Microsoft MFA and SSPR - First Time Setup with NEOMED Hardware Token

Body

Introduction

These instructions will walk you through setting up Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) on your NEOMED account with the use of a hardware token. You will be prompted to set up your security information immediately after you sign in to your NEOMED Microsoft 365 account (e.g., logins to Outlook on the web, the NEOMED Success Center, VPN, or any other service that uses Microsoft authentication).

These instructions presume you have read the Knowledge Base article Microsoft MFA and SSPR – What is it?

What is needed for setup

  • Approximately 5-10 minutes to complete the registration process
  • The new NEOMED hardware token
  • Access to a desktop or laptop 
  • Access to your office phone, your mobile phone, or non-NEOMED email address
  • Internet Access

MFA/SSPR Setup Instructions

For MFA and SSPR, you need to register two (2) methods for MFA and SSPR; however, the NEOMED hardware token has been pre-configured with your account and will be used for your primary method of authentication. Therefore, you will only need to register one additional method in your setup. This additional method will serve as a second verification method for Self-Service Password Reset (when you change/reset your password, two different verification methods are required.)

  1. Sign into your NEOMED Microsoft account with your email address and password.
  2. After entering your password, you will then be prompted to type in the code displayed on your authenticator app from your device. This is referring to your NEOMED hardware token, not the Microsoft authenticator app.

  1. Using your hardware token, press the Power symbol on the front of the token. This will display a six (6) digit code. Every 30 seconds, this code changes (indicated by the decreased horizontal bars you will see to the left of the 6-digit code).
  2. Enter the 6-digit code from your token on the window where it states Code. Then click Verify.
  3. You will then see another prompt requiring more information. Select Next. This will then walk you through the setup of your additional method needed for SSPR.

  1. A Keep your account secure wizard appears. This is where you will configure your second method of authentication.

You will see a couple of things on this page:

  1. You will see that at the top of the page, you are on Method 2 of 2 with the App icon having a green check mark. This signifies that your hardware token has been registered and configured as the first method for your account already. You now only need to setup a 2nd method.
  2. The second method will default to the phone (SMS text message or call) authentication option. This is because the phone authentication option can be used as an alternative login method in case you lose access to your token. The other methods (non-NEOMED email or Security questions) cannot be used for login/MFA purposes, only Self-Service Password Reset.
    • If you choose to use a different secondary method (i.e., non-NEOMED email or security questions), select the “I want to set up a different method" link at the bottom-left of the page.

Depending on which secondary method you prefer to use, please refer to the respective instructions below. You will only setup one of these additional methods, not all, so please refer to the method you would like to configure.

2nd Method Setup – Phone (Mobile or Office Number)

  1. On the Phone method set up page, choose whether you want to receive a text message or a phone call.
    • For the Text me a code option, you will need access to your mobile device.
    • If you select the Call me option, you must use a phone number that you can answer when prompted. This phone number could be your mobile phone number or your office phone number.

  1. Enter the desired phone number (including the area code) and choose your notification method (Text or Call). Then select Next.
  2. Depending on your selection, you will receive a text message or a phone call with additional instructions.
    • For the Text me a code option, enter the code provided by the text message sent to your mobile device, then select Verify. Review the Phone method success message, then select Next.

Success message

  • For the Call Me option, you will receive a phone call with a voice prompt to complete verification. Follow the appropriate prompts when the call is received. Select Next if prompted.

4. Review the Success page to verify that you have successfully set up two (2) methods, one of which shows your token (listed as Microsoft Authenticator, followed by Token) and the phone method you established. Additionally, it will show that your hardware token is established as your default sign-in method. Once reviewed, select Done.

5. You will then complete your login to the service you were originally accessing. You may be prompted to Stay Signed In; by selecting Yes, you will receive reduced/no additional multi-factor authentication prompts when trying to access another service during your web browsing session.

Congratulations! By completing this setup, your NEOMED account is now registered in Microsoft Multi-Factor Authentication (MFA) as well as the Microsoft Self-Service Password Reset (SSPR) service with the hardware token as your default additional authentication factor.

Please scroll down to review the Login Example, Set Additional Authentication Methods, Change Default MFA Sign-in Method, and Change/Reset Your Password sections at the conclusion of this article before closing these instructions. You do not need to complete the other 2nd method setup instructions.

2nd Method Setup – Email (Non-NEOMED account)

  1. On the Phone method page, select I want to set up a different method on the bottom-left of the screen. Then select Email and then Confirm.

  1. You will be directed to the Email registration page. Enter a non-NEOMED email address for which you can access easily. It is important to use a non-NEOMED email address as if your account is locked or you need to login through this alternate method, you will be unable to access your NEOMED email account to do so. Once entered, select Next.

