Multi-factor Authentication (MFA)

What is Multi-Factor Authentication (MFA)?

The University of Guelph, like other businesses (banks, insurance, etc.) and higher education institutions, has tools in place to protect its systems and information from cyber threats.

Multifactor authentication (MFA) is a best-practice security measure for protecting online services. MFA requires users to verify their identity through a second method (e.g., an app or phone call) before logging into a secure system.

Sometimes known as two-step verification, MFA adds an extra layer of protection to help prevent hackers from accessing your email and account — even if they have your password. 


What Requires MFA?

MFA is used in several situations at U of G:

  • When accessing Microsoft 365 services, including Outlook, Teams, OneDrive, etc.
  • When using the VPN
  • When accessing Library services, including Course Reserves (Ares), Omni, and Library Off-Campus Access.

CCS will continue to add other services as required.


Rollout of MFA

The University of Guelph will roll out MFA to all our user groups as soon as possible. The tentative schedule is listed below. Please refer to this website for the most up to date rollout timelines.

MFA Rollout Plan:



IT staff

October 20th

HR staff

Finance staff

Executive Office staff

Student Wellness staff

All accounts previously enrolled in VPN

All other staff

Monday Oct 24 EOD[1]

All other faculty and sessional instructors

Tuesday November 1st EOD

Graduate Students

Thursday Nov 3rd EOD

Sponsored Researcher accounts

Sponsored accounts, including:

  • adjunct professors,
  • consultants,
  • post-doctorates,
  • professors emeriti,
  • visiting professors,
  • visiting students

Tuesday November 22nd EOD



Undergraduate Students


January 23rd 2023

Open Learning Program (OLP) Students

English Learning Program (ELP) Students

Organizational Accounts


Service Accounts



How can I prepare for MFA?

CCS will enroll accounts as per the group schedule above.

Before your account is enrolled in MFA, you can set up your second method of authentication (e.g., mobile phone, alternate phone, etc.) so you’re ready when the change happens.

The following options are available as second methods of authentication to verify your identity when signing in via MFA:

  • Authenticator App (Recommended) – The Microsoft Authenticator app on your mobile device is the recommended method for MFA and allows users to verify their login through a passcode or fingerprint
  • Office phone - This option allows users to receive a verification phone call on their University extension
  • Alternate phone - This option allows users to receive a verification phone call on any phone, including their home phone
  • Text message (SMS) – This option sends a one-time verification code to users mobile phone via SMS
  • Time-Based One-Time Password (TOTP) Token - These are small physical cards or tokens which display a time-limited 6-digt passcode to use as your second factor. 
    • TOTP tokens have an associated cost and staff/faculty who wish to use them should reach out to their department's IT team to obtain one.
    • TOTP tokens are OS and software agnostic and should be compatible with Windows and MacOS systems and applications. 
  • Hardware token – This USB device is plugged in to your computer or phone and must be touched when signing in to prove physical presence
    • Hardware tokens have an associated cost and users who wish to use them should reach out to their department's IT team to obtain one.
    • Support for hardware tokens is best-effort as there may be some OS or application limitations


How to set up your device for MFA

The following resources can help you configure your device for MFA:

  1. Quick link to your MFA configuration:
  2. Learn more about MFA and how it helps protect your account at  or iour SharePoint page y(ou will need to login with your single sign on)  


What is a VPN?

When connecting from off campus a Virtual Private Network (VPN), ensures the security of the connection by encrypting all data transmitted between your computer and the University network. This allows your connection to appear to be exactly the same as if you were connecting on campus. U of G uses Cisco AnyConnect VPN.



MFA is your tool to access core U of G business services. Currently MFA is required for Microsoft 365 services and will be expanded to additional services in the near future.
MFA is required in order to access the VPN service.

VPN is an additional layer of protection used only for specific services:

  • If you need access to shared drives (e.g., your G:\ drive)
  • Some services such as FRS, Footprints

Further information about VPN, including how you can request this service, can be found at: Azure MFA for AnyConnect VPN ( 


Traveling out of Canada?

As a short-term security measure, an access restriction, "geofencing", was implemented for staff and faculty accounts to protect Microsoft365 services based on your geographic location.  This restriction has been removed as of November 3rd, 2022 for accounts that have enrolled in MFA.  If your account is still not enrolled in MFA, you must enrol to avoid M365 access from being blocked when outside of Canada.


Privacy Information

MFA is only used to verify your identity and ensure the security of your account. It will not be used for monitoring activity and does not provide the University access to your device.  If you have questions about privacy related to MFA, please consult the resources below:


Accessibility Information

The University of Guelph strives to make our digital resources and services accessible to all users, including those with disabilities who may also be using assistive technology. The CCS Digital Accessibility Resource Centre (DARC) team has reviewed the MFA options to assess the accessibility options and can provide options for those that require assistance. If you have any questions about MFA and accessibility, please contact the DARC team at



Visit our MFA info page - :

CCS has additional Help Desk staff on duty to assist during this change. Please contact

During business hours (M-F 8:30am-4:30pm) you can call 519-824-4120, Ext. 58888.

We also answer chat (found at and email during the following hours: M-F 8:30am-8:30pm, S&S 11:00am-5:00pm

If you are unable to access your email account, you may contact the Help Desk through a personal account or by calling 519-824-4120, Ext. 58888.


[1] EOD = “End of Day”.  These are changes that will be made sometime outside of business hours.