Background
To increase the security level of the department computer accounts we're currently phasing in a requirement to use MFA when logging into the department SSO.
We strongly recommended using Passkey instead of Authenticator App (OTP) when possible,
as it's a much faster and more integrated experience compared to entering codes from an mobile phone.
Though the Authenticator App is a very good thing to have available as backup if/when your regular device is not available, so setting up both types of MFA devices is a good idea.
Adding a MFA device
Go to https://kc-idp.cs.umu.se/realms/CS-UMU-SE/account/ and login with your CS-username and password. If you already have a MFA device configured you'll need to use that as well.
If you've lost all MFA devices, contact Support for help.
Go to Account Security -> Signing in
Types of MFA
There are two options of MFA devices that you can use
Authenticator Application
An OTP-code generating application, ex. Microsoft Authenticator app that you likely already use for your Umu-id MFA.
Though many other choices exists, such as:
- Yubikey (via
Yubico Authenticatorapp) - FreeOTP (another OTP app for Android users)
- andOTP (another OTP app for Android users)
- and many Password Managers such as 1password/lastPass/Bitwarden/.. can typically also act as an OTP app
Passkey
A hardware security key, ex. and Yubikey, or even just your regular computer or mobile phone itself.
Note:
Using your computer as a security device, ex. if your computer has a built-in fingerprint sensor, or with a PIN-code, is currently not supported by any browser on Linux, so it will only be possible for people running Windows or MacOS.
Adding a MFA device - OTP Device (ex. an Authenticator app in your phone)
Click the Set up authenticator application link to start the process
Enter a descriptive name in the Device Name field. If you have multiple MFA authenticator-apps configured you'll need to select which one to use when authenticating,
so something short and informative is good here.
'MS Authenticator', 'Yubikey', 'freeOTP', ..
Scan the QR-code with your Authenticator app,
then type the 6-digit code shown in the app into the One-time code field in the browser.
Detailed instructions
Adding an MFA device - Passkey (an hardware security device)
Click the Set up Passkey link to start the process
Click the Register button, touch/activate your security key.
Enter a descriptive name for the key when the browser prompts for it.
Detailed instructions
- Windows:
- Windows Built-in (Windows Hello) (Built-in security key feature of Windows)
- Windows Hardware Security Key (Yubikey)
- MacOS:
- MacOS Built-in (iCloud) (Built-in security key feature of MacOS)
- Linux / Generic: