The information in this article can be downloaded for printing out:

Multi-factor authentication (PDF 1MB)

About multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a security mechanism that requires you to provide two or more pieces of evidence to authenticate your identity. For example, logging in to a website at home may also require you to approve the access via an app on your mobile phone or to enter a code sent to it. This provides an additional layer of security to ensure your account is not compromised.

MFA and Office 365

Access to Office 365 outside of the University network requires a second form of identification using a mobile device. An authenticator app should be downloaded to your mobile phone, or if this is not possible, an authentication code can be sent to you via SMS.

You will need to set up MFA when you first log in to Office 365. After setting it up, make sure your mobile phone is available nearby when you sign in to Office 365 in case you need to reconfirm your identity.

Once MFA is set up on your mobile phone, your ongoing access to Office 365 will be linked to it.

If you lose or replace your phone, you will need to contact AskOtago for assistance: Tel +64 3 479 7000 or 0800 80 80 98 Email

Multi-factor authentication (MFA) methods

During the MFA setup process, Microsoft will ask “How should we contact you?” [to perform MFA checks as you log in]. The two methods used by the University of Otago are:

Mobile app (preferred): Download the “Microsoft Authenticator” app to your mobile phone. When you sign in to Office 365, Microsoft will request a one-time code from the app or will send the app a “please approve this login” message for you to approve.

Authentication via mobile phone: If you are unable to use the authenticator app, Microsoft can send an SMS (TXT) code to your mobile phone for you to enter on the Office 365 login page.

The University’s Cyber Security Team strongly recommends that you use the “Microsoft Authenticator” app on your mobile phone as your MFA method, as it provides the highest level of security for your account and University of Otago data.

The University of Otago recommends the following MFA options in order of preference:

Staff Students
Microsoft Authenticator on University-owned/personal mobile device Microsoft Authenticator on University-owned/personal mobile device
SMS/phone call to University-owned/personal mobile device SMS/phone call to University-owned/personal mobile device
Authy application installed on your own laptop (i.e. not a shared device) Authy application installed on your own laptop (i.e. not a shared device)
Token2 Physical Key if none of the above are suitable  


Setting up the Microsoft Authenticator App on an iPhone

  1. Open your App Store, search for Microsoft Authenticator, download it, and open it.

    Microsoft Authenticator in the App store

  2. When prompted, choose to Allow notifications and tap OK on the screen that mentions data gathering.

    Setting up Microsoft Authenticator - notifications allowed Setting up Microsoft Authenticator - allow data gathering
  3. Tap the Skip link at the bottom until you get to the screen asking if you are Here for work? On that screen, tap Add work account.

    Setting up Microsoft Authenticator - here for work? screen

Setting up MFA on campus

Sign in to Office 365 for the first time using your University of Otago email address and password. Then go to the MFA set-up page and follow the instructions:

You can also see these instructions from step 9 in the off-campus section below.

The following Microsoft video will guide you through the steps:

How to register for Azure Multi-Factor Authentication

Setting up multi-factor authentication from off-campus/at home

  1. Open a new web browser session with no other tabs running. You don’t need to use the University’s VPN Service to access Office 365 online when you are off-campus. Go to the Office 365 sign in page and click the Sign in button.

    Front page of Office 365

  2. Enter your University of Otago email address, then press the Next button.

    Sign in to Office 365 with your staff email address

  3. If you are presented with a choice of accounts to sign in to (as shown here), select Work or School account.

    Choose which account to use with Office 365
  4. Enter your University of Otago username and password, then click Sign in.

    Sign in page for ADFS at the University
  5. In the More Information required window, press Next.

    More information required page in Office 365
  6. In Step 1: How should we contact you? use the drop-down option to change it to Mobile App.

    How should we contact you page in Office 365

  7. Select the Use verification code radio button and click Set up.

    Additional security verification page in Office 365

  8. This will bring up the Configure mobile app window displaying a QR code. Leave this window open and go to your mobile phone.

    Configure mobile app page in Office 365

  9. Hold your phone camera over the QR code displayed on your computer to scan it.

    Scanning QR code on your phone

  10. The mobile app setup is now complete, so click the Next button on your computer.

    Additional security verification in Office 365 - moving on with setup
  11. Add your mobile phone number as a back-up and click Finished.

    Adding your mobile phone number in Office 365
  12. You will be prompted to sign in to Office 365 again. (Note that there is a link allowing you to Sign in another way. This can be used to send you an SMS if you have difficulty with the authenticator.)

    Approve sign-in request in Office 365
  13. Signing in will send a notification to your phone. Approve this on your phone. (Remember that your phone needs mobile data or Wi-Fi switched on and notifications enabled for the Microsoft Authenticator app so that it can receive the notification).

    Approving your sign-in on Microsoft Authenticator
  14. You can also tick the box on the prompt to stay signed in while your computer is on.

    Staying signed in in Office 365
  15. You will see a page showing that you have set up all the security features. You can close this tab and return to Office 365.

    Confirmation of security features page in Office 365

Updating your preferred MFA verification method

If you have previously set up MFA to send an SMS for verification, and now want to change your preferred verification method to use the Microsoft Authenticator app, go to the MFA setup page:

Click on the Sign in another way link and follow the instructions above to set up the Microsoft Authenticator app as your preferred verification method.

Resetting your MFA configuration

If you experience any issues with your installed MFA and need to start again, please contact AskOtago for assistance:

Tel +64 3 479 7000 or 0800 80 80 98

Last updated 24/06/2021 04.27 PM

Did this answer your question?