Two-Factor Authentication (2FA)

Two-factor authentication, or 2FA, is an additional authentication method available for accessing all MIT services externally. It is not a replacement of the conventional login page, but rather, an additional layer that helps make it harder for someone to compromise your account. 

You will still log on with your usual MIT staff username and password, but in addition to that, you will be asked to confirm login via the Duo Mobile App or a Hardware Token.

This guide explains how you would register your mobile phone, download the Duo Mobile app or use your allocated Hardware Token to log on externally going forward.

The screenshots below show access to https://apps.manukau.ac.nz (remote access via Citrix), however, the login process looks the same for https://owa.manukau.ac.nz (Staff webmail)

LOGGING ON USING THE DUO MOBILE APP
  1. First, you log on as normal using your MIT staff username and password.

2fa1

  1. Once you’ve logged on, you will be prompted to start the setup if you have no token assigned.

2fa2

  1. Select the device you wish to setup, enter and confirm your mobile number and select your device type.

2fa3

2fa4

2fa5

2fa6

  1. Launch the appropriate app store for your mobile device and search for ‘Duo Mobile’ then click install to download the app.
  2. Once you’ve installed the app, click on ‘I have Duo Mobile installed’ on your device. A barcode will appear.

2fa7

  1. Scan the barcode using your mobile phone. Once the barcode is successfully scanned, it will be greyed out and a green tick will appear across it.2fa8
  2. Select ‘Automatically send this device a Duo Push’ for ‘When I log in:’

2fa9

  1. Once you’ve registered your device successfully, you will be prompted for an authentication method every time you log on to Citrix. We highly recommend that you use the ‘Duo Push’ method.

2fa10

  1. Select ‘Send me a Push’ then open the Duo Mobile app on your phone and click ‘Approve’ or .

2fa11

  1. You will automatically be logged on to Citrix on your device once this is done. 
LOGGING ON USING A HARDWARE TOKEN

If you do not have a MIT mobile phone and do not wish to use your personal phone (or have one), or you face cellphone coverage issues, a Hardware Token can be provided to you at a cost of $20 per device by completing a “ICTS – Request a Two-Factor Authentication (2FA) Token” form on MIT Service Desk. You will then need to uplift the token from the ICTS Service Desk (with ID).

  1. First, you log on as normal using your MIT staff username and password.2fa1
  2. Once you’ve logged on and the token is assigned to you, you will be prompted to enter a passcode. Click on Enter a Passcode2fa12
  3. Press the button on your hardware token to generate a new passcode.
    hwt
  4. Type this into the space provided and click Log in.