do so.
    6. Point your phone camera at the QR code on your computer screen (i.e. where you are setting up MFA).
      Note: If you then get a message about App Lock being enabled, tap OK.
  6. On your computer, click Next
  7. Once your authentication activation status has been checked, click Next.
  8. On your mobile phone, an Approve sign-in? notification will pop up.
    1. Tap Approve.
    2. Enter your phone’s screen lock PIN / password / pattern / biometric data if enabled (e.g. fingerprint).
  9. You are now signed in to your UCT Office 365 account on your computer.
  10. On your computer, the Additional security verification page will be displayed: Step 3: In case you lose access to the mobile app.
    1. In the left-hand drop-down menu, select your country [e.g. South Africa (+27)].
    2. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Done.
  11. On your computer, sign out of the Outlook web app, or close Microsoft Teams.
  12. When you try to log in to these services again, you’ll need to authenticate via the app. This will be required only once per computer or browser.

The authentication app is now your primary authentication method, while SMS to your mobile phone will be a backup in case you do not have a data connection.

 

Configure your account and set up your non-smartphone (incl. Huawei devices)

  1. On your computer, open the Outlook web app, log in using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password), then click Next. If you are already logged in, simply click Next.
  2. On the Additional security verification page:
    1. From the Step 1 drop-down menu, select Authentication phone.
    2. In the next drop-down menu, select your country [e.g. South Africa (+27)].
    3. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Next.
  3. A verification code is sent to your mobile phone.
  4. On your computer, enter the verification code then click Verify.
  5. Upon successful verification, click Done.
  6. If you are prompted to log in again, do so using your UCT password then enter the new verification code sent to your mobile phone and click Verify.

 

Using MFA for later sign-ins

Once MFA is enabled, when you open an MFA-enabled service on a different device or browser, you will be prompted to approve the login:

I’m using the mobile app to authenticateI’m using a mobile phone verification code to authenticate
  1. On the device you’re trying to sign in with, an Approve sign in request window will come up, including an authentication number. Take note of this number.
  2. On your phone, tap the Approve sign-in? message.
  3. A window will appear asking you to Enter the number shown to sign in.
  4. Enter the number which appeared in step 1 above, then tap Yes.
  5. When prompted, enter your phone’s screen lock PIN / password / pattern or, if enabled, biometric authentication (e.g. your fingerprint).
  6. The authentication process is complete.
  1. A verification code will be sent to your phone.
  2. On your computer, enter this code.

* Note: Authentication is only required the first time you access your account on a computer / mobile device or browser. Thereafter, you won’t need to authenticate again unless you sign out of your account.

 

Change your authentication method

Depending on your circumstances, you may need to update your authentication method at some point in the future. If any of these circumstances occur, please update your authentication immediately:

CircumstanceWhat to do
I changed my mobile phone number
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. In the line containing your mobile phone number, click Change.
  4. In the left-hand drop-down menu, select your country [e.g. South Africa (+27)].
  5. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Next.
  6. A 6-digit code is sent to the phone number you entered. Enter this code on your computer then click Next.
  7. Once the SMS is verified, click Done.
I no longer want to use my mobile phone number for the authentication service

Important: Please do not use this option unless you’ve already set the Authenticator app as your default authentication method.

  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. In the line containing your phone number, click Delete then confirm the deletion.
I've been using the authenticator app, and I want to add my phone number as an SMS backup option
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. Click + Add sign-in method.
  4. In the Add a method dialogue box, select Phone then click Add.
  5. In the left-hand drop-down menu, select your country [e.g. South Africa (+27)].
  6. In the right-hand text box, enter your mobile phone number – including the 0 at the start of the number (e.g. 082 1234 567) then click Next.
  7. A 6-digit code is sent to the phone number you entered. Enter this code on your computer then click Next.
  8. Once the SMS is verified, click Done.

