Multi-Factor Authentication FAQ
Updating/Changing your Multi-factor Authentication methods
When you get a new phone number or purchase a new Android or Apple device, you can update your MFA phone number or app by:
- Going to aka.ms/mysecurityinfo
- Enter your PCC Email Address and Password when prompted
- From here you can change your phone number, or delete your connection to the authenticator on your phone.
Setting your default authentication method
After you have enrolled for MFA, you are able to set the default method that you would like to use by:
- Going to aka.ms/mysecurityinfo
- Entering your PCC Email Address and Password when prompted
- Under the Security Info heading, in bold letters, you will see Default Sign-in Method with a link to Change at the end.
- Click this link to set your default sign-in method.
Note: You will only be able to choose from the MFA options that you have enrolled in.
- Phone – call + (phone number) = Phone Call
- Phone – text + (phone number) = Text Message to Smartphone
- App-based authentication – notification = Microsoft Authenticator App on Smartphone
- App-based authentication or hardware token – code = Authenticator CC App in Chrome Browser
How will this impact me logging in to PCC Services
- When logging into MyPCC and other PCC services, you will be prompted to log-in with MFA, unless on-site or using VPN.
- If Microsoft recognizes anything that they find suspicious or “risky” regarding your account, they will request you to re-authenticate using MFA.
- Atypical Travel – If you are traveling and log-in to PCC resources, you may be requested to re-authorize using MFA
- Atypical Device – If you are attempting to sign in using a device that you have never signed in from, you may be requested to re-authorize using MFA
- Security Issue with your PCC Account – PCC Information Security notifies users when their accounts may be compromised. If your account is found to be compromised, Information Security may force a user to re-authorize using MFA.
I just enrolled in for MFA but I am not getting prompted to sign in with MFA
Once your division/department is moved over to MFA, you will be prompted to enroll your account. After enrolling, you will not see any additional prompts for 2 weeks, until the 14 day deferral for your division/department concludes. After this 2-week window, you will begin seeing the MFA prompt regularly.
Setting up Push Notifications on your Smart Phone with Microsoft Authenticator
Android
- Long-press on the Microsoft Authenticator app icon (Img. below) and tap the ‘i’ info icon from the menu that pops open.
- Tap on Notifications and enable the toggle next to Allow notifications in the following menu.
iPhone
- Open the Settings app on your iPhone.
- Scroll down to tap on Authenticator.
- Tap on Notifications and enable the toggle next to Allow Notifications.
What if I already use the Microsoft Authenticator App?
Follow the instructions outlined in the Enrollment Process page.
Too Many SMS/Text Codes requested in a short period of time
It is possible to meet the Microsoft enforced quota on text codes. When this happens, you will need to use another form of authentication. For this reason, when enrolling into MFA, it is best to enroll in multiple forms of authentication (Text, Phone call, and Authenticator apps)
I don’t have my MFA Device with me
Maybe you left your cell phone or computer at another location. In this case, you will follow the below instructions.
- Sign in to your account but select the Sign in another way link on the Two-factor verification page.
- If you don’t see the Sign in another way link, it means that you haven’t set up any other verification methods. You’ll have to contact your administrator for help signing into your account.
- Choose your alternative verification method, and continue with the two-step verification process.
You are not receiving prompts via your smartphone/non-smartphone
Sometimes, when trying to gain access to a PCC resource your phone may not prompt you on your smartphone to accept the connection when you are login in on a computer.
- Refreshing the App
- Open the Microsoft Authenticator app and refresh the app (dragging down on the screen).
- Additionally, closing the app and then reopening can also achieve the same goal.
- Time it takes to receive prompt
- More often than not, the prompt to accept a connection will be instantaneous (5 to 10 seconds). When the system is delayed, it can take up to 2-3 minutes.
- VPN Connection
- With the VPN connection, you may experience a lag between signing in on your workstation and the prompt appearing on your smartphone, or you receiving the phone call or text message. In these instances, please be patient, as it may take 1 to 2 minutes for the prompt to occur.
- If it takes longer than this, please try once more.
- Notice, that if you receive multiple text messages, you will want to use the most recent of these to sign in.
- With the VPN connection, you may experience a lag between signing in on your workstation and the prompt appearing on your smartphone, or you receiving the phone call or text message. In these instances, please be patient, as it may take 1 to 2 minutes for the prompt to occur.
