MFA authentication for unipr users

When accessing an online service, the second factor authentication (MFA) is not requested at each login, but only during the first authentication with the device in use.

For example, if using your usual computer you were asked for 2-factor authentication when accessing the online e-mail service, this authentication will not be asked the next time, unless many days have passed.

The validity period of the authentication session depends basically on 2 factors: type of device used and frequency of use, and it usually lasts 30-90 days.

In the event that Unipr's computer security monitoring systems detect a compromise or abnormal activity with your account, a new authentication and/or password change may be required.

As a further example, when accessing the services of the Microsoft 365 suite, authentication with MFA is requested when:

• during the previous login, as opposed to the current one, you answered NO to the message "Stay logged in? Do this to reduce the number of times you are asked to log in".
• at the end of your activity in Outlook Web you log out from your avatar, which you can find in the top right-hand corner, and then choose the "Log out" option
• within the browser you are using, you have set it not to store passwords, forms, history, cookies or you clean up passwords, forms, history, cookies
• ensure that your browser is set to either store passwords, forms, history, or cookies, or to clear passwords, forms, history, and cookies.

Please be advised that two-factor authentication (MFA) will be activated on 18 February 2025 and will apply to all users of this University.

For illustrative purposes, but not limited to: technical and administrative staff, professors, researchers, research fellows, postgraduates and students.

On the day of the changeover to MFA, users will receive a notification on their institutional or personal email address, depending on their role within the University.

• Applications from the Microsoft 365 suite (Word, Excel, etc.)
• The University e-mail service
• The VPN (Virtual Private Network) service

All those services that do not rely on Microsoft MFA authentication

By way of example but not limited to:  

• Access to Windows and Linux workstations,  
• The login to the web portals of the EasyAcademy suite: EasyCourse, EasyTest, EasyRoom, EasyAnalytics, EasyApp, EasyBadge, EasyLesson, EasyPlanning)
• login to IDEM, U-WEB, ESSE3 portals
• all websites that base their authentication on the University identity provider Shibboleth  

How to access VPN with MFA is described in the VPN with MFA installation and configuration document.

Follow the instructions in the MFA Authentication Guide for unipr.pdf users attached to this webpage.

For services and applications that do not require MFA, there is no change. However, for those that do require it, you will be redirected via the web to the MFA configuration wizard. This is the same wizard that can be found in the MFA Authentication guide for unipr.pdf users attached to this web page.

Please complete the procedure to regain access to the service.

You have the following options:

CASE 1

If the device you are using is the usual one, the previous authentication probably generated a token that is still valid. This means that you will therefore be able to access services requiring MFA without entering the second authentication factor.

CASE 2

It is possible that, for various reasons, the authentication system may prompt you to provide the second factor.

If you have added an alternative method for MFA in your Microsoft profile, then you can use that (phone call, SMS or another Microsoft Authenticator app). If not, please contact user support and/or send an email to helpdesk.informatico@unipr.it requesting a password for temporary access.

It is imperative that you implement an alternative method to the default method for MFA in order to prevent this situation recurring. The following options are available to you:
-    downloading a second Microsoft Authenticator app on another device
-    registering a landline phone number from which to receive the call
-    registering a mobile phone number on which to receive the OTP via SMS.
 

You have these possibilities:

CASE 1: You have a new phone

• SELF-SERVICE PROCEDURE:If you were using the authenticator app and had the “cloud backup” feature enabled, you can independently restore your Microsoft account configuration to another device, retrieving it from the cloud backup.
• GET SUPPORT FROM UNIPR: write to helpdesk.informatico@unipr.it requesting a reset of your MFA configuration; this will allow you to perform a new MFA configuration, starting from scratch.

CASE 2: You are not in possession of a new phone

While you are in possession of a new phone, you can ask helpdesk.informatico@unipr.it by email for a password for temporary access.

Yes, it can be changed.

More information in the MFA Authentication Guide for unipr.pdf users attached to this webpage.