Skip to main content

Multifactor authentication - FAQ

Tampere University and TAMK

What should I do if I get a new phone?
When I try to log in to TUNI services, I am offered my O365 account from another organisation. What shall I do?
How do I register the Microsoft Authenticator app for my use if I already have text message authentication?
How do I set up MFA in another phone? 
How do I set up USB security key for my use if I already have SMS-based authentication?
Reading the QR code does not work in the application. What do I do?
Can I set up only SMS-based authentication method because I do not have a smartphone?
How do I use the USB security key if I already have text message identification?

How can I change the PIN code of the USB security key? Or what if I don't remember it?
How do I turn off usage data collection from the phone app?
What do I do if my phone breaks?
I unexpectedly received a request to accept multifactor authentication, even though I'm not logging into anything. Do I still accept the request?

What should I do if I get a new phone?

  1. Enable multifactor authentication on your new phone according to the instructions Setting up multifactor authentication.
  2. Only after this, remove the old phone from the authentication service at https://aka.ms/mfasetup

When I try to log in to TUNI services, I am offered my O365 account from another organisation. What shall I do?

You can use another browser or the browser's private mode and then log in to TUNI services with your TUNI email address. However, the option to use another browser is not always possible for an application that uses a (default) browser to log in, such as eduVPN or Zoom.

In this case, you can go to the address https://www.tuni.fi/hakalogout, which will log you out from the session. Then close the browser. Log in again, select Use another account and this way you should be able to log in with your TUNI email address.

 

How do I register the Microsoft Authenticator app for my use if I already have text message authentication?

When text message identification has already been activated, the setting up of Microsoft Authenticator app involves two phases. You will need an Android/Apple smartphone and a computer equipped with a browser, such as Edge or Google Chrome. 

Remember that TUNI personnel´s work computer must be on the TUNI-STAFF network or TUNI VPN has to be connected, if you're working off campus in order to enable multifactor authentication. When using your own personal device, you need to install eduVPN on your computer and turn it on. Read the instructions on how to get a VPN connection on your personal computer (Windows, Linux tai macOS).

1. Install the Microsoft Authenticator app on your phone

  1. Download and install the Microsoft Authenticator app on your phone from the app store. 
  2. Open the Microsoft Authenticator app after downloading. 
  3. The first time you log in, allow the collection of anonymised data when prompted to do so. You can turn off data collection later. 
  4. If prompted, select Allow to allow notifications. 
  5. Select Add a new account, Work- or school account
  6. Select Scan QR code
  7. Allow the authenticator app access to your camera to take a picture of the QR code in the next phase. 
  8. The app waits for a QR code to add your TUNI account to the Microsoft Authenticator app on your phone.
  9. Put your phone aside for a moment and go to phase 2.

NOTE! If the authentication application indicates that it is locked and asks you to enter the lock code, then use the same code that you use to unlock your phone screen/display.

2. Add your TUNI account to the Microsoft Authenticator app  

  1. With your computer, go to the web address https://aka.ms/mfasetup
  2. Log in with your TUNI email address and password.  
  3. On Security info -page click + Add a method
  4. In the drop-down menu, select Authenticator app. 
  5. The browser displays information about using the Microsoft Authenticator app. 
  6. In your browser, click Next, and a QR code appears on screen.  
  7. Take your phone and scan the provided QR code with the QR code reader of the Microsoft Authenticator app. If the authenticator application asks for a lock code, this is the lock code of the phone display.
  8. After the Microsoft Authenticator app has scanned the QR code, click Next in the browser window. 
  9. The app will send a notification to your phone as a test.  
  10. Select Approve
  11. In your browser window, click Next
  12. Then click Done
  13. Your TUNI account has now been added to the Microsoft Authenticator app on your phone.  

How do I set up MFA in another phone?

It is convenient to set up MFA also in another phone especially if you have enabled MFA on your work phone and happen to forget the phone in the workplace. 

