MFA (English): Forskjell mellom sideversjoner
Ingen redigeringsforklaring |
Ingen redigeringsforklaring |
||
(17 mellomliggende versjoner av en annen bruker er ikke vist) | |||
Linje 1: | Linje 1: | ||
__TOC__ | __TOC__ | ||
===Why are we using MFA?=== | ===Why are we using MFA?=== | ||
IT Security has changed quite a bit over the last few years. Among other things, it has become more difficult to detect fraud attempts where usernames and passwords are lost.<br> | IT Security has changed quite a bit over the last few years. Among other things, it has become more difficult to detect fraud attempts where usernames and passwords are lost.<br> | ||
One of the most effective measures is to introduce multi-factor authentication (MFA). UiB is now introducing MFA for all employees and students. This will | One of the most effective measures is to introduce multi-factor authentication (MFA). UiB is now introducing MFA for all employees and students. This will primarily<br> | ||
be introduced for Office 365-related products and services.<br> | be introduced for Office 365-related products and services.<br> | ||
Linje 12: | Linje 10: | ||
MFA stands for Multi Factor Authentication and basically means that you use two factors to confirm your identity when logging in.<br> | MFA stands for Multi Factor Authentication and basically means that you use two factors to confirm your identity when logging in.<br> | ||
One factor is of course your password and the other factor is to confirm via either SMS or an App (Authenticator).<br> | One factor is of course your password and the other factor is to confirm your identity via either SMS or an App (Authenticator).<br> | ||
This means that the data you have access to | This means that the data you have access to is 99.9% less exposed to the risk of identity theft. <br> | ||
===How do I sign up for MFA?=== | ===How do I sign up for MFA?=== | ||
[[fil:MFA-knapp.png|300px|link=https://forms.office.com/Pages/ResponsePage.aspx?id= | [[fil:MFA-knapp-eng.png|300px|link=https://forms.office.com/Pages/ResponsePage.aspx?id=vCSKZI2pJUCcYEjBmhQgadjzpqjRBg5AhSw9LeZEDmpUMEZRWTdROTJWOFNISVAwVEVEQkNSUkRCQiQlQCN0PWcu |alt="Click here to activate MFA for your account"]] | ||
If you do not already have MFA activated and want to use it, you can fill out the form linked to on the blue button above. Then you will at the next login <br> | If you do not already have MFA activated and want to use it, you can fill out the form linked to on the blue button above. Then you will at the next login <br> | ||
to an Office365 service such as Teams, OneDrive or the Office Portal be prompted to set up MFA. After completing the form, it is recommended to log out of the Office session <br> | |||
in the browser by going to the [http://portal.office.com Officeportal], select | in the browser by going to the [http://portal.office.com Officeportal], select '''Sign out''' on your profile at the top right - and then Log in again. You should now be asked to set up MFA .<br> | ||
=== | ===How do I use MFA properly?=== | ||
The first time you log in after MFA is activated, you must set up the service with your personal contact information. This should be done via PC and you would also need access to your <br> | The first time you log in after MFA is activated, you must set up the service with your personal contact information. This should be done via PC and you would also need access to your <br> | ||
mobile phone. When the service is activated, you will be prompted to add the information. It is possible to use both SMS or an App to confirm | mobile phone. When the service is activated, you will be prompted to add the information. It is possible to use both SMS or an App to confirm your identity. Which of the two you choose<br> | ||
your identity. Which of the two you choose to use is a matter of your own preference, but UiB recommends using the app for this because it is easier to use and faster than typing | to use is a matter of your own preference, but UiB recommends using the app for this because it is easier to use and faster than typing a verification code each time. <br> | ||
a verification code each time. <br> | |||
<br> | <br> | ||
If you want help down the road, you can use the following step-by-step guide to set up the service for your user: https://it.uib.no/Aktivere_MFA (Norwegian)<br> | If you want help down the road, you can use the following step-by-step guide to set up the service for your user: https://it.uib.no/Aktivere_MFA (Norwegian)<br> | ||
=== | ===Conditional access excludes MFA in certain cases=== | ||
* | |||
* For | * Duration of 30 days per session (Example: Word, PowerPoint, browser). If you use different browsers this will be different sessions. You should therefore usually be asked only one authentication per 30 days, per application. <br> | ||
* For client-driven computers, we will in the long run require that you use Windows Hello with PIN or a biometric device, which together with TPM works as the second factor. <br> | |||
=== | ===How do I change my default authentication method?=== | ||
You can change which method is the default for your user. You can easily add more methods so that you have more options by pressing '''Add method'''. <br> | |||
You can edit this trough [https://account.activedirectory.windowsazure.com/Proofup.aspx?BrandContextID=O365&ruO365 this page]. Press '''Change''' to change method: <br> | |||
[[File:MFA-Endtestd.png|400px]]<br><br> | [[File:MFA-Endtestd-eng.png|400px]]<br><br> | ||
Then select the desired method - in this example we change to "Microsoft Authenticator - notification".<br> | |||
[[File:MFA-Endtestd2.png|400px]]<br><br> | [[File:MFA-Endtestd2-eng.png|400px]]<br><br> | ||
Afterwards we can see that the default method has changed:<br> | |||
[[File:MFA-Endtestd3.png|400px]] | [[File:MFA-Endtestd3-eng.png|400px]] | ||
