Installing (MFA) Multi-Factor Authentication Management
Multi-Factor Authentication (MFA)
All SUNY Geneseo students must use Multi-Factor Multi-factor authentication (MFA) when logging into campus systems to decrease the likelihood of others accessing their data.
Specifically, it enhances the security of your Geneseo User ID by using your phone, tablet, or other device to verify your identity when you attempt to access SUNY Geneseo’s network and resources.
Don't get locked out!
Deleting Microsoft Authenticator or transferring it to a new phone number will break the trust between Microsoft and your device, and you'll need to use one of your other configured MFA methods to reestablish that trust.
If you have no other MFA methods configured and cannot sign in to your account, please call the CIT HelpDesk at 585-245-5588. They will verify your identity over the phone, and walk you through reestablishing a working MFA method.
Download the Microsoft Authenticator App
The free Microsoft Authenticator app (available for iOS and Android devices) is our recommended authentication method and sends a "push" notification to your device to verify your login attempt.
It also provides a rotating code you can type in if your mobile device doesn't have internet connectivity and can't receive push notifications.
Please see Microsoft's official Authenticator App method documentation for instructions on adding this method to your account.
MFA App for iOS MFA App for Android
Adding MFA methods
Access your Microsoft security info, or sign in to my.geneseo.edu.
See below for specific instructions.
Phone Verification
For US phone numbers, located in the US only, Microsoft will call your phone number and prompt you to approve your pending sign-in.
Please see Microsoft's official phone method documentation for instructions on how to add this method to your account.
Text (SMS) Message
For US phone numbers, located in the US only, Microsoft will send a text (SMS) message with a code to be entered in the login window.
Please see Microsoft's official SMS method documentation for instructions on adding this method to your account.
Security Key
Any FIDO2-compatible physical security key can be registered and used with Geneseo accounts. See Microsoft 365 Passwordless Authentication for more details.
Click on your initials in the upper right corner, and select "Manage Security Info"
To Add a method, click + Add method. If you do not have any methods, you will be automatically prompted to create your first one.
Select the type of method you want to add.
Follow the prompts for the selected method.
Just One Is Never Enough!
Configure multiple MFA methods so that losing one does not prevent you from accessing your Geneseo account! Common ways to lose access to MFA methods are:
Getting a new phone - the Microsoft Authenticator app does not support transfer or backup/restore.
Traveling abroad to a place where your US phone number cannot receive SMS or calls.
Remove an MFA Method
Access your Microsoft security info
Find the method you want to remove in the list and click the delete option
Change your default MFA method
Access your Microsoft security info
Click Change
Select the method you would like to use from the drop down menu
Unexpected Notifications?
If you receive a notification when you are not attempting to log in, deny the request and use the 'report as fraud' function within the app.
"Other" Authenticator Apps
Any app that supports scanning MFA QR codes (ie. implements the Time-based One Time Password, or TOTP, protocol) may be used with your Geneseo account. The following are popular choices:
Google Authenticator
Apple iCloud Keychain (only on Apple devices)
Authy
BitWarden ($10/year subscription to unlock support for this MFA method)
LastPass
Add one of these apps by going to your Security Info page, then:
Click the add sign-in method
Select the authenticator app and click Add
Click I want to use a different authenticator app
Click next
Follow the instructions from your other authenticator app for reading the QR code. Once your app displays a 6-digit code for this new account, click next
Enter the 6-digit code displayed in your other authenticator app when prompted by Microsoft, and click next. This confirms to Microsoft that your other authenticator app correctly parsed the secret information in the QR code.
Available Methods
Troubleshooting and Questions
Owner (area) | Support Services |
---|---|
Reviewed by | @David Blood |
Review Date | Sep 10, 2024 |