Useful information about two-factor authentication at AU

On this page you get information on why you should activate two-factor authentication and guides on how to do it. AU recommends the Microsoft Authenticator-app.


Why two-factor authentication?

Two-factor verification adds an extra layer of security. When logging in to your mailbox in future, you will need to use your password and one other factor or form of verification. We recommend that you use Microsoft’s app for this purpose. You must thus enter your password and press ‘Approve’ in the mobile app. This will effectively help stop phishing attacks, as hackers will no longer be able to access your mailbox using just one password. They will also need to have access to your mobile app.

Why mobile phone?

Why a mobile phone? The use of a mobile phone as the second step in the two-factor authentication ensures, that the second step happens on a device you presumably have with you all the time. The use of a mobile phone can be done in several ways. We recommend as written that you install an app if you have a smartphone, but the approval process can also happen by an SMS message or a phone call. If you choose to use the option with the SMS message, you will receive an SMS message with a code to be entered. It is not a requirement that the mobile phone is issued by Aarhus University.

The use of the app is not dependent on you using your mobile phone to access AU e-mail or among other things. The app is generic and can also be used in combination with several other services e.g. Facebook.

We recommend that you use the mobile phone that you are most likely to have on you.  

Guidelines on setup of two-factor authentication

NB! Click here if you don't have a mobilephone.

1. Download and install the ‘Microsoft Authenticator’ app on your mobile. You should not open the app yet – merely install it. You will find the app at App Store or Google Play.


Microsoft Authenticator icon

2. Do no open the app yet. (Nothing happens if you do)

3. Log in to https://aka.ms/MFASetup.(On your computer)


4. You will see this message. Click on ‘Next’ to continue with setup. (On your computer)


4a. If not showing the correct @uni.au.dk user then click "Use different Account"

and enter your AU-ID or EXT-ID as shown below


5. Configure two-factor authentication: (On you computer)

  • Select Mobile App from the list
  • set the dot alongside ‘Receive notification of approval’.
  • Click the blue button labelled ‘Set up’.



6. Then open the ‘Microsoft Authenticator’ app. (On your mobile).

7. Add an account on the app, and select ‘Work or school account’. (On your mobile)



8. Keep your mobile in front of your computer screen so the app can capture the QR code. See example below. 


9. Click on ‘Next’


10. When you see the image below, you should click on ‘Approve’ in the ‘Microsoft Authenticator’ app on your mobile.

11. Select the country code and enter your mobile number.

12. Click ‘Next’.


13. Click  ‘Finished’ and close the window. You are now ready to use two-factor authentication.

You have now finished setting up two-factor authentication. Don't click anything else. Close the page.

How two-factor authentication works with Outlook/Webmail/Teams

When you log in to your mail, e.g. at https://webmail.au.dk, and enter your username and password, you will subsequently be asked for two-factor authentication. Your username is always in the format au[auid]@uni.au.dk

When signing in you will be presented with a number in your browser. From here you need to open your Microsoft Authenticator App on your mobile device and tap that number into the app to complete the approval. 
 

How two-factor authentication works on VPN

Connect to the VPN service and have your smartphone ready:

Enter your username, eg. au123456@uni.au.dk (for consultants: ext-xxx@uni.au.dk ) and password:

On your mobile you will see a drop-down menu on which you can select ‘Approve’ or ‘Deny’. Select ‘Approve’.

If you do not manage to press ‘Approve’ on the drop-down menu you can always open the Microsoft Authenticator app and press ‘Approve’ there. When you’ve pressed ‘Approve’ on the app you will be logged in.

Remember that you must enter your username in the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk.

What if I don’t have any mobile coverage?

If you are out of range you cannot carry out two-factor authentication in the app. If you see a dialog like the one below you can temporarily change your authentication method by clicking "Sign in another way". If you are trying to log on to a system that does not give you the option of temporarily change method, you will need to change your standard method as described here.

Click on ‘Use a verification code from my mobile app’.

Enter the code and press ‘Verify’.

You will find your six-digit verification code by opening the ‘Microsoft Authenticator’ app on your mobile.

Mobile app or text messages? Change settings

Two-factor authentication can be set up so you will be contacted in the following ways:

  • Information via app (Mobile app)
  • Text message
  • Call
  • Authentication code from app

If you have a smartphone we recommend ‘Information via app’/‘Mobile app’.

If you want to change your settings you can do so here.

What if I don’t have a mobile?

If you don’t have a mobile (you may use your private phone if you wish to) you can instead choose to use your landline or a hardware token. You may only order a hardware token if you absolutely need one, e.g. if you don't have access to a mobile phone or can't use a landline.

See more about hardware tokens here.

How to setup two-factor authentication if you have a landline

When you receive the email stating that you can set up two-factor authentication you must go to https://portal.office.com to do so.

If asked to enter your username you must always use the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk. If you’re at your work computer at AU you will not necessarily be asked to enter either your username or your password.  

If you see the following dialogue box in Outlook you can instead start setup of two-factor authentication here by clicking on ‘OK’.

When you log in to https://portal.office.com, you will see the following message. Click on ‘Next’ to continue with setup.

Select ‘Phone number (approval)’. Select ‘Denmark (+ 45)’ as country code and enter your landline number. Select ‘Call me’ under Method, and conclude with ‘Next’.

A robot will now call your landline and ask you to press # to confirm that it is you who are attempting to log in.

Click on ‘Finished’.

Lost, stolen or new mobile

Stolen or lost mobile

If your phone has been stolen or you have lost it in some other way, you will have to get your two-factor authentication set up again. You must contact Support for help with this. Support can also help get the content deleted.

New mobile

If you’ve got a new mobile you must transfer your two-factor authentication to it. 

Do this by clicking "configure authenticator app" on the following link. For this setup you need your old mobile, so wait resetting and deleting the app. You find guidance for the setup here

Registration in Intune Company Portal

If your mobile device has been used for AU data and work related applications and is registrated in Intune Company Portal, you need to remove your old device. The device can be removed from here

Instructions for assessment- and appointment committee

How to setup two-factor authentication with SMS.


1. Log in to https://aka.ms/MFASetup in private window (incognito) on your computer


2. Log in with your account AUID@uni.au.dk, eg. au111111@uni.au.dk, and your password. (Password can be changed here)


3. When more information is required,click next 


4. You will now enter this page


5. Choose "Authentication phone"


6. Chose country code for your mobile number 


7. Choose your mobile number to which two-factor authentication code will be send


8. Choose method "Send me a code by text message"


9. Click next


10. An authentification code will be send to the given mobile number


11. Insert the authentification code to confirm your mobile number


12. Click verify


13. If two-factor authentification has been set correctly you will see this 


14. Click done

When you log in to systems that require two-factor authentification, you will see the below screen shot 

Note: a new authentification code will be send to the registered mobile number for each login