=== | ===What if I forget my cell phone at home?=== | ||
You will rarely be asked about MFA if you are using a computer set up by the IT department.<br> | |||
=== | ===What if I lose my cell phone?=== | ||
Consult [https://it.uib.no/IT_brukerst%C3%B8tte BRITA (Support from IT-department)] as soon as possible if you lose your mobile phone.<br> | |||
To reactivate MFA with a new phone you will [[#How_do_I_use_MFA_properly.3F|have to follow the instructions for initial setup over again.]]<br> | |||
=== | ===Useful info=== | ||
* | * Accounts with admin roles already have MFA.<br> | ||
* | * We recommend using the "Microsoft Authenticator" APP with one-touch authentication for Android and iOS. Google Authenticator also works, but then with six-digit code and not one touch.<br> | ||
* | * We also want to offer USB stick as an alternative to the Authenticator App. Contact support if you want to test this.<br> | ||
* | * The change is announced here: https://bs.uib.no/?module=change&action=view&tid=8947<br> | ||
* | * If you want to prepare - you can use this link in advance to set up the desired method and also to download and configure the app:<br>https://account.activedirectory.windowsazure.com/Proofup.aspx?BrandContextID=O365&ruO365 | ||
* | * The same link can also be used to change the default selection for approval later.<br> | ||
* | * If you want to know more about MFA [https://www.microsoft.com/nb-no/security/business/identity/mfa you can read more about it here]. | ||
[[Kategori:MFA]] | [[Kategori:MFA]] | ||
[[Kategori:Office 365]] | [[Kategori:Office 365]] | ||
[[Kategori:Tjenester fra IT-avdelingen]] | [[Kategori:Tjenester fra IT-avdelingen]] |
Siste sideversjon per 14. sep. 2020 kl. 08:47
Why are we using MFA?
IT Security has changed quite a bit over the last few years. Among other things, it has become more difficult to detect fraud attempts where usernames and passwords are lost.
One of the most effective measures is to introduce multi-factor authentication (MFA). UiB is now introducing MFA for all employees and students. This will primarily
be introduced for Office 365-related products and services.
What is MFA?
MFA stands for Multi Factor Authentication and basically means that you use two factors to confirm your identity when logging in.
One factor is of course your password and the other factor is to confirm your identity via either SMS or an App (Authenticator).
This means that the data you have access to is 99.9% less exposed to the risk of identity theft.
How do I sign up for MFA?
If you do not already have MFA activated and want to use it, you can fill out the form linked to on the blue button above. Then you will at the next login
to an Office365 service such as Teams, OneDrive or the Office Portal be prompted to set up MFA. After completing the form, it is recommended to log out of the Office session
in the browser by going to the Officeportal, select Sign out on your profile at the top right - and then Log in again. You should now be asked to set up MFA .
How do I use MFA properly?
The first time you log in after MFA is activated, you must set up the service with your personal contact information. This should be done via PC and you would also need access to your
mobile phone. When the service is activated, you will be prompted to add the information. It is possible to use both SMS or an App to confirm your identity. Which of the two you choose
to use is a matter of your own preference, but UiB recommends using the app for this because it is easier to use and faster than typing a verification code each time.
If you want help down the road, you can use the following step-by-step guide to set up the service for your user: https://it.uib.no/Aktivere_MFA (Norwegian)
Conditional access excludes MFA in certain cases
- Duration of 30 days per session (Example: Word, PowerPoint, browser). If you use different browsers this will be different sessions. You should therefore usually be asked only one authentication per 30 days, per application.
- For client-driven computers, we will in the long run require that you use Windows Hello with PIN or a biometric device, which together with TPM works as the second factor.
How do I change my default authentication method?
You can change which method is the default for your user. You can easily add more methods so that you have more options by pressing Add method.
You can edit this trough this page. Press Change to change method:
Then select the desired method - in this example we change to "Microsoft Authenticator - notification".
Afterwards we can see that the default method has changed:
What if I forget my cell phone at home?
You will rarely be asked about MFA if you are using a computer set up by the IT department.
What if I lose my cell phone?
Consult BRITA (Support from IT-department) as soon as possible if you lose your mobile phone.
To reactivate MFA with a new phone you will have to follow the instructions for initial setup over again.
Useful info
- Accounts with admin roles already have MFA.
- We recommend using the "Microsoft Authenticator" APP with one-touch authentication for Android and iOS. Google Authenticator also works, but then with six-digit code and not one touch.
- We also want to offer USB stick as an alternative to the Authenticator App. Contact support if you want to test this.
- The change is announced here: https://bs.uib.no/?module=change&action=view&tid=8947
- If you want to prepare - you can use this link in advance to set up the desired method and also to download and configure the app:
https://account.activedirectory.windowsazure.com/Proofup.aspx?BrandContextID=O365&ruO365 - The same link can also be used to change the default selection for approval later.
- If you want to know more about MFA you can read more about it here.