Initial Setup Procedures for Multi-Factor Authentication for UTokyo Accounts

Table of Contents

Return to the top page of the description of Multi-Factor Authentication

Introduction

Multi-factor authentication (MFA) is a security process in which users are asked to enter passwords and also verify their identity via SMS or authentication apps when signing in to their accounts. MFA can make your account more secure by reducing the risk of unauthorized sign-ins even if your password has been compromised.

This page provides information about the initial procedures to enable MFA. The outline is as follows.

Complete all the tasks from Step1 to Step 4. After you complete the whole procedure, you will be asked to verify your identity with the registered SMS, apps, etc., whenever you sign in to your UTokyo Account. Be well aware that your UTokyo Account will be inaccessible if you lose access to every verification method (smartphone apps, phone number, etc.).

Step 1: Set Up the First Verification Method

First, set up the verification method for MFA. Here, you will add the first verification method only (the second and subsequent methods will be added in Step 2). The first verification method will become the default (automatically selected) method, so it is best to register the method you will use most often.

  1. Access the Security info page.
  2. The sign in page will appear (if you are not already signed in). Enter your UTokyo Account username (10-digit Common ID) and password and click “Sign in”.
  3. Click “Next” in the “More information required” page.
  4. Add the first verification method in the setup page. The setup procedure varies depending on the verification method you add.
    • “Microsoft Authenticator” App: “Microsoft Authenticator” is an MFA authentication application provided by Microsoft. Using this app is convenient since UTokyo Account’s MFA adopts Microsoft’s system.
      Setup Procedure:
      1. Install the “Microsoft Authenticator” app on your smartphone. The Android version can be downloaded from Google Play and the iPhone version from App Store.
      2. After installing the app, go back to the setup page. Click “Next” to continue setup for the Microsoft Authenticator app.

      3. The next procedure differs depending on the device that you are using.

        • Smartphone (the same device where you installed the Microsoft Authenticator app): Click “Pair your account to the app by clicking this link”.Check that your UTokyo Account appears in the Microsoft Authenticator app.
        • Other Devices (PC etc.)
          1. Read the instructions and click “Next” to go to the QR code page.
          2. Open the Microsoft Authenticator app on your smartphone, select ”+” from the icon in the upper-right, then “Work or school account”, and “Scan QR code”.
          3. Scan the QR code with your device’s camera.
          4. Check that your UTokyo Account appears on the app.
    • Other Authenticator Apps: If you already use other authenticator apps, such as “Google Authenticator”, you may also use it for your UTokyo Account authentication.
      Setup Procedure:
      1. Click “I want to use a different authenticator app” in the middle of the setup page.

      2. Follow the instructions until you reach the QR code page. Scan the QR code with your authenticator app and complete the setup procedure.

    • Phone Number: You can add your phone number and receive an SMS or a call (voice guidance) to verify your identity.
      Setup Procedure:
      1. Click “I want to use a different method” at the bottom of the setup page.

      2. For “Which method would you like to use?”, select "Phone", and then click “Add”.

      3. For “What phone number would you like to use?”, select the appropriate country code (+81 for Japan) and input your phone number. Also, choose to either receive a text message with a verification code (“Text me a code”) or a phone call (“Call me”).

      4. Click “Next”.
      5. You will receive a text or call on your phone to verify your identity. If you selected “Text me a code”, you will receive an SMS message with a 6-digit verification code. Input the code in the setup page. If you selected “Call me”, you will receive a phone call asking you press the pound key (#) on your phone to verify your identity. Press the key and end the call. (To display the pound key on your smartphone during the call, press the “keypad” button.)

  5. You will be prompted to enter your email address (if you haven’t already done so). Please enter an email address OTHER THAN your ECCS Cloud Email if possible, and click “Next”. Enter the 6-digit code sent to your email address, and click “Next”.
  6. If you see “Success” on your screen, everything is OK.
The setup process is not over. Continue to Step 2.

Step 2: Add Alternative Verification Methods

Next, add alternative verification methods (second and subsequent methods) from the Security info page

Be sure to add more than one verification method. MFA does work with just one verification method, but having only one verification method puts you at risk of getting completely locked out of your UTokyo Account when your verification method does not work (due to malfunction, phone number change, etc.). Adding multiple verification methods reduces this risk.