 

I have been authenticating via an SMS verification code, but I now want to use the mobile app for authentication
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. Click + Add method.
  4. In the Add a method dialogue box, select Authenticator app then click Add.
  5. Under How do you want to use the mobile app?, select Receive notifications for verification then click Set up.
  6. A Configure mobile app page opens, containing a QR code.
  7. On your mobile phone, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your phone: https://www.microsoft.com/en-us/security/mobile-authenticator-app)
  8. On your mobile phone, open the app:
    1. On the privacy page, tap I agree.
    2. On the next page, in the top right-hand corner, tap Skip.
    3. On the next page, tap Add account.
    4. On the next page, tap Work or school account.
    5. You may be asked to allow the Authenticator app to use your camera / take pictures and record video. Allow the app to do so.
    6. Point your phone camera at the QR code on your computer screen (i.e. where you are setting up MFA).
  9. On your computer, click Next.
  10. Once your authentication activation status has been checked, click Next.
  11. On your mobile phone, an Approve sign-in? notification will pop up.
    1. Tap Approve.
    2. Enter your phone’s screen lock PIN / password / pattern / biometric data if enabled (e.g. fingerprint).
  12. On your computer, on the Security info page, click Set default sign-in method.
  13. Select Microsoft Authenticator – notification then click Confirm.
  14. The Authenticator app on your phone is now set as your default authentication method.
  15. In the authenticator app, tap the 3 dots / 3 lines in the top-right corner then tap Settings.
  16. Ensure that App Lock is enabled. (It may already be enabled by default, but if not, please enable it.)
I’ve gotten a new smartphone and want to use the app for authentication on my new phone
  1. On a computer where you already signed in to your UCT Office 365 account, navigate to https://myaccount.microsoft.com. If you are prompted to log in, do so using your UCT credentials (staff / student number@wf.uct.ac.za and UCT password).
  2. In the left-hand menu, select Security info.
  3. In the line that reads Microsoft Authenticator followed by the model of your old phone, click Delete.
  4. Click + Add method.
  5. In the Add a method dialogue box, select Authenticator app then click Add.
  6. Under How do you want to use the mobile app?, select Receive notifications for verification then click Set up.
  7. A Configure mobile app page opens, containing a QR code.
  8. On your new mobile phone, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your new phone: https://www.microsoft.com/en-us/security/mobile-authenticator-app)
  9. On your new mobile phone, open the app:
    1. On the privacy page, tap I agree.
    2. On the next page, in the top right-hand corner, tap Skip.
    3. On the next page, tap Add account.
    4. On the next page, tap Work or school account.
    5. You may be asked to allow the Authenticator app to use your camera / take pictures and record video. Allow the app to do so.
    6. Point your phone camera at the QR code on your computer screen (i.e. where you are setting up MFA).
  10. On your computer, click Next.
  11. Once your authentication activation status has been checked, click Next.
  12. On your new mobile phone, an Approve sign-in? notification will pop up.
    1. Tap Approve.
    2. Enter your phone’s screen lock PIN / password / pattern / biometric data if enabled (e.g. fingerprint).
  13. On your computer, on the Security info page, click Set default sign-in method.
  14. Select Microsoft Authenticator – notification then click Confirm.
  15. The Authenticator app on your new phone is now set as your default authentication method.
  16. In the authenticator app, tap the 3 dots / 3 lines in the top-right corner then tap Settings.
  17. Ensure that App Lock is enabled. (It may already be enabled by default, but if not, please enable it.)

Set up MFA on a second device

If you’d like to set up a second mobile device (i.e. tablet or smart phone) to complete MFA authentication for your UCT account, follow the instructions below. Note that adding a second device works with the Microsoft Authenticator app only. You cannot set up a second device to use SMS verification.

  1. Make sure you have your first authentication device on you, as you will need it to set up the new device.
  2. On your second device, install the Microsoft Authenticator app by Microsoft Corporation. (To ensure that you install the correct app and not a fake app, please email the following link to your device: https://www.microsoft.com/en-us/security/mobile-authenticator-app) 
  3. Once installed, open the app then tap Add work or school account, then tap Sign in. (Note that on some devices, you may be taken directly to the sign in screen without having to tap Sign in.)
  4. Enter your UCT staff / student number@wf.uct.ac.za then tap Next.
  5. On the UCT sign-in screen, enter your UCT password then tap Sign in. If you are prompted to enter your password again after this, do so.

