MultiFactor Authentication for SSO Accounts

Multi-Factor Authentication for SSO Accounts - update 5th November 2020

Please remember that on Tuesday 10th November 2020, the first element of SSO Multi-factor Implementation will take place. You do not need to do anything at this point, but please be aware that the current Webauth login page will be replaced with an Oxford-branded Microsoft login page - your password to access will remain the same, but the username will now need to be entered in the format unit1234@OX.AC.UK.

Once the first element has completed IT Services will be carrying out a phased implementation of the second step, being applying Multi-factor Authentication to your account. This is being done on surname basis, with those with surnames beginning with A taking place on the 1st of December 2020, and surnames with B on the 3rd of December 2020. Please see this timeline for full information. Gardens & Museums IT will have the process implemented on our own accounts on the 17th of November 2020 in order to have a greater understanding of the process.

We would advise everyone to take the time to read the information on the Project Page, and also the FAQ’s page, particularly in respect to methods of authentication (outlined in Stage 2 and below).


  • download the Microsoft Authenticator app on your mobile phone and use it in one of two modes (no WIFI or mobile data required)
  • push notifications, where you request the authentication on the device you are logging into, and the app pops up with “yes” or “no” to accept the authentication 
  • time-based One-time Password (TOTP), where you generate a code using the authenticator app and manually enter it on the device you are logging into when prompted 
  • receiving an SMS on your mobile phone, with a code that you enter on the device you are logging into 
  • requesting a phone call on a landline or mobile phone, which automatically reads out the code to you, which you then enter manually on the device you are logging into (all phone numbers in all countries will work for this method) 
  • use a hardware token, which IT Services can purchase for you. See our FAQs for information on hardware tokens and recommended suppliers

Please think strongly about what method you will likely be using, and if you have questions please get in touch via Crucially if your only option will be Hardware Token please get in touch so we can discuss options and offer guidance.