Multi-factor Authentication (MFA) in e-mail applications

 

Desktop applications

  • Microsoft Outlook supports authentication directly and has been using it for years as a default method.
  • The Thunderbird e-mail app has functional support at least in the latest 78 series
  • The method is also supported in newer versions of Evolution.

Mobile applications

  • For mobile applications, support is available in Microsoft Outlook and is used by default.
  • Some other mobile apps may also support modern authentication, but these require you to see the application’s instructions and are not covered by the university’s support services.

See the Detailed help tab for comprehensive instructions.

Mac Mail and Calendar

MacOS 10.14 (Mojave) and later:

E-mail and calendar apps that come with MacOS 10.14 (Mojave) and later (Catalina, Big Sur) work normally. However, depending on your Mac settings, you may need to delete and re-add your e-mail and/or calendar account in order for the service to work.

MacOS 10.13 and older:

E-mail and calendar apps that come with Mac OS 10.13 and older do not work. To continue using these apps, you need to update your Mac OS. On the university computers included in centralised administration, you can upgrade the operating system to macOS Catalina via Managed Software Center. You can also switch to Outlook for Mac or use the web version called Outlook on the Web.

Instructions for new MacOS versions:

In these instructions, the previous account will be deleted and re-added. This is method is, at this time, the surest way to make Multifactor Authentication work.

First, we'll delete the previous account. If you don't already have an account, you can skip this step and go directly to the next step.

  1. Open System Preferences > Internet Accounts (@ icon)
  2. In the list on the left, select the account you want to delete. The account may be named Exchange or you may have named it, e.g. “UH”. In any case, you will see an E logo on the account.
  3. Then, press the minus button at the end of the list on the left.
  4. You'll still be asked to confirm if you're sure you want to delete the account. This confirmation shows your username in a long format: username@ad.helsinki.fi (e.g.rkeskiva@ad.helsinki.fi). Click OK.

You have now successfully deleted the account and we can re-add the account to enable Multifactor Authentication.

  1. Ensure you are in the Internet Accounts view (System Preferences > Internet Accounts  (@ icon)).
  2. In the list on the right, select Exchange. Ensure your name is correct in the Name  section and, in Email Address, enter the long form of your username: username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi).

    After entering the data, click Sign In.

  3. Next, you'll get a confirmation that your login details will be sent to Microsoft for signing in. Select Sign In.
  4. You will then be presented with the university's login window, where you will need to enter your password and select Sign in.
  5. After logging in with your username and password, you will be redirected to the Multifactor Authentication you have selected. Once authenticated, you can choose which programs you want to use with the account you have added. Here, we recommend ticking at least Mail and Calendars. When you press Done, your account is added and you can start using it. Then, open the programs you want to use your account with.
    iOS/iPadOS Mail and Calendar Mobile applications

iOS/iPadOS Mail and Calendar Mobile

iOS/iPadOS 11 or later

E-mail and calendar apps that come with iOS 11 or later work normally. However, depending on your Mac settings, you may need to delete and re-add your e-mail and/or calendar account in order for the service to work.

iOS/iPadOS 10 or older

E-mail and calendar apps that come with iOS 10 and older do not work. We recommend upgrading your device to the latest iOS version or upgrading to Outlook for iOS.

Thunderbird

These instructions apply to the use of cloud e-mail, local Exchange will be used for the time being as before. Configure the server settings as shown below, and then select Get Messages. The service opens the login in a browser window, where you log in with the username in the form username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi).

You can find illustrated instructions for Cubbli on the developers' open wiki for Cubbli and Office 365. The instructions are in English only and they can also work on other modern Linux systems.

Server Settings

  • Server Name: outlook.office365.com
  • Port: 993
  • User Name: username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi)
  • Connection security: SSL/TLS
  • Authentication method: OAuth2

Outgoing Server (SMTP)

  • Server Name: smtp.office365.com
  • Port: 587

Security and Authentication

  • Connection security: STARTTLS
  • Authentication method: OAuth2
  • User Name: username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi)

Note: for outgoing mail, OAuth2 may not appear in the list of selectable authentication methods. In this case, open the outgoing mail settings from Edit > Account Settings > Outgoing Server (SMTP) and add a new outgoing mail service with the Add button. After adding, the new service can be changed to default with the  Set Default button.

Using shared mailboxes in Thunderbird

A shared mailbox is configured as a personal account with the same settings as the personal mailbox, but:

  • In Thunderbird settings, give the username in the form: <shared mailbox>@ad.helsinki.fi
  • In the browser window, use your username during login: username@ad.helsinki.fi

Evolution

You can find illustrated instructions for Cubbli on the developers' open wiki for Cubbli and Office 365.

  1. Select New > Mail Account.
  2. Continue from Welcome to the next step.
  3. Under Under Identity, specify the following settings:, specify the following settings:
    • Full Name: Firstname Lastname
    • Email Address: firstname.lastname@helsinki.fi (e.g.raimo.keski-vaanto@helsinki.fi).
    • Uncheck Look up mail server details based on the entered e-mail address
    • Continue to the next step.
  4. Receiving email settings:
  • Server type: Exchange Web Services
  • Username: username in form username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi).
  • Host URL: https://outlook.office365.com/EWS/Exchange.asmx
  • In Authentication, select OAuth2 (Office365) in the drop-down menu.
    • If this does not appear in the menu, press the Check for Supported Types button.
  • Select Override Office365 OAuth2 settings and enter the following values:
    • Tenant: 98ae7559-10dc-4288-8e2e-4593e62fe3ee
    • Application ID: 1742df39-9a2f-4bde-94d0-bbc2d7666eba
  • Click Next.

5. Finish the settings. When you close the page, the service opens the web login window. If the window does not open automatically, select Send/Receive.

6. Log in with your university credentials in web login. Enter your username in the form username@ad.helsinki.fi (e.g. rkeskiva@ad.helsinki.fi)

Using shared mailboxes in Evolution

You cannot open an entire shared mailbox in the Evolution app, but you can open individual folders such as the Inbox under your e-mail account.

Once you have set up your e-mail account view by following the instructions above, exit the instructions.

  • Right-click the e-mail account name in the folder list on the left.
  • Select Subscribe to folder of other user...
  • In User, enter the name of the mailbox. You can find the correct name in Choose... option’s search menu.
  • In Folder name, select the box to be opened and optionally include subfolders.

After this, the added folders will appear in your account under the Foreign Folders folder.

Alpine

You can find illustrated instructions for Cubbli on the developers' open wiki for Cubbli and Office 365. he instructions are in English only and they can also work on other modern Linux systems.

Give feedback

The instructions site of the University of Helsinki's IT Helpdesk helps you with IT-related issues related to your work. Let us know how we can improve our instructions. We greatly appreciate your feedback!

How would you improve these instructions?
Back to top