CSU Information Technology Services (ITS) has implemented Multifactor-Authentication (MFA) as a means to protect employees’, including student employees’, identities and to safeguard Office 365 (Email, OneDrive, SharePoint), and OneUSG.
How it works
Once you login to Office 365 (Email, OneDrive, SharePoint), or OneUSG on or off campus you will be redirected to verify your account by receiving a notification to certify your identity via mobile app, receiving a call, or text to your cell phone you have provided to the campus.
WHAT YOU NEED TO KNOW
* MFA is enforced on all CSU faculty, staff, and student employees' accounts without the opportunity to opt-out.
* MFA is enforced on OneUSG and Office 365 (Email, OneDrive, SharePoint) for all login attempts on and off-campus.
* You have three primary notification options: mobile app, phone call, or text message. Cell phone is setup by default. If you would like to use the Microsoft Authenticator App please visit the Google Play store, iOS App store, or Windows Store to download. Once you have it, go to https://mfa.clayton.edu/MultiFactorAuth/ and tell it to use the app for verification.
WHAT IS MULTIFACTOR-AUTHENTICATION (MFA)?
MFA provides an extra layer of security to your online accounts by requiring a second form of log-in verification. The authentication process provides a variety of ways for you to access your account, which include requesting a text message or phone call verification or using the Microsoft Authenticator app.
WHY IS CSU IMPLEMENTING MFA?
MFA two-step log-in process prevents attackers from gaining access to email accounts and sensitive academic, financial and human resources information in the event that password credentials are compromised. MFA has become a best practice at other universities as well as many online email providers and financial institutions.
DO I HAVE TO AUTHENTICATE EVERY TIME I LOG IN?
You will only have to authenticate if you log in to Office 365 and OneUSG. MFA will NOT be required when using the Outlook desktop client (including using the desktop client via remote access).
WHAT IF I DO NOT HAVE A CELL PHONE? OR I LOSE MY CELL PHONE? OR I CHANGE MY PHONE NUMBER? OR I AM OUT OF THE COUNTRY?
Please contact the Hub to update your authentication method and update your phone numbers.(This shouldn’t be the first act)
***Update your phone number in the CSU Directory. Please allow up 30 minutes for this change to synchronize throughout our systems.***
WHAT IF I RECEIVE AN AUTHENTICATOR MOBILE APP NOTIFICATION OR TEXT WHEN I'M NOT TRYING TO LOG IN?
This would only happen if someone else was trying to log in to your account, and that person knew your CSU password. The Authenticator mobile app notifications and text are only sent after the username and password are entered and verified. So, if this happens, two-factor authentication has just saved your account from illicit access! To report the incident, you can press the ‘Deny and Report Fraud’ button in the app and future authentication attempts will be blocked until the issue is resolved. Also, contact the HUB for additional assistance.
WHAT IF I ALREADY HAVE AN AUTHENTICATOR APP (I.E., GOOGLE AUTHENTICATOR) INSTALLED ON MY DEVICE?
If you choose to be contacted via the app, you will need to install the Microsoft Authenticator App for CSU login to be successful. You, of course, can still use your existing authenticator app as you had before for other applications. Once you have installed and setup the Microsoft Authenticator, you will not need to interact with it again or even have the App open on your device(s) in order to receive the verification prompts.