Multi-Factor Authentication (MFA)

ABOUT THIS SERVICE

SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code). 

By using MFA, your digital identity, data, and access to systems are still protected even if your password is compromised.

Who needs to set up MFA?

MFA enrollment is required for the following SFU computing accounts:

  • Faculty and staff (including TAs and RAs)
  • New SFU students (required to enroll in MFA by the end of your first semester)
  • Sponsored accounts
All other existing accounts who haven't enrolled in MFA, including some current students, alumni, and retirees will be required to enroll in MFA at a later date.
 
Note that some SFU online services require enrollment in MFA as a condition of access, regardless of whether your type of account is generally required to enroll in MFA. We recommend that all SFU users set up MFA to ensure you continue to have access to SFU services.
WHICH SFU APPLICATIONS ARE PROTECTED BY MFA?

Currently, MFA at SFU is implemented for web applications that use SFU's Central Authentication Service (CAS) for authentication. You will be prompted for your MFA code when you sign into most web applications and/or services at SFU, including:

CAS-PROTECTED WEB APPLICATIONS

  • goSFU, Canvas
  • FINS, myINFO
  • SFU Mail (via a browser)
  • Zoom
  • Microsoft 365 (via web portal)
  • SharePoint
  • AEM (author.sfu.ca)
  • SFU Maillist (maillist.sfu.ca)
  • Research Ethics Application system (Kuali)
  • Off-campus access to Library resources

OTHER SERVICES (NON-BROWSER)

  • SFU VPN
  • Remote Desktop

Note: Future services at SFU will require you to be enrolled in MFA. More details will be announced with the new services.

DO I NEED TO HAVE CELLULAR SERVICE OR DATA COVERAGE TO USE THE MFA APPLCATIONS?

No; Aside from the initial app download, TOTP MFA applications do not require any internet connection, cell service, or data coverage to display the MFA codes.

Note: TOTP (Time-based One-time Password) protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.

Learn about MFA

 

SET UP MFA

The initial setup includes three parts which will take approximately 5 minutes.

Set Up MFA

Have different needs? Here are some role-specific guides:

MANAGE MFA SETTINGS

You can manage the following MFA settings using the  SFU MFA Management App:

Manage Your MFA

 

RESOURCES

FAQ

How-to guides

 

 
Get Help with Log in Report Technical Issue Request Hardware Token (Staff and Faculty Only)

Related Articles (12)

If you wish to switch to a different mobile device for multi-factor authentication, follow the instructions outlined below to add your new device, then remove your old MFA device.
This article describes some additional preferences you can set on the SFU MFA Management App for a better MFA experience.
Frequently asked questions about Multi-Factor Authentication.
his page is designed to recommend practices for multi-device registration with SFU MFA. Multi-device registration refers to registering more than one device for MFA with your SFU account, and all the devices registered will display the same six-digit MFA code, or TOTP (Time-based One-Time Password).
This article is designed to provide you with a guide to enrol a sponsored account into MFA.
This article is designed to provide students with a high-level summary of the MFA enrollment.
This article outlines an overview on the device you are planning to use for MFA.
This article outlines the 3 parts needed to set up your hardware token for MFA.
This article outlines the 3 parts needed to set up your mobile device for MFA, and it should only take approximately 5 minutes.
You can manage your 8-digit emergency login codes on the SFU Management App. Follow the instructions outlined below to view or generate emergency login codes.
Trusted browsers are the browsers you authenticated to "remember me for 7 days" at the MFA login. You can manage your trusted browsers on the SFU Management App. Follow the instructions outlined below to view or delete trusted browsers.
Want to learn more about multi-factor authentication? Visit this article to learn more details.

Service Offerings (3)

MFA - Get Help with Log in
Need help accessing your MFA codes? Connect with our team for support.
MFA - Report Technical Issue
Experiencing technical issues with the MFA service? Connect with our team for support.
Request Hardware Token (Staff and Faculty Only)
IT Services will provide a hardware token to faculty and staff who cannot or do not wish to use a mobile device for any reason for their SFU staff/faculty account. However, we recommend using a mobile device for the best experience.