Dansk

VIA University College (UK)

Two-Factor Authentication

This guide is intended for students, employees and external users at VIA. It describes how to set up two-factor authentication to secure your access to VIA’s IT systems.

The purpose of two-factor authentication is to enhance information security by adding an extra layer of protection during login.

Two-factor authentication is an additional security check during login. It works by having you log in with your password and then approve the login attempt on a physical device, typically a mobile phone.

This extra check helps protect your account, even if your password were to be leaked or compromised.

At VIA, you must be able to use at least the following authentication methods:

  1. Microsoft Authenticator (an authentication app for mobile phones and tablets; this is the primary and most secure method).
  2. Phone number (a backup option allowing you to request a one-time code via SMS if the Authenticator app encounters issues).

If you have the option to set up two-factor authentication on multiple devices (mobile phones/tablets), it is a good idea to do so. This way, you won't be locked out of your account if you lose or replace your mobile phone or change your phone number.

Expand or collapse content Installation of Microsoft Authenticator

You need to have the Microsoft Authenticator app installed on the phone you intend to use as your authentication device.

If Microsoft Authenticator is already installed, skip this section and proceed directly to Setting up two-factor authentication.

If not, install Microsoft Authenticator as follows:

  1. Scan the relevant QR code below to go directly to the app's page in your app store.
  2. Download the app.
  3. Open the app.
  4. The app may ask for permission to show notifications - you should allow this.

Do not log in using your VIAmail directly within the app.

Instead, the setup process must be started from another device, and the app paired with your VIA account using a QR code – this is described in the next section.

QR-koder med link til Google Play og App Store

If you cannot download Microsoft Authenticator because your phone or tablet does not meet the requirements, please go to the section Mobile phone does not support the Microsoft Authenticator app.

Expand or collapse content Setting up two-factor authentication

The setup itself must be carried out on a computer or another device so that you can use your phone with Microsoft Authenticator to scan with.

  1. Go to one of VIA’s online systems, e.g.:
  2. Enter your VIAmail address ([email protected]) as your login.
  3. Select Next.
  1. Enter your password.
  2. Select Sign in.
  1. Select Next to begin the two-factor setup.

Method 1: Microsoft Authenticator

  1. Make sure you have Microsoft Authenticator installed on your phone.
    If you do not have the app, go to the previous section of the guide: Installation of Microsoft Authenticator.
  2. Select Next.
  1. Select Next.

A QR code is now displayed on your screen. Leave it on the screen and take out your phone.

  1. Open the Microsoft Authenticator app on your mobile phone.
    1. If this is the first time you are opening the app, allow notifications and select "Scan QR code".
    2. If you are already using Microsoft Authenticator, tap the QR code button (the round blue icon) in the bottom right corner.
  2. Use the scanner in Authenticator to scan the QR code on the screen.
  3. Once the account has been added to Authenticator on your phone, select Next.
  1. The pairing must now be tested. A two-digit number will be displayed on the computer.
  2. Enter the number into the notification that appears on your phone and press YES.
  1. Authenticator has now been added as an authentication method. Select Done.

Method 2: Phone number

You now need to set up an additional authentication method (your phone number) that can serve as a backup if there are issues with the Authenticator.

  1. Select the correct country code for your phone number (e.g., "Denmark (+45)").
  2. Enter the mobile phone number you wish to use.
  3. Select "Send a code via SMS".
  4. Select "Next".

Microsoft is now sending you an SMS with a 6-digit one-time code.

  1. Enter the code.
  2. Select Next.
  1. Once the code is confirmed, select Done.
  1. Two-factor authentication setup is now complete. Select Done to proceed to the service you chose initially (step 1).
Expand or collapse content Using Microsoft Authenticator

You may be required to use two-factor authentication when logging in to most of VIA’s systems and services.

If you are at a VIA location and connected to our network, you will generally not be required to use two-factor authentication - though this depends on the specific system you are accessing.

With VIA’s standard setup, you can authenticate in the following two ways:

Expand or collapse content Approve sign-in with Microsoft Authenticator

At VIA, you are always initially asked to perform two-factor authentication using Microsoft Authenticator. Only then can you choose other authentication methods.

Authentication via Microsoft Authenticator app involves a two-digit code being displayed after you have entered your VIAmail and password.
At the same time, you will receive a notification from the Authenticator app on your phone asking you to approve the login.

