UTokyo Account arrow_forward_ios Multi-Factor Authentication (MFA) arrow_forward_iosInitial Setup Procedures

Initial Setup Procedures for Multi-Factor Authentication for UTokyo Accounts

Introduction

Multi-factor authentication (MFA) is a security process in which users are asked to enter passwords and also verify their identity via SMS or authentication apps when signing in to their accounts. MFA can make your account more secure by reducing the risk of unauthorized sign-ins even if your password has been compromised.

This page provides information about the initial procedures to enable MFA. The outline is as follows.

  • In Step 1 and Step 2, you will register the “verification method” you will use for your UTokyo Account. There are several verification methods as shown below, so please register two or more methods so that you have an alternative in case one of the verification methods becomes unavailable (the type of the alternative verification method can be the same as the primary method).
    • “Microsoft Authenticator” App: “Microsoft Authenticator” is an MFA authentication application provided by Microsoft. Using this app is convenient since UTokyo Account’s MFA adopts Microsoft’s system. If you have more than one phone, you can register the same authenticator apps on these phones, making them two or more verification methods.
    • Other Authenticator Apps: If you already use other authenticator apps, such as “Google Authenticator”, you may also use them for your UTokyo Account authentication. If you have more than one phone, you can register the same authenticator apps on these phones, making them two or more verification methods.
    • Phone Number: You can add your phone number and receive an SMS message or a call (voice guidance) to verify your identity.
    • Hardware Token (for faculty members): If you are a faculty member and none of the verification methods above are available, we offer a device called “Hardware Token” for verification. The initialization process is different from other methods, so please follow the guidance in UTokyo Portal (faculty members only) to get started.
  • In Step 3, you test the verification method you have registered and see if you can actually sign in to your UTokyo Account.
  • In Step 4, the last Step, you submit an application to enable the MFA.

Complete all the tasks from Step1 to Step 4. After you complete the whole procedure, you will be asked to verify your identity with the registered SMS, apps, etc., whenever you sign in to your UTokyo Account. Be well aware that your UTokyo Account will be inaccessible if you lose access to every verification method (smartphone apps, phone number, etc.).

Video of the Initial Setup

The following video explains the initial setup procedure in this page.

Step 1: Set Up the First Verification Method

First, set up the verification method for MFA. Here, you will add the first verification method only (the second and subsequent methods will be added in Step 2). The first verification method will become the default (automatically selected) method, so it is best to register the method you will use most often.

  1. Access the Security info page.
  2. The sign in page will appear (if you are not already signed in). Enter your UTokyo Account username (10-digit Common ID) and password and click “Sign in”.
  3. Click “Next” in the “More information required” page.
  4. Add the first verification method in the setup page. The setup procedure varies depending on the verification method you add.
    • “Microsoft Authenticator” App: “Microsoft Authenticator” is an MFA authentication application provided by Microsoft. Using this app is convenient since UTokyo Account’s MFA adopts Microsoft’s system.
      Setup Procedure:
      1. Install the “Microsoft Authenticator” app on your smartphone. The Android version can be downloaded from Google Play and the iPhone version from App Store.

      2. After installing the app, go back to the setup page. Click “Next” to continue setup for the Microsoft Authenticator app.

      3. The next procedure differs depending on the device that you are using.

        • Smartphone (the same device where you installed the Microsoft Authenticator app): Click “Pair your account to the app by clicking this link”.Check that your UTokyo Account appears in the Microsoft Authenticator app.
        • Other Devices (PC etc.)
          1. Read the instructions and click “Next” to go to the QR code page.
          2. Open the Microsoft Authenticator app on your smartphone, select ”+” from the icon in the upper-right, then “Work or school account”, and “Scan QR code”.
          3. Scan the QR code with your device’s camera.
          4. Check that your UTokyo Account appears on the app.
    • Other Authenticator Apps: If you already use other authenticator apps, such as “Google Authenticator”, you may also use it for your UTokyo Account authentication.
      Setup Procedure:

      1. Click “I want to use a different authenticator app” in the middle of the setup page.

      2. Follow the instructions until you reach the QR code page. Scan the QR code with your authenticator app and complete the setup procedure.

    • Phone Number: You can add your phone number and receive an SMS or a call (voice guidance) to verify your identity.
      Setup Procedure:

      1. Click “I want to use a different method” at the bottom of the setup page.

      2. For “Which method would you like to use?”, select "Phone", and then click “Add”.

      3. For “What phone number would you like to use?”, select the appropriate country code (+81 for Japan) and input your phone number. Also, choose to either receive a text message with a verification code (“Text me a code”) or a phone call (“Call me”).

