What is Multi-Factor Authentication
Multi-Factor Authentication (MFA) adds a layer of protection on top of your username and password when you access LSHTM resources. Once it’s been set up it is easy to use and provides increased protection against your account and LSHTM IT systems.
Why it’s important to use MFA
Using just a username and password is no longer enough to secure your account, there have been a number of cyber attacks against universities in the UK that have brought significant disruption to their teaching and research operations. We’re also increasingly expected by funders, collaborators, government and our insurers to have measures of this sort in place.
Which services will be protected with MFA
When you are working remotely you will need to use MFA in addition to your username and password to access all services including Office 365, Horizon and LSHTM web applications.
Setting up Multi-Factor Authentication
The smartphone app provides MFA by sending you a message on your phone/tablet via the app to accept or decline the authentication. It also provides offline authentication where you manually type a six digit number when your device has no cellular/wifi coverage.
The smartphone app will require you to set a pin and can optionally use fingerprints. This will be required when opening the app.
Step 1: Install smartphone app on your device
Download and install the NetIQ Advanced Authentication app to your smart device from your app store:
First time you launch the app, it will ask you to set up a PIN (6 digits) to access the device.
You can also set it up to login using your fingerprint (not available on some devices). Go to the menu button in the top left of the app, click on the settings and turn on the fingerprint option.
Step 2: Guided enrolment of the app as an MFA token
Using the browser on your smartphone go to https://aaf.am.lshtm.ac.uk/smartphone/enroll (you may find it useful to email yourself this link and access via email on your phone).
You will be directed to the smartphone app and prompted for your LSHTM username and password. The app will then automatically enrol for you.
Manual setup (alternative method)
If you experience difficulties or would prefer to carry out step 2 manually, go to the advanced authentication self-service portal at the link below:
Choose +Add
Then open the NetIQ Advanced Authentication app on your smart device.
Click the Plus (+) symbol (red circled on the image below) to add and enrol the app. You may be requested to set a PIN number for the application. If you set this, you will need to enter the PIN before using the app each time. We recommend that you set a pin or unlock by fingerprint for additional security.
Point the camera at the QR code on the computer screen (black and white square, see image below). You may need to move the phone further or closer to the screen until you see a green square appear and the process completes.
Set a name/description for your token in the app, for example ‘LSHTM’.
Once the smart device completes the enrolment, the screen will close (no need to click save).
The smartphone method will then be listed in the enrolled authenticators section and is ready to be used as a second factor in authentication