Always setup TWO Methods of Multi Factor (MFA) authentication. This way you always have a backup MFA method should one change or not be available momentarily when you need it.
If you have multiple Microsoft accounts, either for personal use or from other organizations, it may help to use a private web browser window. Chrome's Incognito mode, Edge's InPrivate, or Safari's Private Window will prevent other logged-in Microsoft accounts from potentially interfering with the following steps.
The following steps will assist you in configuring the recommended Multi-factor Authentication settings at USask: using the Microsoft Authenticator app alongside your phone number as a secondary option.
- On a computer, log into https://myaccount.microsoft.com using your NSID@usask.ca and your PAWS password.
- Once, logged in, click on Security Info > Update Info.
- Click Add Sign-in Method. Select Microsoft Authenticator (which is an app you will install and configure on your phone).
- You will see a prompt similar to this one saying "Start by getting the app" (which will get installed on your phone). Note that you can find the Microsoft authenticator app in either the Apple Store or the Google Play store. Please ensure the app icon looks similar to the blue lock below and it is titled "Microsoft Authenticator".
- Once you have the app installed on your phone, click Next. It should now read as follows. Open the Microsoft Authenticator app on your phone, and tap the "+" to setup a new account. Select "Work or School Account", then tap "Scan a QR Code".
If prompted, allow the app to use your phone's camera.
- On the computer, click "Next". This should display a QR code to scan with your app.
- Scan the personalized QR code with your phone, and you should now see your NSID account added to the phone app.
- Click "Next" on the computer; this will prompt you to approve the sign-in on your app. Type the number displayed on your computer into the app and tap "Yes". The app may require you to authenticate with your phone's security PIN or biometrics lock.
- If you see "Notification approved" you have now setup the Microsoft Authenticator with push notifications as your primary MFA option on your USask account. Click "Done". This should bring you to the "Security Info" page in your USask Microsoft account.
- To setup your secondary MFA method, click the "+ Add sign-in method" and select "Phone", then click "Add".
Setting up a Second MFA option is HIGHLY recommended.
- Select the appropriate country code and enter your phone number, then choose "Receive a code" or "Call me", and click "Next".
- You will receive a phone call or text message (depending on your chosen option). For the phone call, answer it and press the "#" key; for the text message, enter the received 6-digit code in the verification box on your computer and click "Next". Once it is verified, you can click "Done".
- Set recommended default sign-in method
- click on Security Info > Update Info.
- Click on the blue word Change at the end of the line "Sign-in method when most advisable is unavailable".
- Select "Authenticator app or hardware token - code".
- Click Confirm.
The default method "Authenticator app or hardware token - code" works better with USask websites than the other methods. Using a code from the authenticator app also does not require a wifi or cellular data connection.
- Now, sign into PAWS on your computer with your NSID and password. If you are redirected to the "MyProfile Security Checkup" page, review your password recovery options. if they look correct, click "Save Changes".
- If you see a "Secure the Pack: Set Up Multi-Factor Authentication" page, click "Reload." (You may need to click "Reload" a couple of times until you see the "MFA is set up successfully" message). Click on "Redirect back to requesting service."