Multifactor Authentication (MFA)
To help protect your account, multifactor authentication (MFA) is mandatory to access the various systems of Université Laval. MFA makes it possible to validate an individual’s identity during the authentication process on a ULaval system. The purpose of this is to provide increased security for the account and computer systems.
MFA is required in the following situations:
- for every login to the ULaval VPN client;
- for every login to monPortail;
- for every login to the Web version of Office 365 (email, Office 365 portal including Teams and Azure);
- upon activation of the Office 365 installed on a computer.
- the Teams application may also require identity validation when logging in.
Good to Know
- MFA cannot be deactivated.
- The use of at least two different methods is highly recommended (one on your mobile device and another on your main computer).
- The APTI Help Desk recommends the use of Microsoft Authenticator as the primary method.
- Identity validation applications other than those presented on this page may also be used.
- The APTI Help Desk only provides support for the validation methods presented on this page.
How to Configure MFA
If you want to configure MFA, you can choose any of the methods indicated below:
By selecting this option, you will receive all identity validation requests directly in Microsoft Authenticator. This is much simpler and quicker than by phone. However, you will need to have your mobile device handy and install Microsoft Authenticator on it.
Having a cellular or data plan is not necessary. If you have access to Internet at the various locations where you will need to use MFA, the wireless network on the mobile device is enough. Authenticator can also be used offline, with no Internet access.
If you have already configured MFA for your account, follow the steps indicated in Adding another validation method with Microsoft Authenticator.
- Install the Microsoft Authenticator app on your mobile device.
IMPORTANT – Click on the link for your mobile device model: - Once installed, launch Microsoft Authenticator and agree to the terms of use.
If you have configured a security code for your mobile device, you may be asked to enter it. - If you are asked to add an account, click on Scan a QR code.
Otherwise, click on + and then on Professional or school account. Then, click on Scan a QR code. Your mobile device is ready to scan the QR code.
NOTE – The use of a computer is recommended to complete the following steps. - In your preferred Web browser, navigate to the Office 365 portal: portal.office.com
- Sign in:
- Username: IDUL@ulaval.ca
- Password: PIN
- The window More information required appears. Click on Next.
- The next window offers to install the Microsoft Authenticator app. Click on Next.
- Click on Next a second time to start the configuration. On the following page, a unique QR code for your account appears.
- In Microsoft Authenticator on your mobile device, at the Scan a QR code step, scan the QR code displayed on the webpage.
NOTE – You may have to allow Microsoft Authenticator to access your mobile device’s camera. - After the scan, your ULaval account should be added in Microsoft Authenticator.
- Back on the QR code webpage in your Web browser, click on Next.
- You should receive an identity validation request in Microsoft Authenticator on your mobile device.
- Write the number appearing on the Web page to approve the connection, then click on Yes (or on the check box).
- Once done, Microsoft Authenticator is configured and ready to use. Click on Finish.
If you have not configured any validation methods, follow the steps presented in Configuring Microsoft Authenticator at the first login.
- Install the Microsoft Authenticator app on your mobile device.
IMPORTANT – Click on the link for your mobile device model: - Once installed, launch Microsoft Authenticator and agree to the terms of use.
If you have configured a security code for your mobile device, you may be asked to enter it. - If you are asked to add an account, click on Scan a QR code.
- Otherwise, click on + and then on Word or school account.
- Click on Log in.
- Sign in:
- Username: IDUL@ulaval.ca
- Password: PIN
- Validate your identity for MFA.
- Once done, Microsoft Authenticator is configured and ready to use. Click on Finish.
If you have configured more than one validation method, you can Set or Change your default method by following the instructions provided below.
When you are asked to validate your identity with Microsoft Authenticator:
- A notification will appear in Microsoft Authenticator on your mobile device.
- Open Microsoft Authenticator. If you have configured a security code for your mobile device, you may be asked to enter it.
- Write the number appearing on the Web page to approve the connection, then click on Yes (or on the check box). If you have configured a security code for your mobile device, you may be asked to enter it.
- The connection will be authorized.
and pasting it in OTP Manager.Commons Tips for All Methods
It is important that you select a validation method that is appropriate for your situation.
- In your preferred Web browser, navigate to the Office 365 portal at portal.office.com
- Sign in:
- Username: IDUL@ulaval.ca
- Password: PIN
- Validate your identity if you are asked to do so.
- Once you are logged in, click on your Name in the upper right-hand corner and click on View Account.
A new tab will open. - In the Security info section, click on Update info.
- Your default login method will be displayed in the default Login Method section.
- To change it, click on Edit.
- A dialog box will open. Select the new method from the list.
NOTE – The list displays all of the methods that have been configured for your account. - Click on Confirm. Your default validation method has been configured.
If you are unable to use your default method (i.e., home phone), you can use another method (i.e., office phone), if you have set more than one method.
First, you must configure your other validation methods, as adding a new method requires validation of your identity with the default method.
IMPORTANT – The default method will be used first. As a result, you may receive the application notification or the automated call from your default method.
1. Upon login, the following window should appear to validate your identity.
2. Click on «I can’t use…»
The name of the default method will be different from the one indicated in the image above.
3. You will then have the option of selecting another previously configured method to validate your identity. Select the method you want to use.
The available methods will be different from those indicated in the image above.
- Follow the steps to validate your identity.
It is recommended that you use a mobile device to validate your identity with MFA for the following reasons:
- The mobile device is usually always with you. If you need to validate your identity from various locations, this is the simplest and most efficient way to do so.
- You do not need to have a cell phone or data plan to validate your identity unless you intend to receive calls.
- Microsoft Authenticator can be used Offline, without Internet access.
- Microsoft Authenticator is really much simpler, quicker and more efficient than any other method.
However, if you don’t have a mobile device, you can validate your identity from several locations, but doing so will be more complicated and could require the intervention of a friend or relative.
Scenario #1: You have a laptop computer
With a laptop computer, we recommend installing and using OTP Manager on your laptop and always have it with you. Given that OTP Manager is installed from the Microsoft Store, you do not need administrator rights to install it. However, if applications from the Microsoft Store have been deactivated or rejected by your organization, you will have to contact your organization’s IT department.
To install and configure OTP Manager, follow the steps outlined in the OTP Manager section.
Scenario #2: You don’t have a laptop computer
This scenario is the most problematic, as it involves using landline phones to validate your identity. Since your default validation method is a landline phone and your only other option is to add another landline phone at another location, you will have to use both phones during the procedure:
- The default method to log into your Microsoft portal to add the new phone.
- The new landline phone added to validate the configuration.
Once the landline phones have been added to your validation methods, you can use them by following the steps indicated in the section How can I use another validation method if I am unable to use my default method?
Official Université Laval webpage (in French only): ulaval.ca/cybersecurite/authentification-multifactorielle