sheridan
IT Services
Accounts & Access

MFA decorative imageMultifactor Authentication

[updated December 1, 2021] Multifactor Authentication (MFA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence to prove their identity –  something they know and something they have. At Sheridan we are using your username/password as 'something you know' and a code generated by an Authenticator app on your phone as 'something you have'.

MFA FAQs

Why do we need this?

Passwords alone aren't enough anymore as they can often be stolen, guessed, or compromised. Multifactor authentication adds a second layer of security, keeping your account secure even if your password is compromised. 

It's important to remember that your Sheridan account is the key to many of the College's central services. If your account is compromised, it puts not only yourself at risk, but also other users along with critical and sensitive information.

How will it work?

When you go to access a Sheridan service using SSO, you will login with your username and password as usual. Following this you will be prompted to enter a 6-digit code to complete your login – this code can be accessed on your mobile phone via the Authenticator app. Once you enter the code, your login will be completed.

How often will I need to do this?

You'll only see the MFA prompt on your first login to a service. For subsequent logins to any other SSO connected service there will be no further MFA prompts unless…

  • 8 hours have passed
  • you quit/restart your browser
  • you try to access the service using a different browser
  • you use another device to access a service
  • your IP address changes (e.g. when using a VPN connection)

What if I don’t have a mobile device or don't want to use my device for this?

If you don’t have a mobile device or if you have one and would rather not use it for authentication purposes, we can arrange to provide you with a token device, a small piece of hardware that can generate authentication codes for you. To request a token device contact the IT Service Desk.

App Set-up & Usage

You can use either the Google Authenticator or Microsoft Authenticator app to generate authentication codes.

Setting Up Google Authenticator

To avoid any potential issues, we strongly recommend you install the Google Authenticator app BEFORE accessing the MFA website and scanning the QR code. Google Authenticator* is a free utility and is available from the Google Play Store for Android users and from Apple's App Store for iOS users.

Note: upon installing the Authenticator app, you will be prompted to grant permission for the app to access your camera – you will need to do this in order for the app to work.

  1. Launch the Google Authenticator app on your phone/mobile device
  2. Click the 'plus' (+) symbol near the bottom of the screen to add a new account.
  3. Choose 'Scan a QR code'
  4. Open a web browser on your computer and go to: https://mfa.sheridancollege.ca
  5. Scan the QR code that appears on-screen to complete your account set-up. You will only need to go through the set-up process once.
    QR Code for MFA
  6. After scanning you will see the automatically generated authentication code you will need to complete your SSO login.
    Google Authenticator example

Setting Up Microsoft Authenticator

To avoid any potential issues, we strongly recommend you install the Microsoft Authenticator app BEFORE accessing the MFA website and scanning the QR code. Microsoft Authenticator is a free utility and is available on the Google Play Store for Android users and on Apple's App Store for iOS users.

Note: upon installing the Authenticator app, you will be prompted to grant permission for the app to access your camera – you will need to do this in order for the app to work.

  1. Launch the MS Authenticator app on your phone/mobile device
  2. Tap Add account.
  3. When prompted for type of account you will be adding, select Work or school account.
  4. Select Scan QR code.
  5. Scan the QR code that appears on-screen to complete your account set-up. You will only need to go through the set-up process once.
    QR Code for MFA
  6. After scanning you will see the automatically generated authentication code you will need to complete your SSO login.
    MS Authenticator screen showing code

Logging into a System with MFA

  1. When you try accessing a system utilizing MFA, you will be presented with the SSO log-in screen as usual. Enter your username and password and Login.
    SSO login window
  2. You will now be prompted to enter the 6-digit code generated by the Google Authenticator app on your mobile device.
    authentication code prompt screen
  3. Enter the code noted in the app to complete your login.
    Google Authenticator example
    Use the code as shown in the app (do not use the example shown above) to complete your login

    Login screen with code

Additional Information

Exporting Authenticator Codes to a New Device

The links below will provide instruction on how to easily transfer Authenticator codes to a new phone, allowing you to keep using MFA authentication functionality without starting from scratch.

Google Authenticator

Microsoft Authenticator

Using Google Authenticator on Multiple Devices

You can install the Authenticator app on multiple devices by using the ‘transfer accounts’ functionality. This does not remove the account from the device you ‘transfer’ it from.

On the registered device you have the working code on: 

  • Open Google Authenticator
  • Click on the three dots [] in the upper right hand of the screen
  • Select ‘Transfer accounts
  • Select ‘Export accounts
  • Authenticate
  • Check/uncheck the accounts to transfer
  • Click Next
  • After completing the steps below click Done

On the device you want to transfer the Authenticator account to: 

  • Open Google Authenticator
  • Click + to add the code
  • Select ‘Scan a QR code
  • Scan the code from your other device

Using Microsoft Authenticator on Multiple Devices

You can install the Authenticator app on multiple devices by using the ‘transfer accounts’ functionality. This does not remove the account from the device you ‘transfer’ it from.

Note: you will need to use a personal Microsoft account to enable Cloud backups. If you do not wish to do this, use Google Authenticator instead.

On the registered device you have the working code on: 

  • Open Microsoft Authenticator
  • Tap the three dots [] at the top right (Android) or the hamburger menu on the top left (iOS)
  • Tap “Settings
  • Enable “Cloud backup”/”iCloud Backup

On the device you want to transfer the Authenticator account to: 

  • Open Microsoft Authenticator
  • Tap the three dots [] at the top right (Android) or the hamburger menu on the top left (iOS)
  • Tap “Settings
  • Select “Begin Recovery
  • Your account and its settings will be added to your device

Hardware Token Devices

As mentioned earlier in this document, if you don’t have a mobile device or if you do and would rather not use it for authentication purposes, we can arrange to provide you with a token device, a small piece of hardware that can generate authentication codes for you. To request a token device contact the IT Service Desk.

Resetting a Hardware Token Device

In the event there is an issue with a hardware token device or if the token seed needs to be reset, contact the IT Service Desk.

Support

If you issues or any questions or concerns, contact the IT Service Desk for assistance,