Deployment of Multifactor Authentication (MFA) and management of authentication methods

Multifactor Authentication (MFA) will be introduced to all University of Helsinki online services on the 25th of March.

Read more information about MFA deployment at the University on Flamma (logging in required).

Starting on 25 March 2023, Multifactor Authentication will be required of all users upon login.

When you log in, you will receive a More information required message after entering your username and password.
By pressing the Next button, you will go to the Additional security verification page. If you have registered an authentication method before, you may see a Keep your account secure page. In this case, you can continue directly to adding an MFA method.
Employees of the University of Helsinki have their work telephone number enabled by default, but you can also choose an authentication application or enter a different phone number as a method. Phone calls should always be used as a backup method only.
The longest login interval for personal devices is 30 days, but some user groups have shorter times, such as five days for staff. On a risk basis, you may be asked to log in more often.

Instructions for obtaining a work phone can be found in Flamma.

Quick help

Deployment

When you log in for the first time, you will receive a More information required message after entering your username and password. Follow the instructions and select at least two different authentication methods on two different devices.

After this, you can manage your authentication methods at https://mysignins.microsoft.com/security-info

NB! We strongly recommend that you register at least two authentication methods on different devices. You can add authentication methods by following the instructions Use and management of MFA methods.

See the Detailed help tab for illustrated instructions

Troubleshooting

Did the deployment fail?
You can find solutions to the most common problems from the FAQ.
If you cannot find a solution to your problem here, please contact Helpdesk.

All MFA instructions compiled

Looking for other instructions or cannot find what you were looking for? Go back to the landing page of the Multifactor authenticator.

See the Microsoft website for more information

Read Microsoft’s instructions for Multifactor Authentication deployment.

Detailed help

Logging in for the first time
Authentication methods management site
Managing authentication methods
Adding an authentication method
Disabling an authentication method
Troubleshooting
All MFA instructions compiled
See the Microsoft website for more information

Logging in for the first time

Authentication methods management site

After this, you can manage your authentication methods at https://mysignins.microsoft.com/security-info.

You will then be redirected to the University's login page. At this stage, you can use the short login format (e.g. rkeskiva), but the long format, username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi), also works.

Click Sign in.

Managing authentication methods

Management of authentication methods can be found at https://mysignins.microsoft.com/security-info

After logging in, you can access the “Security Info” page where you can manage authentication methods.

You can add a new authentication method under Add method. Select the authentication method to be added from the list.

We strongly recommend that you add at least two authentication methods on two different devices. The recommended primary methods are Passkey in Microsoft Authenticator and Microsoft Authenticator. Phone call authentication should always be a backup method only.

Adding an authentication method

Management of authentication methods can be found at https://mysignins.microsoft.com/security-info

You can add a new authentication method under Add sign in method.

Select the authentication method to be added from the list that opens.

The authentification methods listed here are in the order in which they are recommended to be used. We recommend you to adapt multiple different authentification methods using two different devices so that you have alternative ways to authenticate your sign-in in case one of the other methods is not available (i.e. your mobile phone is lost or broken) . You can add multiple methods of authentification as backup and choose an alternative method while you sign in in case you do not have access to your primary authentification method. Phone authentification should only be used as a backup method.

The longest login interval for personal devices is 30 days, but some user groups have shorter times, such as five days for staff. On a risk basis, you may be asked to log in more often.

Passkey in Microsoft Authenticator. The recommended primary method for verification if your mobile device supports the method (i.e. passkey).
- Read more on registering passkeys in Microsoft Authenticator in Microsoft's own instructions.
Microsoft Authenticator application. Recommended as another primary method. You authenticate signing in by entering a number code in your browser to the application.
- Read more on registering Microsoft Authenticator application as a method of verification in Microsoft's own instructions.
Security key, FIDO2-keys USB/NCF -keys that use a certificate-based method combined with a PIN-code.
- Read more on registering a security key as a verification method in Microsoft´s own instructions.
Hardware token, other Authenticator -applications or devices that create TOTP codes. These devices create a number-based code which resets every 30 seconds and can be used to sign in. They also function in devices without a network connection.
Phone call. This should never be your primary verification method and should only be used as an alternative method. An automated telephone call to the number assigned while setting up MFA which gives the user instructions on how to authenticate. By pressing the #-key, the recipient accepts the log in.
- Read more on setting up a phone call as your verification method in Microsoft's own instructions.

Disabling an authentication method

You can disable unused authentication methods by clicking on the Delete button next to them. Deleting methods is necessary if, for example, you lose your ID or change your mobile phone with the Microsoft Authenticator application.

Troubleshooting

You can find solutions to the most common problems in the separate instructions.

All MFA instructions compiled

Looking for other instructions or cannot find what you were looking for? Go back to the landing page of the Multifactor authenticator.

See the Microsoft website for more information

Read Microsoft’s instructions for Multifactor Authentication deployment.

Video instruction

Give feedback

The instructions site of the University of Helsinki's IT Helpdesk helps you with IT-related issues related to your work. Let us know how we can improve our instructions. We greatly appreciate your feedback!

How would you improve these instructions?

Deployment of Multifactor Authentication (MFA) and management of authentication methods

Deployment

Troubleshooting

All MFA instructions compiled

See the Microsoft website for more information

Table of contents

Logging in for the first time

Authentication methods management site

Managing authentication methods

Adding an authentication method

Disabling an authentication method

Troubleshooting

All MFA instructions compiled

See the Microsoft website for more information

Give feedback

Related instructions