MFA (English): Forskjell mellom sideversjoner
Ingen redigeringsforklaring |
Ingen redigeringsforklaring |
||
Linje 45: | Linje 45: | ||
[[File:MFA-Endtestd2-eng.png|400px]]<br><br> | [[File:MFA-Endtestd2-eng.png|400px]]<br><br> | ||
Etterpå kan vi se at standardmetoden nå er endret:<br> | Etterpå kan vi se at standardmetoden nå er endret:<br> | ||
[[File:MFA-Endtestd3.png|400px]] | [[File:MFA-Endtestd3-eng.png|400px]] | ||
===Hva hvis jeg glemmer mobiltelefonen hjemme?=== | ===Hva hvis jeg glemmer mobiltelefonen hjemme?=== |
Sideversjonen fra 4. sep. 2020 kl. 11:53
[-Translationwork in progress Sept 2020-]
Why are we using MFA?
IT Security has changed quite a bit over the last few years. Among other things, it has become more difficult to detect fraud attempts where usernames and passwords are lost.
One of the most effective measures is to introduce multi-factor authentication (MFA). UiB is now introducing MFA for all employees and students. This will in the first place
be introduced for Office 365-related products and services.
What is MFA?
MFA stands for Multi Factor Authentication and basically means that you use two factors to confirm your identity when logging in.
One factor is of course your password and the other factor is to confirm via either SMS or an App (Authenticator).
This means that the data you have access to using your user profile is 99.9% less exposed to the risk of identity theft.
How do I sign up for MFA?
If you do not already have MFA activated and want to use it, you can fill out the form linked to on the blue button above. Then you will at the next login
on an Office365 service such as Teams, OneDrive or the Office Portal be prompted to set up MFA. After completing the form, it is recommended to log out of the Office session
in the browser by going to the Officeportal, select "Log out /" Sign out "on your profile at the top right - and then Log in again. You should now be asked to set up MFA .
What do I as a user have to do to use MFA properly?
The first time you log in after MFA is activated, you must set up the service with your personal contact information. This should be done via PC and you would also need access to your
mobile phone. When the service is activated, you will be prompted to add the information. It is possible to use both SMS or an App to confirm
your identity. Which of the two you choose to use is a matter of your own preference, but UiB recommends using the app for this because it is easier to use and faster than typing
a verification code each time.
If you want help down the road, you can use the following step-by-step guide to set up the service for your user: https://it.uib.no/Aktivere_MFA (Norwegian)
Conditional access excludes MFA in certain cases
- Duration of 30 days per session (Example: Word, PowerPoint, browser). If you use different browsers this will be different sessions. You should therefore be able to get away with one authentication per 30 days, per application.
- For client-driven computers, we will in the long run require that you use Windows Hello with PIN or a biometric device, which together with TPM works as the second factor.
How do I change my default authentication method?
You can change which method is the default for your user. You can easily add more methods so that you have more options by pressing "Add method".
You can edit this trough this page. Press Change to change method:
Deretter velger du ønsket metode - i dette eksemplet endrer vi til "Microsoft Authenticator - varsling".
Etterpå kan vi se at standardmetoden nå er endret:
Hva hvis jeg glemmer mobiltelefonen hjemme?
Du vil sjelden bli spurt om MFA om du sitter på en maskin som er satt opp av IT-avdelingen.
Hva hvis jeg mister mobiltelefonen min?
Ta kontakt med BRITA (Brukerstøtte ved IT-avdelingen) snarest dersom du mister mobiltelefonen din.
For å reaktivere MFA mot en ny telefon vil du måtte følge veiledningen for førstegangsoppsett på nytt.
Nyttig info
- Kontoer med adminroller har allerede MFA.
- Vi anbefaler "Microsoft Authenticator" APP med ett trykks godkjenning for Android og iOS. Google Authenticator fungerer også, men da med sekssfifret kode og ikke ett trykk.
- Vi ønsker også å tilby USB-stick som et alternativ til Authenticator App. Gi en lyd hvis du vil være med å teste dette.
- Endringen er meldt her: https://bs.uib.no/?module=change&action=view&tid=8947
- Om ønskelig kan man også på forhånd bruke denne lenken for å sette opp ønsket metode og også laste ned og konfigurere appen:
https://account.activedirectory.windowsazure.com/Proofup.aspx?BrandContextID=O365&ruO365 - Samme lenke kan også benyttes for å endre standardvalg for godkjenning senere.
- Dersom du ønsker å vite mer om MFA kan du lese mer her.