    Note: On some devices, you may be presented with a Verify your identity screen at this point. If this is the case, select the method that matches your first device’s authentication option (i.e. SMS verification or app).

    My first device uses the app
    1. On your second device, tap Approve a request on my Microsoft Authenticator app.
    2. On your first device, tap the Approve sign-in? notification.
    3. A window will appear asking you to Enter the number shown to sign in.
    4. Enter the number which appeared on your second device, then tap Yes.
    5. When prompted, enter your device’s screen lock PIN / password / pattern or, if enabled, biometric authentication (e.g. your fingerprint).
    My first device uses SMS verification
    1. On your second device, tap Text + XX-XXXXXXXXX.
    2. A text code is sent to your first device.
    3. On your second device, enter the text code, then tap Verify.
    4. Upon successful verification, tap Done.
  6. Return to your second device. On the Sign in with your phone page, tap Continue.
  7. On the next page, tap Register to register the new device for MFA.
  8. When prompted, enter your device password / pattern / biometric sign-in.
  9. On the Account added page, tap Continue / Finish.
  10. In the authenticator app, tap the 3 dots / 3 lines in the top-right corner then tap Settings.
  11. Ensure that App Lock is enabled. (It may already be enabled by default, but if not, please enable it.)

Your second device is now ready to use for MFA verification. When you try to sign into one of your UCT MFA-enabled services on a new browser or device, you'll get a prompt asking you to verify your identity. You can now verify on either your first or second device:

Verify on your first device
  • If your first device is set up using the authentication app, select Approve a request on my Microsoft Authenticator app, then use the app to complete the verification process on your first device.
  • If your first device is set up using SMS only, select the Text + XX-XXXXXXXXX option to receive the text code on your first device, then use the text code to complete the verification on your first device.
Verify on your second device
  • Select Approve a request on my Microsoft Authenticator app, then use the app to complete the verification process on your second device.

Outdated authentication protocols

Some customers may be using applications - such as an email client - which is outdated or has been configured using legacy authentication protocols. This presents a challenge, as these protocols are more vulnerable to attacks by cyber criminals, which puts both the customer and the UCT network at risk. ICTS has enabled a policy prohibiting the use of legacy authentication protocols, ahead of Microsoft discontinuing support for these protocols in October 2022. So, if you are using these, you will need to upgrade your application as these protocols are no longer able to access UCT data.

How do I know if I'm using legacy protocols?

Legacy protocols would generally pop up if they access their UCT email via an older client that uses IMAP, SMTP, or POP3. Examples of these include Outlook 2010, older versions of Apple mail, and older versions of the Gmail mobile app (where the customer connects their UCT email account to the Gmail app). A list of legacy protocols which are not compatible with MFA is provided in our FAQs article.

If you are impacted by this, we have sent an email to you and ask that you please follow the requested instructions immediately.

Alternatively, if you're concerned that you may be using legacy protocols, please contact the IT Helpdesk for assistance.

What do I need to do?

If your application is using legacy protocols, please update it to one that uses modern authentication. For example, when it comes to email clients:

  • For PCs / laptops / Mac computers: We recommend using Outlook 2016 or later.
  • For mobile devices: We recommend the latest version of the official Outlook app (available for Android and iOS). Once you have downloaded the app, use this information when setting it up with your UCT email account.
Important: Please note that this request applies only to applications you use with your UCT account. For example, if you are accessing your UCT email via the Gmail mobile app, we ask that you remove your UCT email account from these apps and connect your UCT email account to one of those recommended above. For your personal and other non-UCT email account(s), you may continue to use your existing email clients.

When do I need to do it by?

ICTS prohibited these protocols in September 2022, so if you were impacted, you will need to update immediately if you want to retain access to your UCT data.

Once your application’s specific protocol is not supported, you will not be able to access your UCT account with that application. You won’t be able to connect, or you simply won't receive new content in that application. Alternatively, you may receive a system email from Microsoft stating that “Your email access has been blocked.”

Help and feedback

For frequently-asked questions about MFA at UCT, please visit: https://icts.uct.ac.za/services-your-account-set-multi-factor-authentication-your-uct-account/faqs-multi-factor-authentication

 
 
Revised by Yacoob Manjoo
Last modified 3 weeks ago