Multi-Factor Authentication

ABOUT THIS SERVICE

SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code). 

By using MFA, your digital identity, data, and access to systems are still protected even if your password is compromised.

Who needs to set up MFA?

MFA enrollment is required for all faculty, staff and students.

  • All faculty and staff at SFU are required to enroll in MFA. If you are a new employee (including TAs and RAs), enroll in MFA as soon as possible to maintain your access to SFU online services.
  • All new students are required to enroll in MFA by the end of your first semester. We recommend you visit the student guide and enroll early to maintain your access to SFU online services.
  • All sponsored accounts will be required to enroll in MFA by March 31, 2022. We recommend enrolling early to maintain your access to SFU online services. Sponsored account users should visit the sponsored account MFA page for details.
  • All retirees will be required to enroll in MFA by June 30, 2022. We recommend that you enroll in MFA as soon as possible to maintain your access to SFU online services.
  • All other accounts, including current students and alumni will be required to enroll in MFA during 2022 (finalized dates are pending).
WHICH SFU APPLICATIONS ARE PROTECTED BY MFA?

Currently, MFA at SFU is implemented for web applications that use SFU's Central Authentication Service (CAS) for authentication. You will be prompted for your MFA code when you sign into most web applications and/or services at SFU, including:

CAS-PROTECTED WEB APPLICATIONS

  • goSFU, Canvas
  • FINS, myINFO
  • SFU Mail (via a browser)
  • Zoom
  • Microsoft 365 (via web portal)
  • SharePoint
  • AEM (author.sfu.ca)
  • SFU Maillist (maillist.sfu.ca)
  • Research Ethics Application system (Kuali)

OTHER SERVICES (NON-BROWSER)

  • SFU VPN
  • Remote Desktop

Note: Future services at SFU will require you to be enrolled in MFA. More details will be announced with the new services.

DO I NEED TO HAVE CELLULAR SERVICE OR DATA COVERAGE TO USE THE MFA APPLCATIONS?

No; Aside from the initial app download, TOTP MFA applications do not require any internet connection, cell service, or data coverage to display the MFA codes.

Note: TOTP (Time-based One-time Password) protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.

Learn about MFA

 

SET UP MFA

The initial setup includes three parts which will take approximately 5 minutes.

I am a student, how do I set up?
For students who are more experienced with mobile apps, visit our Student Guide.
I am a sponsored account user, how do I set up?
For sponsored account users, visit our Sponsored Account Guide.

Set Up MFA

 

MANAGE MFA SETTINGS

You can manage the following MFA settings using the SFU MFA Management App:

  • Change your MFA device,
  • Change your MFA mobile app,
  • View or generate emergency login codes, and
  • View or remove the browsers you authenticated to “remember you”.

Manage Your MFA

 

RESOURCES

FAQ

How-to guides

 

 
Get Help with Log in Report Technical Issue Request Hardware Token - Staff and Faculty Only

Related Articles (11)

If you have a new mobile device that you would like to use for multi-factor authentication, follow these instructions to change your MFA device.
Any MFA mobile apps that support the TOTP protocol will work for MFA at SFU. If you would like to use another mobile application for MFA at SFU, follow these instructions to change your MFA mobile app.
Frequently asked questions about Multi-Factor Authentication.
This article is designed to provide you with a guide to enrol a sponsored account into MFA.
This article is designed to provide students with a high-level summary of the MFA enrollment.
This article outlines an overview on the device you are planning to use for MFA.
This article outlines the 3 parts needed to set up your hardware token for MFA.
This article outlines the 3 parts needed to set up your mobile device for MFA, and it should only take approximately 5 minutes.
You can manage your 8-digit emergency login codes on the SFU Management App. Follow the instructions outlined below to view or generate emergency login codes.
Trusted browsers are the browsers you authenticated to "remember me for 7 days" at the MFA login. You can manage your trusted browsers on the SFU Management App. Follow the instructions outlined below to view or delete trusted browsers.
Want to learn more about multi-factor authentication? Visit this article to learn more details.

Details

Service ID: 2547
Created
Tue 6/28/22 11:12 AM
Modified
Wed 9/7/22 8:20 PM
Audience
The constituents for whom the service is available (e.g., students, faculty, staff).
Staff
Faculty
Students
Alumni
Retirees
External

Service Offerings (3)

MFA - Get Help with Log in
Need help accessing your MFA codes? Connect with our team for support.
MFA - Report Technical Issue
Experiencing technical issues with the MFA service? Connect with our team for support.
Request Hardware Token - Staff and Faculty Only
IT Services will provide a hardware token to faculty and staff who cannot or do not wish to use a mobile device for any reason for their SFU staff/faculty account. However, we recommend using a mobile device for the best experience.