ºÚÁÏÍø

Services

Multifactor Authentication (MFA, 2FA, Authenticator)

Multifactor Authentication (MFA, 2FA) is a method of confirming a user’s identity with two or more pieces of evidence when signing on to a system or a service. It means that you have a second way of confirming who you are when signing into a system or service, in addition to your username and password.

MFA helps keep Aalto University services and data safe ensuring that only authorised persons have access to them. Username and password are not enough for authentication in a time of cyber attacks.

When you are working outside of the Aalto network, some of our services require MFA when you are signing in. The main method for MFA at Aalto University is Microsoft Authenticator.

Why do we use Multifactor Authentication at Aalto?

In a time of cyber attacks a username and password are not enough for authentication. With Multifactor Authentication a user’s identity is confirmed with two or more authentication methods in addition to a username and password. This can be:

  • Something you know (typically a password).
  • Something you have (a trusted device that is not easily duplicated, like a phone).
  • Something you are (biometrics).

When you use Multifactor Authentication to sign in to a service, an attacker would need access to the extra authentication method you’ve defined in addition to information on your username and password. Thus, MFA brings an additional layer of security to your user account.

Multifactor Authentication helps keep Aalto University services and data safe, ensuring that only authorised persons have access to them. 

The main method for multifactor authentication at Aalto is Microsoft Authenticator, a free app by Microsoft. You can also choose to use SMS (text message verification) or use a verification code generated by Microsoft Authenticator.

How to install Microsoft Authenticator

To install Microsoft Authenticator you need to:

  1. Register for Microsoft Authenticator. You can do this either on your mobile device or on a workstation.
  2. Download the Microsoft Authenticator app.

Mobile device     

  • Download and install the Microsoft Authenticator app from your mobile store. (Remember to accept notifications sent by the app!)
  • Note: Do not sign in to the Microsoft Authenticator app.

Mobile/Workstation

  • Go to for MFA.
  • Sign in with your Aalto email address.
    • If you don´t have an Aalto email address, enter your Aalto account in the format aaltousername@aalto.fi and choose 'Next'. Sign in with your Aalto account in the format aalto\aaltousername and type your Aalto password. Choose 'Sign in'.
  • Follow the instructions on the screen. 

We care about your privacy.

You have not yet given permission to place the required cookies from YouTube.com. Accept the required cookies to view this content.

Animation of the screens on the multifactor authentication process

Detailed instructions

After signing in to  with your Aalto email address you are prompted to download the Microsoft Authenticator app. Leave the page open, you will need it when you set up your account in the application.

If you have already downloaded the app, you can just click/tap "Next". If not, download the app. Proceed to next page.

  1. In the Microsoft Authenticator application: Press the + icon on the upper right-hand corner.
  2. In the Microsoft Authenticator application: Add a new account and choose "Work or school account".
  3. In the Microsoft Authenticator application: Proceed to the next page.
  4. Scan the QR Code on the screen at with the Microsoft Authenticator application, OR on mobile, tap on "Pair your account to the app by clicking this link."
  5. In the Microsoft Authenticator application: Proceed to the next page.
  6. In the Microsoft Authenticator application: Approve the notification that is sent to your app to test the connection.
  7. In the Microsoft Authenticator application: Once approved you'll see a text "Notification approved" on the screen. Proceed to the next page.
  8. All set (almost)! Click Done. In the opening Security info view, we strongly recommend that you add an additional authentication method, for example, an SMS code authentication. This is critical in case you, for example, change phones or lose your phone. 

    For more information, please see ‘Optional ways to use MFA’ below.

NOTE! MFA is ENABLED into use approximately 2 hours after the registration.

NOTE! You can test the functionality of the additional authentication method now by going to  with a browser

NOTE! For Aalto staff we recommend that you add also the SMS (text message verification) in addition to the Authenticator app. This helps ensure that you always have MFA available.

How to use Multifactor Authentication (MFA, 2FA)

Authentication with Microsoft Authenticator

How to use 

When you use Microsoft Authenticator as your Multifactor Authentication method, the service you are signing into will show an Approve sign in a request notification that includes a 2-digit number that you enter into Microsoft Authenticator.

  1. Open Microsoft Authenticator in your phone.
  2. Enter the numbers given in the notification, and click Ready / Enter.
  3. Once you have approved the authentication you are signed in to the service / application.
     
MFA_numbering -sign in request and approve

Optional ways to use MFA

If you for some reason cannot use the preferred method (the Microsoft Authenticator app and its notifications), here are the two optional ways to use the MFA service. 

We recommend that you add also the SMS (text message verification) in addition to the Authenticator app. This helps ensure that you always have MFA available.

  1. SMS (text message) verification
  2. Verification code from mobile app, works without mobile network

1. SMS (text message) verification

If you already have your phone number in the system, you will see the following screen, and receive a text message to the registered number to verify it is you:

MFA_optional_way_SMS_more_information_required
MFA_optional_way_SMS_setup_different_method

If you don’t have your phone number registered, you’ll see this screen. Select I want to set up a different method.

MFA_optional_way_SMS_setup_different_method_1-4

1. Select I want to set up a different method.

2. Select Phone.

3. Confirm.

4. Add your phone number and select Text me a code.

MFA_optional_way_SMS_setup_different_method_5-8

5. You will receive a code in the number you chose. You can also ask to resend the code.

6. Add the code you received.

7. This view confirms if you’ve added the matching code.

8. To finish the process, click Done.

2. Verification code from mobile app (works without mobile network)

If you haven't already done it, start by registering your account to the Authenticator app as instructed in the chapter How to take MFA into use? Once done, follow these steps when signing in with MFA:

MFA_Verification_code_from_mobile_app

1. When receiving the prompt to use MFA, select Sign in another way.

2. From the opening view, select Use a verification code from my mobile app. Open the Authenticator app, and you should see the Accounts view.

3. Copy the code from the Aalto University account (has your email address mentioned alongside the account) and enter it here.

4. You're signed in. If you want to receive fewer sign-in prompts, you can select Yes here. Now you're directed to wherever you were signing in.

More information

MFA (Authenticator) - frequently asked questions

How to reset MFA when your phone has changed, and other answers also.

Having problems with the Microsoft Authenticator (MFA) app? See how to reset it

How to reset Authenticator (MFA) when e.g. your phone has changed

This service is provided by:

IT Services

For further support, please contact us.
  • Updated:
  • Published:
Share
URL copied!