Update: Streamlining Campus MFA
As part of phase 2 of the MFA Improvement project, services previously requiring Duo MFA (like Buff Portal and MyCUInfo) now require Microsoft MFA. No changes to already configured Microsoft MFA are required.
Learn more about these changes on the MFA Improvement Project webpage (IdentiKey login required) or in the Microsoft MFA Expansion news story. Need assistance? Check out our troubleshooting tips.
What is multi-factor authentication?
Multi-factor authentication (MFA) increases account security by requiring multiple forms of verification to prove your identity when signing in to an application.
Microsoft MFA is used to validate Microsoft products like Outlook or Teams, as well as other campus applications including Buff Portal, MyCUInfo, Canvas, Google Workspace, Zoom, VPN, and more.
How to enroll and use Microsoft MFA
When you first log in to your campus Microsoft 365 account, you will be prompted to register for multi-factor authentication. You can register by either installing the Microsoft Authenticator mobile app (recommended) or entering a phone number:
- Set up the Microsoft Authenticator mobile app: This allows you to click a button on your phone or smart watch to quickly and easily log in when prompted. This is the recommended method for most users.
- Check your settings and add a back-up method: In case you change devices, set up a back-up method to access your account.
- Security key: Use a device like a Yubikey to verify your identity. Yubikeys are available for purchase from the CU Bookstore and via CDW-G in the Marketplace.
Follow the step-by-step instructions to register and set up Microsoft Authenticator app. You do not need to grant the app access to your location in order to use. Use the Find and update Security info tutorial to find how to update your settings in case you get a new device or phone number or want to add additional methods for authenticating. For additional information, please see our Multi-Factor Authentication FAQ.
Please note: After your account is enabled for MFA, you may be prompted to re-authenticate to multiple Microsoft 365 servers (e.g., Teams, Outlook).
Important tip: When registering an MFA method, do not use a Microsoft Teams phone number. You will get locked out of Microsoft Teams and won't be able to receive the Microsoft MFA phone call. This means you won't be able to log back in until you contact the IT Service Center to have your Microsoft MFA settings reset.
Troubleshooting Tips
Having trouble authenticating or accessing Degree Audit, CU Bill & Pay or other applications? Try the following steps to resolve the issue.
1. Clear your browser cache and all cookies
Clearing your web browser's cache and cookies can often resolve MFA issues, stale website content and slow browser performance
Google Chrome
- Select the three vertical dots from the upper right corner of your browser window to open the menu.
- Select Delete browsing data..
- In the new window that opens select the More option then choose All time.
- Below the time selection select both Cookies and other site data and Cached images and files
- Choose the option to “Delete data” and wait for the loading symbol to disappear, indicating the data has been removed.
Microsoft Edge
- Select the three horizontal dots from the upper right corner of your browser window to open the menu.
- Select Delete browsing data. That will bring you to a new page for Edge settings.
- On the window select the Time range drop down menu and choose All time.
- Below Time range select both Cookies and other site data and Cached images and files
- Choose the option to “Clear now” and wait for the loading symbol to disappear, indicating the data has been removed.
Visit OIT's Web Browsers - Clear the Cache page for instructions on clearing your cache in additional browsers.
No matter what browser you use, following the cache clear completely close your browser for changes to completely take effect.
2. Try to connect using an incognito window
Attempt to replicate the issue in an Incognito or InPrivate Browsing Window.
Google Chrome
- Select the three vertical dots from the upper right corner of your browser window to open the menu.
- From the menu select New Incognito window
- Try accessing the service again in the Incognito window
Microsoft Edge:
- Select the three horizontal dots from the upper right corner of your browser window to open the menu.
- From the menu select “New InPrivate window
- Try accessing the service again in the InPrivate window
If neither of the above steps work and you continue to experience the error, please call the IT Service Center at 303-735-4357 or go to our Buff Techs Office in CASE E276.
