Multifactor Authentication - User Guide

Dudek uses Microsoft Multifactor Authentication (MFA) to protect our systems and data. This guide will provide more information on how to approve software using the app on your mobile device or through accessing company websites.

Need to setup your device?

Refer to the IT Knowledge Base article “Microsoft Multifactor Authentication Enrollment Guide” to connect a device to

your account to approve MFA login requests.

When is MFA required?

Whenever accessing a Dudek service (e.g. DISC, Vision, Dayforce, etc) when on a non-Dudek device (e.g. personal computer, tablet, mobile device)

Whenever logging into Vision (note: Vision caches logins for extended periods of time, so you may not be prompted for MFA on each login)

Changing my MFA Configuration & Device Settings

When you initially enrolled in MFA, you likely configured the Microsoft Authenticator app on your phone to send you an approval notification when MFA is required.

MFA supports multiple approval options and you may change your default or override your default on a per-login basis. The supported options for MFA approval are:

Microsoft Authenticator – Notification (accept a push notification on your mobile phone)
Microsoft Authenticator App – Code (type in the current code displayed in the mobile app)
Phone Call (answer a phone call and press #)
MFA hardware token (upon request, for staff without a company-issued mobile phone)

To add another MFA approval method to your account:

Open https://aka.ms/mfasetup in your PC’s web browser, logging in if required.
Click “Add method”, select the method you want to add from the drop down, and click “Add"
Follow the prompts to complete the addition of the new option.

To change your default MFA approval method for all future logins:

Open https://aka.ms/mfasetup in your PC’s web browser, logging in if required.
Next to “Default sign-in method”, click the “Change” link.
Select the option you’d like to become your new default and click “Confirm”

To change your MFA approval method for an individual login, but not change future default.

1. When prompted to confirm your MFA request, click the “Sign in another way” link.

2. Select the verification option from the list that displays.

Approving an MFA login request

This section walks you through the approval process for each type of MFA option you may have selected.
Microsoft Authenticator – Push Notification

1. When MFA is required, the login will pause and wait for you to accept the MFA notification.

2. You’ll receive a push notification on your registered device:

3. The easiest way to accept on your iPhone 6s or newer, is to do a force-touch by firmly pressing down on the

notification until additional options appear. Then click “Approve”.

You may also simply click the notification to launch the Authenticator app or find and launch the Authenticator app

on your phone and click “Approve”.

CAUTION: NEVER CLICK ACCEPT on any authentication approval request unless you are sure you initiated the login. If you did not initiate a login, click DENY and report this to IT for investigation.

Microsoft Authenticator App – Code

1. When MFA is required, the login will prompt for you to type in the code displayed on your Authenticator app.

2. Find and launch the Authenticator app on your phone and type in the code displayed and click “Verify”.

Note: a small timer indicates how long until the code changes, you may want to wait for the next code to display if the current one is about to expire.

Phone Call

1. When MFA is required, the login will pause, and the phone number associated with your MFA enrollment will ring.

2. Answer the phone and press the # key when prompted.

Frequently Asked Questions

I received a new phone to replace my old phone that had the Authenticator app on it, what do I do?

1. Open https://aka.ms/mfasetup in your PC’s web browser, logging in if required.

2. Find the entry for your phone next to “Microsoft Authenticator” and click Delete.

3. Follow the steps above to add a new authentication method to your account, selecting “Microsoft Authenticator – Notification”.

I will be paying for Wi-Fi on an airplane for my laptop, but not my mobile phone – how will I approve my logins via the Authenticator app?

1. Follow the steps above to change your MFA approval method for an individual login and select “Use verification code from my mobile app”.

2. Enter the code displayed within the Authenticator mobile app when prompted (this does not require an active Wi- Fi/cellular network).

Note: It’s highly recommended to test switching to the verification code option to ensure everything is properly configured before you leave on your trip! (See the next FAQ)

How can I test MFA while I’m in the office on my work computer?

1. Launch a private browsing session of your favorite web browser and access DISC or Vision to test. (e.g. Chrome’s Incognito Mode or Internet Explorer’s InPrivate Browsing)

Troubleshooting

I didn’t get the Authenticator App push notification on my phone and my login is waiting for approval.

1. Unlock your phone and launch the Authenticator app. The approval request should be waiting for you.

2. If not, click the “Sign in another way” link and then click “Approve a request on my Microsoft Authenticator app”.

Have other questions or issues? Please contact the IT Service Desk for assistance.