      4. Click “Next”.

      5. You will receive a text or call on your phone to verify your identity. If you selected “Text me a code”, you will receive an SMS message with a 6-digit verification code. Input the code in the setup page. If you selected “Call me”, you will receive a phone call asking you press the pound key (#) on your phone to verify your identity. Press the key and end the call. (To display the pound key on your smartphone during the call, press the “keypad” button.)

  5. You will be prompted to enter your email address (if you haven’t already done so). Please enter an email address OTHER THAN your ECCS Cloud Email if possible, and click “Next”. Enter the 6-digit code sent to your email address, and click “Next”.
  6. If you see “Success” on your screen, everything is OK.
The setup process is not over. Continue to Step 2.

Step 2: Add Alternative Verification Methods

Next, add alternative verification methods (second and subsequent methods) from the Security info page

Be sure to add more than one verification method. MFA does work with just one verification method, but having only one verification method puts you at risk of getting completely locked out of your UTokyo Account when your verification method does not work (due to malfunction, phone number change, etc.). Adding multiple verification methods reduces this risk.

  • ”Microsoft Authenticator” App: “Microsoft Authenticator” is an MFA authentication application provided by Microsoft. Using this app is convenient since UTokyo Account’s MFA adopts Microsoft’s system. If you possess more than one smartphone, you may add those phones as alternative verification methods.
    Setup Procedure:
    1. Install the “Microsoft Authenticator” app on your smartphone (if you haven’t already done so). The Android version can be downloaded from Google Play and the iPhone version from App Store.

    2. Click “Add method” in the Security info page.

    3. For “Which method would you like to add?”, select "Authenticator app" and click “Add”.

    4. Click “Next” on the “Start by getting the app” screen.

    5. The next procedure differs depending on the device that you are using.

      • Smartphone (the same device where you installed the Microsoft Authenticator app): Click “Pair your account to the app by clicking this link”.Check that your UTokyo Account appears in the Microsoft Authenticator app.
      • Other Devices (PC etc.)
        1. Read the instructions and click “Next” to go to the QR code page.
        2. Open the Microsoft Authenticator app on your smartphone, select ”+” from the icon in the upper-right, then “Work or school account”, and “Scan QR code”.
        3. Scan the QR code with your device’s camera.
        4. Check that your UTokyo Account appears on the app.
  • Other Authenticator Apps: If you already use other authenticator apps, such as “Google Authenticator”, you may also use it for your UTokyo Account authentication. If you possess more than one smartphone, you may add those phones as alternative verification methods.
    Setup Procedure:

    1. Click “Add method” in the Security info page.

    2. For “Which method would you like to add?”, select "Authenticator app" and click “Add”.

    3. Click “I want to use a different authenticator app”.

    4. Follow the instructions until you reach the QR code page. Scan the QR code with your authenticator app and complete the setup procedure.

  • Phone Number: You can add your phone number and receive an SMS or a call (voice guidance) to verify your identity. There are three types of phones that can be added- “Phone”, “Alternate phone”, and “Office phone”. You may add one phone number for each type (i.e. a total of three phone numbers can be added as your verification method). The description of each phone type is as follows:
    • “Phone”: This is your main phone, such as your mobile phone. You can verify your identity either by receiving an SMS message or phone call. If you added your phone number as your first verification method, it should automatically become “Phone”.
    • ”Alternate phone”: This is a backup phone you can add, such as your landline. You can only receive phone calls (SMS unavailable) to verify your identity using this phone.
    • ”Office Phone”: This is another backup phone you can add, such as your company (university) phone. You can only receive phone calls (SMS unavailable) to verify your identity using this phone. You can add your extension number (a short number that you input after calling main office number to reach a specific person, team, etc. within the office).
    Setup Procedure:

    1. Click “Add method” in the Security info page.

    2. For “Which method would you like to add?”, select the type of phone you want to add and click “Add”.

    3. For “What phone number would you like to use?”, select the appropriate country code (+81 for Japan) and input your phone number. Also, if you chose “Phone” for the type of phone, choose to either receive a text message with a verification code (“Text me a code”) or a phone call (“Call me”).

    4. You will receive a text or call on your phone to verify your identity. If you selected “Text me a code”, you will receive an SMS message with a 6-digit verification code. Input the code in the setup page. If you selected “Call me”, you will receive a phone call asking you press the pound key (#) on your phone to verify your identity. Press the key and end the call. (To display the pound key on your smartphone during the call, press the “keypad” button.)

