MFA - Multi-Factor Authentication

Servizi

What’s MFA - Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a security technology that involves the use of login details of different and independent categories for the purpose of verifying a person's identity when accessing protected resources. Multi-Factor Authentication requires the use of two or more passwords/login details of independent security categories: for example, something a person knows (e.g. login/password) combined with something a user possesses (e.g. security token), or some distinctive personal feature (e.g. biometric characteristic).

The aim of MFA is to create multiple layers of defense that make it more difficult for unauthorised users to gain access to protected resources, be they physical or IT. Indeed, should an authentication factor be compromised, in the context of MFA authentication the unauthorised user attempting to access the protected resource still has one or more additional barriers to overcome in order to achieve the goal.

MFA is an essential component of Identity and Access Management, in particular for the definition of access control policies that govern the definition of specific security levels for the various resources managed.

How does MFA work at Univr?

Multi-Factor Authentication (MFA) involves the use of multiple authentication methods for the purpose of verifying a person's identity when accessing protected resources.

SPID account

GIA login details + TOKEN

The token (computer term for a physical or logical object required for MFA) is generally a numeric code and can be provided in two ways:

  • OTP (One Time Password) - the code/token is sent by e-mail so the user will need to enter a private e-mail address in DBERW (TA and teaching staff) or ESSE3 (students); it works without any configuration on the part of the user, who has only to make sure that the e-mail address they have provided to the University is correct.
  • TOTP (Time-Based One Time Password) - the code/token is sent via app so, in addition to the private e-mail address on DBERW, it is also necessary to install an app on a PC or smartphone, e.g.:
    • Mobile apps (Microsoft Authenticator, Google Authenticator, 2FA, …)
    • Desktop apps capable of supporting the relevant standard (es. KeepassXC).

Which software do MFA require?

  • DBERW
  • OFFICE 365
  • E-MAIL PROVIDER

When is MFA required?

When is MFA required?

OWA can be accessed via:

  • the WEBMAIL link, in the top right-hand corner of the UniVR home page;
  • the Outlook Webmail link, at the bottom of the personal areas (Aree riservate) column on the UniVR home page;
  • the Webmail application in MyUniVR / My Desk / All applications (or My applications) - Tutte le applicazioni/Le mie applicazioni.

The MFA is required when:

  • during the previous login you answered NO to the message "Stay logged in? Perform this operation to reduce the number of times you are asked to log in" ("Rimanere connessi? Eseguire questa operazione per ridurre il numero di volte in cui viene richiesto l'accesso");
  • at the end of your OWA activity you log out of your account (avatar), which can be found in the top right-hand corner, and then select the "Log Out" option;
  • on your browser you have set not to save passwords/forms/browsing history/cookies;
  • you clear the passwords/forms/browsing history/cookies on your browser.

The MFA is not required (within 30 days of the previous request) when:

  • during the previous login you answered YES to the message "Stay logged in? Perform this operation to reduce the number of times you are asked to log in" ("Rimanere connessi? Eseguire questa operazione per ridurre il numero di volte in cui viene richiesto l'accesso");
  • at the end of your OWA activity you do not log out of your account (avatar), which can be found in the top right-hand corner, but simply close the browser, or the tab in which you had opened OWA;
  • on your browser you have set to save passwords/forms/browsing history/cookies;
  • you have not cleared the passwords/forms/browsing history/cookies on your browser.
  • access to OWA occurs via MyUniVR / My Desk / My Applications or All Applications – Le mie applicazioni (in this case the user only entered the login details required to access MyUniVR).

Where can I find tutorials and information about MFA?

All the updated information and specific instructions for each software and device are available in the ‘Documents’ section on this web page.

Video tutorials can be found in MFA's Panopto Video Portal.

How to solve user configuration problems

If the following error appears, it means that a private e-mail address has not been provided to the university and is therefore not present in ESSE3 student management portal (for students) or in DBERW (for TA and teaching staff) and no application for MFA authentication via TOTP has been registered.

To solve this there are two options:

  • enter a private e-mail address in ESSE3 student management portal (for students) or in DBERW (for TA and teaching staff) and log in using your GIA login details, then select the "E-mail" sending method by entering the OTP code received. See section "Access from web portal – E-mail method" in the Windows or MAC manuals
  • see paragraph "Registering the MFA authentication application via TOTP" in the Android, Iphone or Ipad manuals

Who to get in touch with in case of a technical problem

If you experience a technical problem with MFA, please get in touch with the IT staff relevant for your area.

Service managed by:
Head Office IT and Communications
Group Computer Systems Group

Documents

Cos'è l'Autenticazione MFA - Guida introduttiva
Guide per la configurazione dei diversi dispositivi: Android, Iphone, Ipad, Windows, Mac, Linux
Video Tutorial di configurazione MFA