  1. The email address you entered will receive an email from Microsoft on behalf of Northeast Ohio Medical University containing a six (6) digit code.

  1. Retrieve the 6-digit code from the email address entered in the previous step and enter the code on the webpage. Then select Next.

  1. Review the Success page to verify that you have successfully set up two (2) methods, one of which show your token (listed as Microsoft Authenticator, followed by Token) and the email you configured. Additionally, it will show that your hardware token is established as your default sign-in method. Once reviewed, select Done.

  1. You will then complete your login to the service you were originally accessing. You may be prompted to Stay Signed In; by selecting Yes, you will receive reduced/no additional multi-factor authentication prompts when trying to access another service during your web browsing session.

Congratulations! By completing this setup, your NEOMED account is now registered in Microsoft Multi-Factor Authentication (MFA) as well as the Microsoft Self-Service Password Reset (SSPR) service with the hardware token as your default additional authentication factor.

Please scroll down to review the Login Example, Set Additional Authentication Methods, Change Default MFA Sign-in Method, and Change/Reset Your Password sections at the conclusion of this article before closing these instructions. You do not need to complete the other 2nd method setup instructions.

2nd Method Setup – Security Questions

  1. On the Phone method set up page, select I want to set up a different method on the bottom-left of the screen. Then select Security questions and then Confirm.

  1. You will be directed to the Security Questions registration page where you will select four (4) security questions to which you will provide responses.

  1. Select four questions and provide corresponding responses that you will be able to recall if needed. Once all questions and responses have been entered, select Done.

  1. Review the Success page to verify that you have successfully set up two (2) methods, one of which show your token (listed as Microsoft Authenticator, followed by Token) and the other being security questions (it will not show all four questions here.) Additionally, it will show that your hardware token is established as your default sign-in method. Once reviewed, select Done.

  1. You will then complete your login to the service you were originally accessing. You may be prompted to Stay Signed In; by selecting Yes, you will receive reduced/no additional multi-factor authentication prompts when trying to access another service during your web browsing session.

Congratulations! By completing this setup, your NEOMED account is now registered in Microsoft Multi-Factor Authentication (MFA) as well as the Microsoft Self-Service Password Reset (SSPR) service with the hardware token as your default additional authentication factor.

Please scroll down to review the Login Example, Set Additional Authentication Methods, Change Default MFA Sign-in Method, and Change/Reset Your Password sections at the conclusion of this article before closing these instructions. You do not need to complete the other 2nd method setup instructions.

Login Example

Upon subsequent logins to a Microsoft 365 service or system configured to authenticate with Microsoft single sign on, you will authenticate with the hardware token. The example below shows the login experience with the hardware token as the primary/default method and phone as the alternative method.

Because the Phone method can be used for login/MFA purposes, if you run into issues with using the hardware token to login, you can utilize the additional method you established in setup by clicking the Sign in another way link.

 

If you established a non-NEOMED email address or security questions as your additional method, you will not see the Sign in another way link and must use the hardware token to login. If you would like to add the Phone method after logging in, please see the Set additional authentication methods section below.

 If you encounter issues with signing-in, please refer to the Microsoft Can't sign in to your Microsoft account article.

Set additional authentication methods

It is strongly recommended that after you complete this initial setup, you should configure additional authentication methods (referred to as security information). Please refer to the Knowledge Base article Microsoft MFA and SSPR – Set Additional Authentication Methods for instructions on how to do this.

Change default MFA sign-in method

If you would like to change your default MFA sign-in method, please refer to the Knowledge Base article Microsoft MFA and SSPR – Change Default MFA Sign-in Method.

Change/reset your password and unlock your account

Additionally, by completing this setup, you can now utilize the Microsoft Self-Service Password Reset (SSPR) solution. This solution allows you to change or reset your NEOMED email password as well as unlocking your account if it gets locked (your account becomes unlocked once you change/reset your password.) Once changed, your password can be used almost immediately. You can manage your password from a desktop/laptop or your mobile device.

Please see the Knowledge Base articles below for instructions on using the SSPR service:

Details

Details

Article ID: 131957
Created
Thu 5/6/21 2:34 PM
Modified
Thu 6/24/21 12:40 PM

Related Articles

Related Articles (5)

This article provides step-by-step instructions on how to change your password (i.e., you know your existing password and want to change it)
This article provides step-by-step instructions on how to reset your password as part of the Microsoft 365 Self-Service Password Reset (SSPR). These instructions should be used if you no longer remember your password and need to set it to a new password or your account has become locked due to too many log in attempts.