In the screen that appears after clicking “Add method”, “App password” and “Email” will also show up as choices for “Which method would you like to add?”. However, please be aware that these cannot be used for identity verification upon sign-in (they are for other purposes).

The setup process is not over. Continue to Step 3.

Step 3: Try Signing In

The next step is to check that you can sign in to your UTokyo Account using MFA.

  1. Access the UTokyo Account Sign-out Page
  2. Wait for the “You signed out of your account” message to appear.
  3. Access the Security info page
  4. Enter your UTokyo Account username (10-digit Common ID) and password in the sign-in page.
  5. Verify your identity using MFA. The procedure differs by the verification method you use. Please follow the instructions on your screen.
    • “Microsoft Authenticator” App: A notification will be sent to your phone asking you to enter the two-digit numbers displayed on the sign-in screen.
      *About the “I can’t use my Microsoft Authenticator app right now” message「サインイン要求」の画面に「Microsoft Autheticator アプリを現在使用できません」が表示されている

      The “I can’t use my Microsoft Authenticator app right now” message does not mean that the MFA system using the app is unavailable. Press the message when you do NOT have access to the app.

    • Other Authenticator Apps: You will see a 6-digit code for your account in the authenticator app. Enter the code in the sign-in page.
    • Phone Number (verification via SMS): An SMS message with a 6-digit code will be sent to your phone. Enter the code in the sign-in page and click “Verify”.
    • Phone Number (verification via call): You will receive a phone call, asking you to press the pound key (#) on your phone. Press the key and end the call. (To display the pound key on your smartphone during the call, press the “keypad” button.)

    If you want to use a verification method not displayed One of the added verification methods (usually the first method added) will automatically become your “default sign-in method”. When you sign in, the system will ask you to verify your identity using the default sign-in method. If you wish to sign in with a different method, click the “Use a different verification option” or “I can’t use my Microsoft Authenticator app right now” link.

    The default sign-in method can also be changed by following the procedure described in the “Changing the Default Sign-in Method” page.

  6. If you are then taken to the “Security info” page, you have successfully signed in.

The setup process is not over. Continue to Step 4.

*If you could not complete this Step 3 properly, do not proceed to Step 4. Contact the Technical Support Desk.

Step 4: Apply for MFA Use

The final step is to submit an application for MFA. Once you submit this application, you will be asked to verify your identity with the process in Step 3 whenever you sign in to your UTokyo Account.

If the remote-access environment (Citrix Workspace) of office work devices for administrative staff is being used, it will be disconnected once you apply for the MFA. Before moving on to the following procedures, please make sure you are signed out.

  1. Access the UTokyo Account User Menu.
  2. Sign in with your UTokyo Account username (10-digit Common ID) and password if prompted.
  3. Click “multi-factor authentication setting” in the left menu.
  4. Read the MFA instructions carefully, and find “Use MFA” at the bottom of the page. Answer “Yes” and click “SAVE”.

You have completed the initial setup procedures for MFA. It will take about 40 minutes for the MFA settings to be reflected in the system after these procedures, so if you want to use UTokyo VPN or UTokyo Slack, in which MFA is required, please be patient and wait for a while.

If you want to use the UTokyo VPN, additional procedures in the UTokyo VPN page are also necessary. After waiting for approximately 40 minutes, please follow the description in the page.

Things to Keep in Mind after Completing Initial Procedure

Once the MFA is enabled, you will be asked to verify your identity with the SMS or authenticator apps you registered every time you sign in to your UTokyo Account. Be well aware that if you lose access to the registered verification method (smartphone apps, phone number, etc.), you will be unable to sign in to your UTokyo Account.

In particular, when you get a new phone, register the phone for MFA by following the procedures in “Changing the Verification Method of Multi-Factor Authentication for UTokyo Accounts” while your old phone is available. Once your old phone is disposed of, you will no longer be able to verify your identity with the authentication app using the old phone. In addition, if you change the phone number, the verification with your former phone number will be impossible. Since you need to sign in to the system with your old verification method even when you change the method, it is important to switch your verification method while your old phone is available to avoid being completely locked out of your UTokyo Account.

Once you enable the MFA, you cannot disable it by yourself. If you wish to stop using MFA and reverse your UTokyo Account settings to allow signing in with only a password, you need to “terminate MFA use”. Please visit “Terminate MFA Use” for more information.

arrow_upward
Scroll to Top
feedback
Feedback
contact_support
Support Desk