Useful information about two-factor authentication at AU

On this page you get information on why you should activate two-factor authentication and guides on how to do it. AU recommends the Microsoft Authenticator-app.


Why two-factor authentication?

Two-factor verification adds an extra layer of security. When logging in to your mailbox in future, you will need to use your password and one other factor or form of verification. We recommend that you use Microsoft’s app for this purpose. You must thus enter your password and press ‘Approve’ in the mobile app. This will effectively help stop phishing attacks, as hackers will no longer be able to access your mailbox using just one password. They will also need to have access to your mobile app.

Why mobile phone?

Why a mobile phone? The use of a mobile phone as the second step in the two-factor authentication ensures, that the second step happens on a device you presumably have with you all the time. The use of a mobile phone can be done in several ways. We recommend as written that you install an app if you have a smartphone, but the approval process can also happen by an SMS message or a phone call. If you choose to use the option with the SMS message, you will receive an SMS message with a code to be entered. It is not a requirement that the mobile phone is issued by Aarhus University.

The use of the app is not dependent on you using your mobile phone to access AU e-mail or among other things. The app is generic and can also be used in combination with several other services e.g. Facebook.

We recommend that you use the mobile phone that you are most likely to have on you.  

Guide on how to set up two-factor authentication

NB! Click here if you don't have a mobilephone  

1. Download and install the "Microsoft Authenticator" app on your mobile. Do not open the app yet – merely install it. You will find the app in App Store or Google Play. 

Microsoft Authenticator icon

2. Do not open the app yet
3. Log in to https://aka.ms/MFASetup.  (On your computer)
4. Click on “Next” to continue with setup. (On your computer)
4a. If not showing the correct @uni.au.dk user then click "Use different Account"


and enter your AU-ID or EXT-ID as shown below
 


5. Click next


6. Click next


7. Click next and now open the ”Microsoft Authenticator” app (on your mobile)
8. Add an account in the app and select ”Work or school account” (on your mobile) and then scan QR-code 


9. Keep your mobile in front of your computer screen so the app can capture the QR code. See example below.

This is how it looks on your mobile:


This is how it looks on your computer:


10. After you scan the QR code, choose ”Next” (on your computer)


11. Open the app (on your mobile) and enter the number shown on your computer.


12. Click next


13. Click Done. Your two-factor authentication is now set with the Microsoft Authenticator app.

How two-factor authentication works with Outlook/Webmail/Teams

When you log in to your mail, e.g. at https://webmail.au.dk, and enter your username and password, you will subsequently be asked for two-factor authentication. Your username is always in the format au[auid]@uni.au.dk

When signing in you will be presented with a number in your browser. From here you need to open your Microsoft Authenticator App on your mobile device and tap that number into the app to complete the approval. 
 

How two-factor authentication works on VPN

Connect to the VPN service and have your smartphone ready:

Enter your username, eg. au123456@uni.au.dk (for consultants: ext-xxx@uni.au.dk ) and password:

On your mobile you will see a drop-down menu on which you can select ‘Approve’ or ‘Deny’. Select ‘Approve’.

If you do not manage to press ‘Approve’ on the drop-down menu you can always open the Microsoft Authenticator app and press ‘Approve’ there. When you’ve pressed ‘Approve’ on the app you will be logged in.

Remember that you must enter your username in the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk.

What if I don’t have any mobile coverage?

If you are out of range you cannot carry out two-factor authentication in the app. If you see a dialog like the one below you can temporarily change your authentication method by clicking "Sign in another way". If you are trying to log on to a system that does not give you the option of temporarily change method, you will need to change your standard method as described here.

Click on ‘Use a verification code from my mobile app’.

Enter the code and press ‘Verify’.

You will find your six-digit verification code by opening the ‘Microsoft Authenticator’ app on your mobile.

Mobile app or text messages? Change settings

Two-factor authentication can be set up so you will be contacted in the following ways:

  • Information via app (Mobile app)
  • Text message
  • Call
  • Authentication code from app

If you have a smartphone we recommend ‘Information via app’/‘Mobile app’. This is the most secure setup. 

If you want to change your settings you can do so here. If you have allready followed the above guide "guide on how to set up two-factor authentcation", you can supply the authentication login with a mobile number. Click on "Add sign-in method" and supply your mobilenumber

What if I don’t have a mobile?

If you don’t have a mobile (you may use your private phone if you wish to) you can instead choose to use a hardware token. You may only order a hardware token if you absolutely need one, e.g. if you don't have access to a mobile phone. 

See more about hardware tokens here.

How to setup two-factor authentication if you have a landline

When you receive the email stating that you can set up two-factor authentication you must go to https://portal.office.com to do so.

If asked to enter your username you must always use the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk. If you’re at your work computer at AU you will not necessarily be asked to enter either your username or your password.  

If you see the following dialogue box in Outlook you can instead start setup of two-factor authentication here by clicking on ‘OK’.

When you log in to https://portal.office.com, you will see the following message. Click on ‘Next’ to continue with setup.

Select ‘Phone number (approval)’. Select ‘Denmark (+ 45)’ as country code and enter your landline number. Select ‘Call me’ under Method, and conclude with ‘Next’.

A robot will now call your landline and ask you to press # to confirm that it is you who are attempting to log in.

Click on ‘Finished’.

Lost, stolen or new mobil

Stolen or lost mobile

If your phone has been stolen or you have lost it in some other way, you will have to get your two-factor authentication set up again. You must contact Support for help with this. Support can also help get the content deleted.

New mobile

If you’ve got a new mobile you must transfer your two-factor authentication to it. For this setup you need your old mobile, so wait resetting and deleting the app.

1. Login to https://aka.ms/MFASetup (on your computer).


2. Login with your AUID or EXT-ID as shown above


3. Click on "Add sign-in method"


4. Choose Authenticator app and click add

5. Go to step 5 in the guide "Guide on how to set up two-factor authentication" (see above) 
 

Registration in Intune Company Portal

If your mobile device has been used for AU data and work related applications and is registrated in Intune Company Portal, you need to remove your old device. The device can be removed from here

 

Instructions for assessment- and appointment committee

How to setup two-factor authentication with SMS.


1. Log in to https://aka.ms/MFASetup in private window (incognito) on your computer


2. Log in with your account AUID@uni.au.dk, eg. au111111@uni.au.dk, and your password. (Password can be changed here)


3. When more information is required,click next 


4. You will now enter this page


5. Choose "Authentication phone"


6. Chose country code for your mobile number 


7. Choose your mobile number to which two-factor authentication code will be send


8. Choose method "Send me a code by text message"


9. Click next


10. An authentification code will be send to the given mobile number


11. Insert the authentification code to confirm your mobile number


12. Click verify


13. If two-factor authentification has been set correctly you will see this 


14. Click done

When you log in to systems that require two-factor authentification, you will see the below screen shot 

Note: a new authentification code will be send to the registered mobile number for each login