Multi-Factor Authentication (MFA) Frequently Asked Questions

Issue/Question

What are some of the most common Multi-Factor Authentication questions?

Environment

  • Multi-Factor Authentication (MFA)

Resolution

What is Multi-Factor Authentication (MFA)?

The Multi-Factor part of MFA means that you will use another verified method to make sure you are who you say you are. There are traditionally three types of authentication factors:

  • Things you know, like a password
  • Things you have, like your mobile phone
  • Things you are, like your fingerprint

Access to MCC’s network and key applications now require MFA with things you know (your password) and things you have (your devices) to better secure your account beyond a username and password.


What verification methods are available for me to use?

  • Mobile app – notification (recommended method)
    • The Microsoft Authenticator App is downloaded on your smart phone and a verification request is sent to your phone. It asks you to complete the verification process by selecting Approve from a push notification.
  • Mobile app – verification code
    • The Microsoft Authenticator App is downloaded on your smart phone and you must type the code provided in the app into your device to complete the verification process.
  • Phone call
    • You will receive an automated call asking you to verify that you are attempting to log in. Press the # key to complete the verification process.
    • The code can be changed from # to any code that you specify.
    • This option must be configured with a cell phone number, or any number that dials directly back to you, and cannot be used with a phone number that uses a menu system.
    • Note that the automated call may come from multiple phone numbers, and not the same number every time.
  • SMS (text) message
    • You will receive a SMS (text) message with a six-digit code that you must type the code into the device to complete the verification process.
    • Note that text message may come from multiple phone numbers, and not the same number every time.

What happens after I register my device?

After the initial device registration, the next time you log in from off campus you will be prompted to verify your identity using the verification method you chose.

For certain services, you may be prompted to log in from on campus as well.


What happens if I take too long?

Each verification method will give a different response.

  • Mobile app – notification (recommended method)
    • Your request will time out. Simply click Send another request to my Microsoft Authenticator app to try again.

 

  • Mobile app – verification code
    • This verification method does not time-out. Instead, it waits for the correct code to be typed in. If you need another way to log in, click Sign in another way. This will take you to a screen where you can choose another method to verify your identity.

 

  • Phone call
    • If you didn’t get to your device quick enough, the verification request will time out and show the image below. Simply click Sign in another way and select Call to try again. Be sure to have your mobile device close before you try again.

 

  • SMS (text) message
    • This verification method does not time-out. Instead, it waits for the correct code to be typed in. Simply click Sign in another way and select Text to try again. Be sure to have your mobile device close before you try again.


What happens if I run into a problem during device registration?

Although this process should be the same for everyone, there may be a slight variance in what you see. If there is a step you need help with, is confusing, problematic, or not listed, please let us know. Submit a ticket via this link (select Setting up a Device under the category of Problem with MFA) or call the Service Desk at (586) 445-7156 during regular business hours.


Why am I being prompted to register my device for another app?

Each app that accesses Macomb’s data may ask you to register your device the first time you use it with MFA enabled. An example of this is registering your device with the Teams app, then having to do with same with the Outlook app.


I accidentally denied my sign in attempt, what should I do?

If you deny your verification attempt, you should submit a ticket via this link (select Accidental Account Denial under the category of Problem with MFA) or call the Service Desk at (586) 445-7156 during regular business hours.


Can I change my settings once set up?

Yes, you can both add additional devices or verification methods or remove them. See the two sections below for more information.


Adding an Additional Device

If you have an additional device you would like to register, follow the steps for the corresponding verification method. If you have two phones registered for the mobile app notification, for example, both devices will prompt you to authenticate. If you only have one phone near you, you can approve your sign on and still log in. You do not have to authenticate with both devices. The other phone’s approval prompt will simply time out.


Removing a Registered Device

If you need to remove a registered device go to the MFA User Portal at: https://aka.ms/mfasetup. It will take you to the Security info page. You should see one line for every method you have set up. Then, just click Delete for any of the methods you would like to remove from your account.

​​​​​​​

If at any point you would like to re-register a device, just follow the instructions to register the device as if it were a new device.