To approve the login, do the following on your phone:

  1. Open the notification.
    • If the notification does not appear, open the Microsoft Authenticator app itself instead.
  2. Enter the number displayed on your computer.
  3. Approve by tapping "Yes".

You can save your approval locally on your device for a period of time so that you are not asked to approve every subsequent login.

You do this by selecting the 'Do not ask me again for 14 days' checkbox before approving in Authenticator.

Once your approval has been registered, the login process continues automatically.

Expand or collapse content Approve login with a one-time SMS code

If you experience issues approving via Microsoft Authenticator, you can approve using a one-time code received via SMS instead.

To approve this way, do the following:

  1. Select 'I can't use my Microsoft Authenticator app right now.'
  1. Select 'Text '

Shortly, an SMS containing a 6-digit one-time code will be sent to the phone number you selected as your authentication method.

  1. Enter the one-time code.
  2. Select Verify.

You can save your approval locally on your device for a period of time so that you are not asked to approve every subsequent login.

You do this by selecting the 'Do not ask me again for 14 days' checkbox before approving in Authenticator.

Once your approval has been registered, the login process continues automatically.

Expand or collapse content Mobile phone does not support the Microsoft Authenticator app

If you do not have a smartphone, or if for some other reason you are unable to use the Microsoft Authenticator app, an exception can be made to link a YubiKey - or a similar device - to your account for two-factor authentication.

A YubiKey is a digital security key with a USB connector. To perform two-factor authentication for a login using a YubiKey, you insert the key into your computer, enter a PIN of your choice, and press a button on the key. In this way, a YubiKey can serve as the physical component of two-factor authentication, replacing, for example, a phone running the Microsoft Authenticator app.

For students and externals users

If you need a YubiKey or a similar security key, you must acquire it yourself. They can be purchased from various suppliers - such as Proshop.

Depending on which connection options you have on your computer (USB or USB-C), the following YubiKeys can be recommended:

USB-C:

USB-A:

The key must support the FIDO2 security standard. Please keep this in mind if you do not wish to follow VIA's recommendations.

Once you have obtained a YubiKey or a similar FIDO2 security key, please contact IT and digitalisation at [email protected] and state that you wish to use it for two-factor authentication at VIA.
We will then enable the option to link the key to your user account and contact you to assist with the setup.

For employees

If you are an employee who has not been issued a smartphone by VIA, and you either cannot or do not wish to use a personal phone with Microsoft Authenticator for two-factor authentication, IT and digitalisation can provide a YubiKey. Contact IT and digitalisation at [email protected]

Expand or collapse content Add or remove authentication methods

If you wish to set up an additional device (e.g., a tablet) for two-factor authentication, you can certainly do so—and we actually recommend it whenever possible. This simply requires that you have already set up another device capable of approving your logins.

You can also remove authentication devices that are no longer in use—for example, if you change your mobile phone or phone number.

  1. Go to http://mysignins.microsoft.com/security-info.
  2. Log in as usual. Two-factor authentication is mandatory in this case, even if you are on VIA's network.

You can now see the sign-in methods currently set up for your account.

  1. To delete an authentication method, select 'Delete' next to the method in question.

There must always be at least one device with Microsoft Authenticator linked to your account.

  1. To add a new authentication method, select 'Add sign-in method'.

After selecting 'Add sign-in method', you can choose from a range of different authentication types. The list may vary depending on your current setup.

  1. To set up the Authenticator app on an additional device, select 'Microsoft Authenticator'.
  2. If you have deleted your initial phone number, you can add a new one by selecting 'Phone'.

The 'Alternative phone number' and 'Work phone number' options cannot be used for SMS-based approval. Instead, you will receive a call from an automated Microsoft system - which may feel somewhat intrusive compared to a simple text message - asking you to approve your login attempt by pressing a specific key on your phone.

Expand or collapse content Two-factor authentication is not working / I have lost my phone

If you have lost the ability to use two-factor authentication, IT and digitalisation can help you regain access to your account. This might be because you have:

  • lost your phone,
  • accidentally deleted Microsoft Authenticator, or
  • gotten a new phone that hasn't been set up as an authentication device.

If you still have access to your phone number (and can receive an SMS), you can add a new phone or delete and re-configure your current one yourself.

See "Approve login with one-time SMS code" and "Add or remove authentication methods" for details.

If you have no way to approve logins at all, you must email [email protected] to have your two-factor settings reset centrally. Once the reset has been performed, you will need to set everything up again. See "Setting up two-factor authentication."

Previous Article MindView 9 - installation
Next Article CLO3D in the cloud