Multi-Factor Authentication (MFA) is the process of using two forms of identification (factors) to access ACU systems while off-campus:

  1. Your password (first factor)
  2. Usually a prompt from a mobile phone (second factor).

This is called authenticating. You may be familiar with this from using MyGov or your Internet banking.

MFA means that even if someone figures out your email and password, they still won't be able to log in to your ACU account. This is because the system won't let them in without the second piece of ID - which is only available through your mobile phone.

Multi-Factor Authentication info graph

MFA is compulsory for all ACU staff.

How does it work?

You'll first need to register for MFA.

The next day after you enrol your device in MFA, you will need to re-authenticate your devices (e.g. laptop, mobile phone) using an application or enter a code delivered by SMS. You will then need to do this when accessing an ACU system outside of the network only.

'Outside of the network' means off-campus or disconnected from VPN.

You can choose for your device to remember you for up to 14 days.

There are two ways to receive authentication prompts - MS Authenticator App and SMS. ACU strongly recommends you set up MS Authenticator as the main authenticator and receive SMS as backup.

The Authenticator app is the preferred ACU option because:

  • It's easy
    When you need to authenticate, the app will pop up with a notification and all you'll need to do is enter the two-digit code displayed on the screen.

  • It's secure
    SMS is no longer the securest option for MFA, as it can be intercepted easily by hackers.

  • It's reliable
    SMSes from Microsoft may not always arrive on time or at all.

Which applications are protected by MFA?

  • Microsoft Office 365
  • Zoom
  • Tech One
  • Workplace
  • Swoop Analytics.

How to use MFA

MFA FAQs

What do I do if I have problems with Teams when re-authenticating?

If you experience the below issue when re-authenticating in Teams, please follow the steps in this Knowledge Base article to fix.

When you re-authenticate, you'll likely see this banner at the top of your Teams app.

banner on MS Teams

For some users, clicking this causes:

  • Nothing at all to happen
  • An authentication popup to appear but is blank.

What do I do if I monitor a generic account such an email for a department?

Generic accounts such as 'cyber-security@acu.edu.au' are not subject to MFA, which means your experience will not change.

What if someone shares their login details with me so I can act on their behalf?

The most common scenario for people sharing credentials is managing inboxes and calendars. MFA enforces a more secure way of sharing these responsibilities, called Delegate Mailbox Access. This provides a much better experience as well as a more secure one, because you won't need to enter different details to access anyone's account. You will log in as yourself, act as yourself, but appear to be acting as someone else.

If someone has shared their details with you, please raise a ticket with Service Central to get the right permissions set up.

How often will I need to use MFA?

Each device can be told to remember you for 14 days. Just select "Don't ask again for 14 days" when you authenticate. You will also need to authenticate when you switch browsers (e.g. from Chrome to Windows Explorer).

You'll also need to MFA if your IP address changes - this can be caused by connecting and disconnecting from the ACU network or other network changes.

Will I be charged to receive an authentication SMS?

Some phone carriers may charge for text messages and this will depend on your individual circumstances with your provider. ACU recommends the Microsoft Authenticator app to avoid SMS charges, though charges will apply as above if you need to use SMS as a backup authentication option.

How often will I be prompted for MFA?

Many factors inform how frequently you'll need to use MFA. Remember that you need to MFA on each device where you access ACU systems, so the advice below applies to each device.

Generally, if you choose 'Remember me for 14 days' when you authenticate, your device should remember you and you won't need to use MFA again for two weeks.

Some exceptions include:

  • If you clear your browser cache or use an incognito window (e.g. in Chrome) then you'll need to authenticate the next time you start the browser, as clearing the cache will refresh your MFA period
  • If you log out of the MFA-protected systems, you'll need to MFA again the next time you log in. Closing a browser or shutting down a computer isn't the same as logging out and shouldn't trigger MFA
  • If your device switches Internet connections, this can trigger MFA (e.g. your home Internet drops out and your phone switches to 4G).

What do I do if I receive a challenge unexpectedly?

If you receive an MFA challenge you don't recognise (e.g. you aren't currently attempting to access any ACU systems), you should immediately decline the prompt and report it.

Do I need the Microsoft Authenticator app on every device where I access ACU applications?

No. You only need to install the authenticator app on the device where you will receive authentication requests (e.g. your mobile). All other devices (e.g. laptop) will be linked to the authenticator app that's on your mobile.

Page last updated on 08/05/2024

Service Central

Visit Service Central to access Corporate Services.


Other service contacts


Learning and Teaching
Library
Request Something

Make a request for services provided by Corporate Services.


Request something
Knowledge base

Find answers to frequently asked questions 24/7.


See Knowledge Base