Webcourses MFA Enrollment and Sign-In Options


Webcourses MFA Enrollment and Sign-In Options

 

This knowledge base article will discuss configuring Multi-Factor Authentication (MFA) for Webcourses and changing phones, phone numbers, and account information associated with an account's MFA profile. One may reach Webcourses by:

 

Table of Contents

Student Enrollment

Employee Enrollment

 

Student Enrollment

Enroll using Microsoft Authenticator

 

Students will be required to use Microsoft Authenticator when prompted for multi-factor authentication. This is the same method used to protect Knights Email. The steps below will walk you through downloading the Authenticator app and the account registration process.

There are two primary methods for enrolling in Microsoft MFA, visit https://aka.ms/mysecurityinfo and register before logging into Webcourses, or logging into Webcourses (after May 8th) and register as a part of one's authentication process.

 

IMPORTANT: Please do not remove the MS Authenticator app from your personal device after logging in. You will need to use MFA for future logins as well as the first time authenticating to Webcourses. 

 

To register in Webcourses there are two walkthroughs to choose from. 

If you prefer a multimedia option, you may register while watching this walkthrough on YouTube.  For those preferring a text-based series of steps, please read below:

 

    1. Visit Webcourses and log in using your nid@ucf.edu (lower case), as seen below. Please note the login page has a new look and feel over  prior semesters. 

Attention Knights Email users: When logging into Webcourses, your web browser may remember your Knights email account as an account which you previously authenticated with. If you see your @knights.ucf.edu email account on the page below, please hit the back arrow in front of your account name and you will then be able to enter your nid@ucf.edu. Webcourses requires authentication with one's NID and the Knights email account will not meet this requirement.  For more information please review our article on how to change accounts when logging into Webcourses

2.  After a successful NID login, you will be asked to register your NID with MS Authenticator. Please click the 'Next' button as seen below:

 

 

3.  Next, you will be asked to download the MS Authenticator app if your device has not been installed. 

a. If you do not have the MS Authenticator App installed on a personal device (such as a smartphone), please select the 'Download now' link in arrow 1. 
b. Once downloaded, or if you already have MS Authenticator installed on your device, please select 'Next' shown in arrow 2.

 

UCF strongly encourages using the MS Authenticator app as your primary MFA method. However, suppose you do not choose to use the MS Authenticator app. You may also use a FIDO2 Security Key or your phone number by clicking on the 'I want to set up a different method' link in the image's bottom left corner.

 

4. Please open the MS Authenticator app on your device. On the main Authenticator screen, you will see a '+' sign allowing you to  add a new account to the app. 

a.    Click the '+' sign.
b.    You will be asked what type of account you are registering for. Please select 'Work or school account.'

5. Select 'Next' on your web browser as seen below:

6. Your web browser will now show a QR code, as seen in the example below. You may scan this QR code with your device by  selecting the 'Scan a QR Code' option.  Please note that you will need to scan the QR code with the MS Authenticator app. Using a generic QR reader will result in a registration error. 


 7. After scanning the QR code with the MS Authenticator app, your web browser will ask you to approve the request using the MS Authenticator app. 

8. Once the number has been entered into MS Authenticator and is recognized by the app, your web browser will load a screen  noting that your MFA authentication was approved:

9. Congratulations! Your MS Authenticator registration is successful and complete!

You may now click the 'Done' button to close the registration page and be taken to the application you initially logged into. 

IMPORTANT: Please do not remove the MS Authenticator app from your personal device after logging in. You will need to use MFA for future logins as well as the first time authenticating to Webcourses. 

RECOMENDATION: It is highly recommended that you also set up an alternate method of MFA in case an issue prevents you from using the Authenticator app. SMS text is a frequently used option. After your initial registration we urge you to continue to the next section and enroll your cell phone as a secondary device giving you have multiple methods of MFA to choose from. 

 

Adding additional MFA Methods or Changing the Microsoft Authenticator Default Sign-In Option           

1.    Open a web browser and navigate to https://aka.ms/mysecurityinfo 
2.    Login with your full NID (include the @ucf.edu)

3. Authenticate with your NID and password once prompted.

4. Respond to the MFA prompt displayed in your web browser using the MS Authenticator app on your device.

          5. Once authenticated, the Security info page is displayed:

         6.  Arrow 1 will allow you to change your default notification method. Options include:

a.    MS Authenticator App (recommended).
b.    FIDO2 Security Key (can be used instead of a smartphone).
c.    Phone number.

7. Arrow 2 will allow you to add or change the MFA methods, such as the phone number, associated with your account. This is useful for having a secondary MFA  option if your device is not with you or is malfunctioning. It is highly recommended that you add an SMS accessible phone number to your account as a backup method of MFA

8. Arrow 3 grants the ability to remove authentication options.

9. Arrow 4 will sign your NID from any active sessions that MS Authenticator protects. This is a powerful option to access if your MFA device is missing and unsecured.  

 

Passwordless Authentication: You may sign in with your smartphone without a password. For further assistance configuring Microsoft Authenticator and enabling smartphone sign-in, see Sign in to your accounts using the Microsoft Authenticator app. 

