Two-Factor Authentication (2FA) / Multifactor Authentication (MFA)

Two-factor authentication (2FA) or Multifactor Authentication (MFA), is an additional authentication method available for accessing all MIT services externally. It is not a replacement of the conventional login page, but rather, an additional layer that helps make it harder for someone to compromise your account. 

You will still log on with your usual MIT staff username and password, but in addition to that, you will be asked to confirm login via the Microsoft MFA AppDuo Mobile App or a Hardware Token.

This guide explains how you would register your mobile phone, download the Microsoft MFA APP, Duo Mobile app or use your allocated Hardware Token to log on externally going forward.

MFA – User Setup Guide (see below for Duo 2FA instructions)

Ref Guides:

Below is a basic guideline for the Microsoft Authenticator App with a verification code

Before starting: Download and install the Microsoft Authenticator app on a mobile device from the App Store or Play Store

When the user next attempts to access Office 365 they will be prompted to setup MFA, OR, alternatively instruct the user to go to the MFA setup URL:

Enter email address  – Enter Password –  More info required … this is the setup of MFA requirement.  –  Select Next

The user is prompted to provide additional security verification – Select Mobile App and use the option for verification code in the mobile app. – Select Set Up button to configure the Mobile App – a QR code is displayed.

The user should now Launch the Microsoft Authenticator App on their phone, follow the instruction provided on this “Configure Mobile App” popup.

Note: this QR code will expire hence the preference to install the App before starting the setup process.

Once the user has scanned the code in their auth app

Select Next,  verify by entering the verification code sent to the Authenticator App – Next – Next – Done, you should now be prompted to use the Microsoft MFA app when accessing


LOGGING ON USING THE DUO MOBILE APP (see above for the new Microsoft MFA instructions)

The screenshots below show access to (remote access via Citrix)

  1. First, you log on as normal using your MIT staff username and password.


  1. Once you’ve logged on, you will be prompted to start the setup if you have no token assigned.


  1. Select the device you wish to setup, enter and confirm your mobile number and select your device type.





  1. Launch the appropriate app store for your mobile device and search for ‘Duo Mobile’ then click install to download the app.
  2. Once you’ve installed the app, click on ‘I have Duo Mobile installed’ on your device. A barcode will appear.


  1. Scan the barcode using your mobile phone. Once the barcode is successfully scanned, it will be greyed out and a green tick will appear across it.2fa8
  2. Select ‘Automatically send this device a Duo Push’ for ‘When I log in:’


  1. Once you’ve registered your device successfully, you will be prompted for an authentication method every time you log on to Citrix. We highly recommend that you use the ‘Duo Push’ method.


  1. Select ‘Send me a Push’ then open the Duo Mobile app on your phone and click ‘Approve’ or .


  1. You will automatically be logged on to Citrix on your device once this is done. 

If you do not have a MIT mobile phone and do not wish to use your personal phone (or have one), or you face cellphone coverage issues, a Hardware Token can be provided to you at a cost of $20 per device by completing a “ICTS – Request a Two-Factor Authentication (2FA) Token” form on MIT Service Desk. You will then need to uplift the token from the ICTS Service Desk (with ID).

  1. First, you log on as normal using your MIT staff username and password.2fa1
  2. Once you’ve logged on and the token is assigned to you, you will be prompted to enter a passcode. Click on Enter a Passcode2fa12
  3. Press the button on your hardware token to generate a new passcode.
  4. Type this into the space provided and click Log in.