Coulter Hall C240

Monday – Friday: 8:30am – 4:30pm 

Saturday & Sunday: Closed

helpdesk@sunyocc.edu 315-498-2999

Multi-Factor Authentication (MFA)

Multi-Factor Authentication helps protect your OCC account by adding an extra layer of security when signing in.

After entering your password, you may be asked to verify your login using the Microsoft Authenticator app, a text message, or a phone call.

Set Up MFA

  1. Visit: https://aka.ms/mfasetup
  2. Sign in with your @sunyocc.edu account
  3. Follow the prompts to install and connect Microsoft Authenticator

Download the full setup guide (PDF)

Security best practices

  1. Never approve unexpected MFA requests: If your device receives a push notification or
    code that you did not request by actively trying to log in, select DENY. Contact the Help
    Desk to request a password reset.
  2. Keep your device secure: Keep a secure method of unlocking your device, such as
    alphanumeric password, secure PIN, biometric facial scan, or biometric fingerprint. This
    ensures that if a device is stolen, the thief will not gain access to your account. If your
    device is lost, please fill out a lost device report with OCC Campus Safety.
  3. Update your information: When you get a new device or a new phone number, make
    sure you update your account with the correct updated information. Be sure to transfer
    your authentication methods from old devices to ensure you still have access to your user
    account. (For making changes to MFA setup: https://aka.ms/mfasetup)

Summary of key points:

  • MFA combines your password with a physical device for maximum security.
  • The Microsoft Authenticator App is the fastest and most secure method.
  • Always have a backup method configured (for example, a secondary phone number).
  • Never approve a notification that you did not personally request

FAQs

Multi-Factor Authentication (MFA) is a modern, best security practice that requires users to provide two forms of identification to access their account. Instead of just a password, which can be easily stolen or guessed, MFA combines something you know (password) and something you have (your device).

When signing into your account from a new device or location, the system will prompt you for your password first. Once the password has been accepted, you will then be required to provide a second, established form of verification. Only after completing both forms of verification will a user be granted access to the software application. The reason for this change is to prevent unauthorized access to college resources. If a password is compromised, access is not allowed without the additional factor of authentication.

  1. Microsoft Authenticator: An app that can be downloaded from your device’s app store that provides both push notifications and One-Time Passcode (OTP) codes that can be used to verify a login attempt.
  2. SMS (text) message: A code is sent to your phone via text which needs to be entered.
  3. Phone call: A call from Microsoft will be incoming to your phone, requiring user
    interaction to verify the login attempt.

Note: Microsoft prefers the Authenticator app with push notifications over other methods listed above.

To update your MFA methods, click the following link (https://aka.ms./mfasetup)

  1. First-time login: When logging into your account on a new device for the first time. A
    device includes computers, laptops, tablets, or phones.
  2. New locations: If you are traveling or logging in from a home or public Wi-Fi network or
    a different Internet connection.
  3. Web browser changes: if you clear your web browser cache/cookies or open a web
    browser in “Incognito” or “Private” mode. This also includes the use of a different web
    browser.
  4. Session refresh time frame: The system will prompt you to keep your session open for
    14 days with a checkbox. After checking the box, you will not be prompted again for
    another 14 days.
  5. Password changes: Immediately after updating your password, MFA will be required.