  

Registering FIDO2 Keys
If one prefers not to use a smartphone as an MFA device, FIDO2 keys act as a small physical token that can be used when prompted for MFA. These keys can be purchased online or at UCF's Technology Product Center. To configure a FIDO2 key:

  1. Browse to https://myprofile.microsoft.com.
  2. Sign in if not already.
  3. Click Security Info.
    1. If the user already has at least one Azure AD Multi-Factor Authentication method registered, they can immediately register a FIDO2 security key.
    2. If they don't have at least one Azure AD Multi-Factor Authentication method registered, they must add one.
    3. An Administrator can issue a Temporary Access Pass to allow the user to register a Passwordless authentication method.
  4. Add a FIDO2 Security key by clicking Add method and choosing Security key.
  5. Choose USB device or NFC device.
  6. Have your key ready and choose Next.
  7. A box will appear and ask the user to create/enter a PIN for your security key, then perform the required gesture for the key, either biometric or touch.
  8. The user will be returned to the combined registration experience and asked to provide a meaningful name for the key to identify it easily. Click Next.
  9. Click Done to complete the process.

 

Microsoft Authenticator FAQ

The Microsoft Authenticator app helps you sign into your accounts more securely by using two-step verification. Two-step verification adds an additional verification method after signing in using your username and password. The two-step verification helps keep your accounts more secure in the event that your passwords are stolen or forgotten.

You can download the Microsoft Authenticator for your specific device through the website links below.

 

After signing in using your username and password, you will be given two options to verify your identity with two-step verification.

 A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN. You also have the option to verify a sign-in using a phone call or text messages.

There is an option to have a random 6-digit code generated by a code generator sent to your phone that can be used to verify your account.

 

Security keys are considered a stronger verification method because they require a physical key. Security keys are a password-less sign-in method. A security key is a physical device that's used with a unique PIN to sign into your work or school account.  These keys can be purchased at the UCF Technology Product Center and can be used as an alternative sign on method instead of using a smart phone.

 

In the event that your verification device is stolen, lost or no longer used, you can disable that device in the MS app settings.

 

 

 

If you have additional questions or want a more in-depth tutorial, please visit:

Microsoft Authenticator Tutorial

 

Adding your work account to MS App:

Add your work or school account to the Microsoft Authenticator app

 

Updating your two-step verification settings:

Change your two-step verification method and settings

 

Employee Enrollment – 

Enroll using Duo MFA

Most UCF Faculty and Staff must use Duo when prompted for MFA in Webcourses. However, some business units may be prompted for Microsoft Authenticator. If you are prompted to use Microsoft Authenticator, please follow the instructions here. If you are prompted for Duo, please follow the instructions below.

1.    Authenticate into Webcourses using your NID@ucf.edu. Please note that the initial authentication screen has a new look compared to prior semesters.

2. Once your NID has been authenticated, you will see a screen like the one below. Please select 'Start Setup.'

 

3.  Next, select the type of device you prefer to use. The recommended option for initial configuration is 'Mobile Phone.' Please choose your preference and click 'Continue'.

4.    Please enter your phone number. You will then be prompted to confirm it is the number you wish to use. Once approved, please select 'Continue'.

5.    The Duo will request you enter a 6-digit code to confirm your registration. You will now have the option of receiving a phone call or receiving the number sent via text SMS. Once you receive your 6-digit code, enter it in the box, select 'Verify, ' and then 'Continue'.

6.    You may now select your preferred MFA options (We highly recommend Duo Push). Once you have chosen, please click the 'Save' button, as seen below.

Congratulations! You have configured Duo MFA with your NID. You may continue logging into the application you are accessing by selecting 'Continue to log in,' or you may now configure your device for Duo Push by selecting 'Device Options' and continuing in the next section, 'Configuring Duo Push'. 

 

Configuring Duo Push (recommended method)

  1. To begin the configuration process for Duo Push, select the Device Options button as seen in the image below:

 

  1. Select the button ‘Reactivate Duo Mobile’ as seen below:

 

  1. You will be asked what sort of personal device you wish to install Duo Mobile onto. Please select your option and then ‘Continue’.

 

  1. On your personal device, go to either Google Play or Apple Store and download the free application ‘Duo Mobile.’ Once Duo Mobile is installed on your device select the ‘I have Duo Mobile installed’ on your web browser.

 

 

  1. Use your personal device to scan the QR bar code displayed in your web browser, as shown in the example below.

Once your device has successfully scanned the QR code displayed on your web browser, please select ‘Continue’.

6. You will now see this success page. Please click ‘Continue’.

 

  1. You will now be returned to the Duo configuration page. Select ‘Back to Login’ and begin using Duo Push!

 

 

 

Register Hardware Token / YubiKey

If you prefer to use a hardware token for your MFA device, please follow the section below:

  1.  Authenticate into a Duo supported application and on the main MFA page select "Add a new device"
  2.  Select the option for "Security Key" and then click "Continue"
  3.  You will now see an information page noting that the next step requires pop-up pages to be allowed in your web browser. If you do not allow pop-ups, please do so at this time. You will also now plug your YubiKey into your computer. Once ready please click "Continue"
  4. A pop-up window as seen below will now appear. To proceed please click "OK".
  5.  You will now see a message asking you to click the button on your key. Please do so and the page seen below will automatically update after a few seconds.
  6.  Your key will now be registered in Duo. In order to use it please click the "Continue to Login" button as seen below:
  7.  You will now see the standard Duo login authentication page. To use your YubiKey please select the "Passkey" option as seen below and then select "Use Security Key".
  8.  Click the button on your YubiKey and you will be authenticated!

Additional Duo Resources

For additional information on Duo, please review the following links: