How do I enable and authenticate through Multifactor Authentication (MFA) on my mail enabled service account?
Overview
Mail-enabled service accounts are now required to use Multifactor Authentication (MFA.) Registering for MFA on the mail-enabled service account will use the same process as general Identity Management Systems (IDMS) accounts.
- Log onto the OSU MFA Portal (duo.okstate.edu) using the service account credentials.
- Select Add Devices
- If a device is already set up on the account, you will need to authenticate using that device before proceeding to manage your devices.
- Select the type of device you are adding.
- Follow the on-screen prompts (detailed in the specific FAQs).
We recommend each user adds a backup device for times when the primary device is not available to them. Please note: if the service account has multiple owners or users, once one user opts into MFA, all service account users must use MFA. As there may be multiple devices registered through MFA for the account, users may have to select ‘Other Options’ on the MFA prompt to select the appropriate device in order to successfully authenticate.
Campuses Affected:
OSU-Stillwater
OSU-Tulsa
OSU Center for Health Services
OSU-Institute of Technology
OSU-Oklahoma City
Connors State College
Langston University
Panhandle State University
Northeastern Oklahoma A&M
Northern Oklahoma College at Stillwater
MFA will be required for service account use off campus. Therefore, you will be prompted to authenticate through MFA when authenticating into an MFA-protected website, application, cloud service, etc. Websites and applications protected by MFA can be found here: What sites and applications may be protected by Multifactor Authentication (MFA)? | Oklahoma State University (okstate.edu)
Some websites, cloud services, and applications are not MFA protected, and you will not receive the prompt to authenticate through MFA; this should be the same for general IDMS accounts and mail enabled service accounts.
If you are accessing the service account on any OSU or A&M campus, the mail service account should not be prompted for MFA.
If you are off campus, not remoted into a university device, and are a full mailbox owner on the account (ownership and access can be updated on the service account page within the O-Key system), you can access the mail account to view the emails by opening the mailbox within Office 365. The only time you will be prompted for MFA is when the actual username and password is used for authentication.
The OSU VPN will require MFA if you login from your personal device and use the OSU VPN through your local network. After you successfully connect to the OSU VPN, you will need to remote into your university device in order to not be prompted for MFA authentication.