Did you upgrade, replace, or lose your device?
- Lost Device:
- Log in to aka.ms/mysecurityinfo
- If you are unable to log-in, you will need to call the IT Service Desk (971-722-4400) to reset your authentication methods
- Once logged in, you will be taken to the Security Info page where you can then click Sign out Everywhere.
- Once signed out, you will need to re-enroll in MFA by clicking Add sign-in method.
- Log in to aka.ms/mysecurityinfo
- Upgrade/Replacement:
- Manual Process:
- Log in to aka.ms/mysecurityinfo and delete the Microsoft Authenticator entries on your profile.
- Before getting rid of your old device, you will want to remove the PCC account from your Authenticator App, or within aka.ms/mysecurityinfo click Sign out Everywhere.
- Now, the next time you try to access PCC resources, such as my.pcc.edu, you will be prompted to re-enroll in MFA. You will now use your new device to enroll.
- Using Cloud Backup on your mobile device
- iOS:
- On your iOS device, select Settings, select Backup, and then turn on iCloud backup. Your account credentials are backed up to your iCloud account.
- Android:
- On your Android device, select Settings, select Backup, and then turn on Cloud backup. Your account credentials are backed up to your cloud account.
- Recovering your information on new phone:
- On your mobile device, open the Authenticator app, and select Begin recovery.
- Sign in to your recovery account using the personal Microsoft account you used during the backup process. Your account credentials are recovered to the new device.
- Additional information about Backing up and Recovering your account within Microsoft Authenticator.
- iOS:
- Manual Process:
User management of Temporary Access Pass
Users managing their security information at aka.ms/mysecurityinfo see an entry for the Temporary Access Pass (TAP), if you have contacted the IT Service Desk and they have provided you one. If a user does not have any other registered methods, they get a banner at the top of the screen that says to add a new sign-in method. Users can also see the TAP expiration time, and delete the TAP if it’s no longer needed.
Is Microsoft Authenticator compatible with my Apple Watch?
Currently, as of Jan 23rd 2023, the Microsoft Authenticator app is not compatible with the Apple Watch. You can learn more about deleting the app from your Apple Watch.
Using MFA with your VPN connection
In order to utilize VPN with MFA, IT Staff will need to make configuration changes in the Check Point VPN Client. When MFA is released to all employees, these configurations will be in place automatically.
For PCC Affiliates using their own devices, you will need to install from this location.
If you are a PCC employee using a PCC Windows computer, you will want to use our Self Service installation.
If you are a PCC employee using a PCC Mac/Apple computer, you will want to use the Self Service application on your computer to install the software. See more information on how to find the Self Service application.
Configuring your VPN Client – Windows
- On the bottom-right corner of the Checkpoint VPN software login screen, you will select the link Change Login Option Settings
- You will be placed in the Authentication tab
- Click the drop-down
- Select Multi-Factor Authentication
- Click the Ok button
- Enter your MyPCC username and password
- Go to the “What to expect” section below
Configuring your VPN Client – Mac
- On the bottom-right corner of the Checkpoint VPN software login screen, you will select the link Change Login Option Settings
- You will be placed in the Authentication tab
- Click the drop-down
- Select Multi-Factor Authentication
- Click the Ok button
- Enter your MyPCC username and password.
- Go to the “What to expect” section below
VPN – What to expect
When you log in to your VPN client, using your username and password, you will get different results based on your default authentication method:
- If you use the Microsoft Authenticator app as your default authentication method:
- If using the Microsoft Authenticator app, you need to have the Microsoft Authenticator app open on your smartphone to receive the prompt to Approve.
- If you use a phone call as your default authentication method:
- If using a phone call, you should receive a phone call shortly which will prompt you to press the # sign
- If you use Text Message (SMS) as your default authentication method:
- If using Text Message, you should receive a text message with a 6-digit code to enter. Enter the code in the Response section of the VPN software
- Press Connect once your 6-digit code has been input
- If you use Phone Call as your default authentication method:
- You should receive a phone call within 30 seconds of attempting to connect to the VPN.
- Note: If you are forwarding your PCC phone to another phone number, it can take too long to send you the phone number for this method to work 100% of the time.