Enable Multi-Factor Authentication

Upon opening the VR Web Console, you will be asked to sign in. If you have not yet set up multi-factor authentication for your account, you will be required to set it up within 14 days of your initial log in.

The steps below detail how to set up your account to use multi-factor authentication.

  1. In the email field, type the email address that is linked to your account in the space provided.

    Note: If you do not remember the email address you used for your account, please contact your VR Web Console administrator or VR Support.

  2. Click Next. If you have not set up multi-factor authentication, The More information required page appears.

    Note: If you are not ready to set up multi-factor authentication on your account, this can be snoozed for up to 14 days (not recommended). When snoozed, the Skip for now option becomes a countdown, and each time you log in it will display the days remaining until you will be required to set it up.

  3. Click Next to begin setting up multi-factor authentication. The Keep your account secure page appears.

  4. Click Next. Follow the on-screen instructions for installing the Microsoft Authenticator app. For more information, see the Install the Microsoft Multi-Factor Authenticator App section below.

  5. Once the Microsoft Authenticator app has been successfully configured, click Next.

  6. Enter the email address you would like to use as your backup email in the space provided.

  7. Click Next. A Success! page appears.
    On this page you can confirm the Default sign-in method and the backup email address. If this information is incorrect, see the Configuring Authentication Methods section below.

  8. Click Done. Multi-factor authentication has now been enabled for your account. The next time you log in, you will be prompted to verify your login on the device the Microsoft Authenticator app was installed on.

Note: If you do not approve within the allotted amount of time, you will need to try again.

Once your account has been configured, you may want to add additional ways of approving your sign-in attempt.

To add a new sign-in attempt authentication method, you must do so from your My Sign-Ins page. Accessing this page can only be achieved through the following link: https://account.activedirectory.windowsazure.com/Proofup.aspx

Copy and paste the above link into your browser. You may be required to approve the sign-in attempt using the current method (either Mobile App or Email, as set up in the Enable Multi-Factor Authentication section above).

To approve a sign in attempt using a new Authenticator app:

  1. On the My Sign-Ins > Security Info page, click the + Add method button.

  2. Select Authenticator app from the dropdown list.

  3. Click Add. Complete the on-screen instructions, including scanning the QR code. On the Scan the QR code, click the Can’t scan image? link to receive a code instead.
    See the Enable Multi-Factor Authentication section for more information.

  4. Once installed, a notification similar to the one below will appear on your device home screen, if you’ve enabled notifications. Tap the notification to launch the Authenticator app.
    If you have not permitted notifications on your device, open the Authenticator app on your device.

  5. An Approve sign-in? message appears. Click Approve.

  6. The system verifies the sign in attempt. Once approved, a verification message appears.

  7. Click Done.

 

Once multi-factor authentication has been enabled, you can update your preferred method on the My Sign-Ins page to accept Security Keys (Yubikey FIDO 2). 

To enable the Security Key option:

  1. On the My Sign-Ins > Security Info page, click the + Add method button.

  2. Select Security key from the dropdown list.

  3. Click Add. You may be required to approve the sign-in using the currently configured method (either Mobile App or Email, as set up in the Enable Multi-Factor Authentication section above).

  4. Choose the type of security key device, either USB device or NFC device.

  5. Have your key ready and in hand before proceeding. Follow the on-screen instructions for enabling your security key.

  6. Click Next. A message appears instructing you to plug in your security key.

  7. Once your computer has registered the security key, you will then be prompted to assign a PIN to the security key device.

  8. Click Next. A message appears requesting permission to allow the site to see your security key.

  9. Click Allow.

  10. Name your security key.

  11. Click Next. A success message appears, “You’re all set!”. You’re now able to log in to your account using your security key in place of your username and password.

  12. Click Done.

If you have entered an incorrect email address and wish to change it, you can do so from the Security info page. 

To change your default backup email address:

  1. On the My Sign-Ins > Security Info page, click Change beside the email you’d like to update. The Email window appears.

  2. Enter your new email in the space provided.

  3. Click Next. A verification code is sent to your new email.

  4. Enter the code in the space provided.

  5. Click Next. The system will verify the code you’ve provided. Once approved, the new email address will appear in the list.

If you have opted to receive security codes via phone, there are two options available to you:

  • Text me a code: A text message is sent to your cell phone with the security code.
  • Call me: You will receive a phone call at the phone number you specify. The verification will be provided to you in a spoken word format.
  1. On the My Sign-Ins > Security Info page, click the + Add method button.

  2. Select Phone from the dropdown list.

    Note: The phone call option can be configured for multiple phones. If you have previously linked a phone number to your account and would like to add a second phone number, select the Alternate phone option.

  3. Click Add. You may be required to approve the sign-in using the currently configured method (either Mobile App or Email, as set up in the Enable Multi-Factor Authentication section above).

  4. Select your Country code from the dropdown.

  5. Enter your phone number in the provided space, starting with your area code.

  6. Select Call me.

  7. Click Next.

  8. You will receive a phone call with instructions on how to verify your account.

    A success message appears once verification has been successful. Click Done.

  1. On the My Sign-Ins > Security Info page, click the + Add method button.

  2. Select Phone from the dropdown list.

  3. Click Add. You may be required to approve the sign-in using the currently configured method (either Mobile App or Email, as set up in the Enable Multi-Factor Authentication section above).

  4. Select your Country code from the dropdown.

  5. Enter your cell phone number in the provided space, starting with your area code.

  6. Select Text me a code.

  7. Click Next.

  8. You will receive a text message with the verification code. Enter the code in the provided space and click Next.

  9. Once verified, a success message displays. Click Done.

 

Once your account has been configured, you may want to change the default approval method for your sign-in attempt. To change your default sign-in attempt authentication method:

Changing your default sign-in option can be completed on your My Sign-Ins > Security info page. Accessing this page can only be achieved through the following link: https://account.activedirectory.windowsazure.com/Proofup.aspx

Copy and paste the above link into your browser. You may be required to approve the sign-in using the currently configured method (either Mobile App or Email, as set up in the Enable Multi-Factor Authentication section above).

  1. Under Default sign-in method click the Change link.

  1. Two options are available from the Change default method dropdown:

  2. Select your preferred method:

    • Microsoft Authenticator - notification: With the Microsoft Authenticator-notification approach, you will receive a verification notification directly on your mobile device when attempting to log in. You can quickly approve the notification without having to type in a code. This is our recommended option as it is generally more convenient.

    • Authenticator app or hardware token - code: With the Authenticator app or hardware token-code approach, a code is provided to you using the authenticator app. You must open the authenticator app to receive the code.

  1. Click Confirm.

On your mobile device, download the Microsoft Authenticator application from the App or Play store. Once the application has successfully installed, open the Authenticator.

For steps on how to install and set up the Microsoft Authenticator app, please refer to this help article from the Microsoft Online Help, Download and install the Microsoft Authenticator app.

The first time you launch the Microsoft Authenticator, a message appears asking if you would like “Authenticator” to send notifications. We recommend you click Allow to receive notifications.

To add a new account, click the + symbol in the upper right hand corner of the Microsoft Authenticator app.

Select the Work or school account option and follow the on-screen instructions. Scan the QR code, and then touch Next.

You'll be asked to approve a notification through the Microsoft Authenticator app, to verify your information.

Touch Save.