  1. Complete the steps described in phase 1 with your other phone. (Install the Microsoft Authenticator app on your phone).  
  2. After you have completed the phase 1, the app will wait for a QR code. 
  3. Use your browser to go to the web address https://aka.ms/mfasetup
  4. If necessary, log in with your TUNI email address and password.  
  5. On Security info -page click + Add a method
  6. In the drop-down menu, select Authenticator app. 
  7. The browser displays information about using the Microsoft Authenticator app. 
  8. In your browser, click Next, and a QR code appears on screen.  
  9. Take your phone and scan the provided QR code with the QR code reader of the Microsoft Authenticator app. If the authenticator application asks for a lock code, this is the lock code of the phone display.
  10. After the Microsoft Authenticator app has scanned the QR code, click Next in the browser window. 
  11. The app will send a notification to your phone as a test.  
  12. Select Approve
  13. In your browser window, click Next
  14. Then click Done
  15. Your TUNI account has now been added to the Microsoft Authenticator app on your phone.  

How do I set up USB security key for my use if I already have SMS-based authentication?

If you already have SMS-based authentication, you can set up the USB security key using the instructions below. To get started, you will need a USB security key and a computer with a browser installed, e.g. Edge or Google Chrome. The instructions are based on the Yubikey Security Key U2F FIDO2 NFC key produced by Yubico. You can also use security keys from other manufacturers, but we do not provide support for their use.

Please remember that the TUNI personnel´s work computer must be on the TUNI-STAFF network or TUNI VPN has to be connected, if you're working off campus in order to enable multifactor authentication. When using your own personal device, you need to install eduVPN on your computer and turn it on. Read the instructions on how to get a VPN connection on your personal computer (Windows, Linux tai macOS).

  1. Open the address: https://aka.ms/mfasetup in your computer browser.
  2. Log in using your TUNI email address password.
  3. On the Security info page, click the + Add method button.
  4. Select Security key from the drop-down menu and click the Add button.
  5. Select USB device as the type of USB security key (access key) you own.
  6. You will be prompted to insert your security key into your USB port when you select next. So put the USB security key into your computer's USB port.
  7. Click the Next button in the Security Key notification window on your computer.
  8. You can close the QR code that appeared on your screen by selecting Use a different device
  9. In the Create a passkey window that opens, select Windows Hello or external security key
  10.  Select Ok in the Security key setup window.
  11.  The browser opens a new small window where you can set a PIN code for the USB road safety key. The PIN code must be at least four digits long.
  12. After you have set the PIN code, click the OK button.
  13. The USB security key light will flash. Press the flashing light.
  14. The browser opens a new window where you can name your security key. Once I have named your key, click the Next button.
  15. The USB security key is now ready to use.

 

Reading the QR code does not work in the application. What do I do?

If you cannot read the QR code in the application, you can link your account and authentication manually.

  1. Open the following address in your computer browser https://aka.ms/mfasetup
  2. When necessary, sign in by using your TUNI email and password.
  3. On Security info -page click the + Add a method button.
  4. Choose the Authenticator app from the drop-down menu.
  5. Next, the browser introduces you to using Microsoft Authenticator.
  6. Move forward in the browser by clicking Next in the place where the QR code will appear.
  7. Click the link below the QR code: Can’t scan image?
  8. The code and URL provided in the Microsoft Authenticator app will appear on the page.
  9. Leave the browser open, pick up the phone, and open the Microsoft Authenticator application.
  10. Press the plus button (add account) in the top bar of the application.
  11. Select Work or school account and the QR code reader will open.
  12. Below the reader you will see the link Or enter code manually, press the link.
  13. The application will ask for the connection code as well as the website address.
  14. Check the required information in the browser, add it to the required text fields in the application and press the Finish button in the application.
  15. Click the Next button in the computer browser.
  16. You will receive a test authentication request on your phone.
  17. Click Approve to confirm the authentication.
  18. Click Next in the computer browser to move forward.
  19. Click the Done button in your browser.
  20. The connection between the TUNI account and the phone application is now complete.

Can I set up only SMS-based authentication method because I do not have a smartphone?

We recommend using a more secure USB security key, as SMS recognition is vulnerable to security attacks (e.g. phishing and network traffic capture).