In the screen that appears after clicking “Add method”, “App password” and “Email” will also show up as choices for “Which method would you like to add?”. However, please be aware that these cannot be used for identity verification upon sign-in (they are for other purposes).

The setup process is not over. Continue to Step 3.

Step 3: Try Signing In

The next step is to check that you can sign in to your UTokyo Account using MFA.

  1. Access the UTokyo Account Sign-out Page
  2. Wait for the “You signed out of your account” message to appear.
  3. Access the Security info page
  4. Enter your UTokyo Account username (10-digit Common ID) and password in the sign-in page.
  5. Verify your identity using MFA. The procedure differs by the verification method you use. Please follow the instructions on your screen.
    • “Microsoft Authenticator” App: A notification will be sent to your phone asking you to enter the two-digit numbers displayed on the sign-in screen.
      *About the “I can’t use my Microsoft Authenticator app right now” message「サインイン要求」の画面に「Microsoft Autheticator アプリを現在使用できません」が表示されている

      The “I can’t use my Microsoft Authenticator app right now” message does not mean that the MFA system using the app is unavailable. Press the message when you do NOT have access to the app.

    • Other Authenticator Apps: You will see a 6-digit code for your account in the authenticator app. Enter the code in the sign-in page.
    • Phone Number (verification via SMS): An SMS message with a 6-digit code will be sent to your phone. Enter the code in the sign-in page and click “Verify”.
    • Phone Number (verification via call): You will receive a phone call, asking you to press the pound key (#) on your phone. Press the key and end the call. (To display the pound key on your smartphone during the call, press the “keypad” button.)

    If you want to use a verification method not displayed One of the added verification methods (usually the first method added) will automatically become your “default sign-in method”. When you sign in, the system will ask you to verify your identity using the default sign-in method. If you wish to sign in with a different method, click the “Use a different verification option” (or “Having trouble? Sign in another way” “I can’t use my Microsoft Authenticator app right now”) link.

    The default sign-in method can also be changed by following the procedure described in the “Changing the Default Sign-in Method” page.

  6. If you are then taken to the “Security info” page, you have successfully signed in.

The setup process is not over. Continue to Step 4.

*If you could not complete this Step 3 properly, do not proceed to Step 4. Contact the Technical Support Desk.

Step 4: Apply for MFA Use

The final step is to submit an application for MFA. Once you submit this application, you will be asked to verify your identity with the process in Step 3 whenever you sign in to your UTokyo Account.

If the remote-access environment (Citrix Workspace) of office work devices for administrative staff is being used, it will be disconnected once you apply for the MFA. Before moving on to the following procedures, please make sure you are signed out.

  1. Access the UTokyo Account User Menu.
  2. Sign in with your UTokyo Account username (10-digit Common ID) and password if prompted.
  3. Click “multi-factor authentication setting” in the left menu.
  4. Read the MFA instructions carefully, and find “Use MFA” at the bottom of the page. Answer “Yes” and click “SAVE”.

You have completed the initial setup procedures for MFA. It will take about 40 minutes for the MFA settings to be reflected in the system after these procedures, so if you want to use UTokyo VPN or UTokyo Slack, in which MFA is required, please be patient and wait for a while.

If you want to use the UTokyo VPN, additional procedures in the UTokyo VPN page are also necessary. After waiting for approximately 40 minutes, please follow the description in the page.

Things to Keep in Mind after Completing Initial Procedure

Once the MFA is enabled, you will be asked to verify your identity with the SMS or authenticator apps you registered every time you sign in to your UTokyo Account. Be well aware that if you lose access to the registered verification method (smartphone apps, phone number, etc.), you will be unable to sign in to your UTokyo Account.

In particular, when you get a new phone, register the phone for MFA by following the procedures in “Changing the Verification Method of Multi-Factor Authentication for UTokyo Accounts” while your old phone is available. Once your old phone is disposed of, you will no longer be able to verify your identity with the authentication app using the old phone. In addition, if you change the phone number, the verification with your former phone number will be impossible. Since you need to sign in to the system with your old verification method even when you change the method, it is important to switch your verification method while your old phone is available to avoid being completely locked out of your UTokyo Account.

Once you enable the MFA, you cannot disable it by yourself. If you wish to stop using MFA and reverse your UTokyo Account settings to allow signing in with only a password, you need to “terminate MFA use”. Please visit “Terminate MFA Use” for more information.

arrow_upward
Scroll to Top
feedback
Feedback
contact_support
Support Desk