See the instructions: Setting up TUNI multifactor authentication if you don't have a smartphone

How can I enable SMS-based MFA if I have already installed the Microsoft Authenticator app on my phone? 

  1. Use your browser to go to the web address https://aka.ms/mfasetup
  2. If necessary, log in with your TUNI email address and password. 
  3. Click Add a method
  4. In the drop-down menu, select Phone
  5. In the drop-down menu, select country code and type the rest of your phone number in the provided field.  
  6. Click Next
  7. You will receive an SMS containing a numeric code.  
  8. Enter this code in the field displayed in your web browser. 
  9. In your browser, click Done
  10. Your TUNI account has now been connected to your phone number.  

How do I use the USB security key if I already have text message identification?

When you have text message recognition already enabled, you can use the USB security key using the above instructions. For commissioning, you need a USB security key and a computer with a browser installed, e.g. Edge or Google Chrome. The commissioning instructions are based on the use of the Yubikey Security Key U2F FIDO2 NFC key manufactured by Yubico. You can also use security keys from other manufacturers, but we do not offer support for their use.

Please remember that the computer of TUNI staff must be in the TUNI-STAFF network or in remote working with TUNI VPN connected and turned on. When using your own personal device, use eduVPN. Instructions for using a VPN connection on a personal computer (Windows, Linux or macOS).

  1. Open the address: https://aka.ms/mfasetup in your computer browser
  2. If necessary, log in using your TUNI email and password.
  3. On the Security information page, click the + Add a method button.
  4. Select Security key from the drop-down menu and click the Add button.
  5. Select a USB device
  6. You will receive a notification prompting you to insert your security key into your USB port. Select Next
  7. Connect the USB security key to your computer's USB port.
  8. You can close the QR code opened in the browser by selecting Use a different device.
  9. In the Create a passkey window that opens, select Windows Hello or external security key.
  10. Select OK in the Continue setup window
  11. The browser opens a new small window where you can set a PIN code for your USB security key. The PIN code must be at least four digits long.
  12. Once you have created the PIN code, click the OK button.
  13. The USB security key light will start flashing, press your finger on the flashing light.
  14. The browser opens a new window where you can name your security key. After I have given your key a name, click the Next button.
  15. The USB security key deployment is now complete!

How can I change the PIN code of the USB security key? Or what if I don't remember it?

To change the PIN code of the USB security key, you need a computer and your USB security key.

  1. Insert your USB security key into a USB port on your computer.
  2. On a Windows computer, click the Search icon next to the Start button.
  3. In the field that opens, write Sign-in options and select Sign-in options (System settings).
  4. Select Security Key from the menu and click Manage.
  5. After this, you will receive the notification "Touch your security key". Touch the security key button on the computer's USB port with your finger.
  6. A window opens on your computer screen from which you can change the PIN code of the security key (Security Key PIN) or reset its settings (Reset Security Key).
  7. If you have forgotten the PIN code of your security key, select Reset Security Key, then the settings and rights of your security key will be deleted and you can use the security key again.

How do I turn off usage data collection from the phone app?

  1. Open the Microsoft Authenticator application.
  2. Press the main menu button in the top bar.
  3. Click Settings.
  4. Deselect the slider under the Usage data heading.


What do I do if my phone breaks?

Multifactor authentication does not send authentication queries continuously, so if your phone breaks, TUNI electronic services will not be blocked immediately. It is recommended that everyone use SMS authentication as a secondary authentication method. In this case, if the phone is broken, you can transfer the SIM card from your broken phone to just any old phone that can receive text messages.

However, if this is not possible, we recommend contacting the IT Helpdesk.
 

I unexpectedly received a request to accept multifactor authentication, even though I'm not logging into anything. Do I still accept the request?

Glad you were careful! Do not accept the request on your phone if you receive an authentication request and you are not logging into the service yourself. The request for approval may be related to a scam where someone has phished your password. Contact the IT Helpdesk if the situation recurs.

 

IT Helpdesk
0294 520 500
it-helpdesk [at] tuni.fi (it-helpdesk[at]tuni[dot]fi)
helpdesk.tuni.fi

 

Published: 19.2.2021
Updated: 14.2.2024