Multifactor Authentication (MFA) and VPN Support for Students
As a part of ongoing efforts to ensure College data and applications remain secure, ITS regularly reviews and updates it security practices.
In the past, Learners at the College have used Entrust for MFA authentication for secure VPN connection to College resources. Currently, the College has standardized using Azure MFA and is Entrust is being phased out. Learners will use the Microsoft Authenticator App to authenticate connecting to VPN.
Students who already use Microsoft Authenticator for their MFA and are looking for instructions for VPN, please go to Step 3 below.
If you have any problems setting up your MFA, ITS Support is available Mon-Fri 7:30 am – 5:00 pm.
Phone: 613-727-4723 ext. 7221 or 1-866-921-5763 (toll free)
Email: 5555@algonquincollege.com
Instructions for setting up and using MFA
To register for MFA, you will need:
- Your Algonquin College credentials (username and password)
- A mobile device (iOS or Android Phone/Tablet)
- Computer with web browser
- An internet connection
In the following instructions you will login to your Algonquin College account add the MFA authentication method, download, install and set-up MS Authenticator on your mobile device and finish the process.
All of the steps below must be completed for the registration to be successful.
Step 1/3: Sign in and add Multifactor Authentication (MFA) method
Getting started
1. On your computer, open a browser go go to http://liveac.algonquincollege.com/
2. Sign in with your Algonquin College email address and password
Click ‘Continue’ to trust algonquinlive.com
3. You will be signed into your email/outlook on the web. In the top right corner, locate your profile icon (round icon with your initials or photo) and click on it, then click ‘View account’
4. On the next page, click ‘Update info’ under ‘Security Info’
5. On the Security Info, you will click the ‘+’ sign to add sign-n method.
6. From the drop down, select ‘Authenticator App’
7. Select ‘Add’ and proceed to Step 2: Download and Install MS Authenticator. Leave your Browser Window open, you will return to it to complete the setup.
Step 2/3: Download and set up Microsoft Authenticator App
Select the option that matches the version of your mobile device
Android 8.0 or iOS 15.0 and newer and devices with QR scanners
If you have already downloaded Microsoft Authenticator to your mobile device, go to step 4 below.
1. Open the app store on your device
2. Search for ‘Microsoft Authenticator’.
3. Select ‘Install’ or ‘Get’, depending on your device.
4. Return to your browser and select ‘Next’ on the ‘Start by getting the app’ dialog box in your web browser. Select ‘Next’ on the ‘Set up your account’ dialog box in your web browser.
5. A dialog box with a QR code will be displayed. Leave this open while you proceed with Setting up the MS Authenticator on your device.
Setting up MS Authenticator
1.Open the Microsoft Authenticator App on your mobile device. Allow notifications, if prompted.
2. Depending on if you are opening the Authenticator App for the first time (Fig 1) or setting an additional account in the app (Fig 2), your view will be different. Users who do not see Work or school account (Fig 3) need to select Other account.
Fig 1.
Fig. 2
Fig. 3
3. Select ‘Scan a QR code’ on your mobile device.
4. Position the QR Scanner over the middle of the QR code in your web browser, and it will automatically recognize it and create the account.
5. Select ‘GOT IT’.
6. Return to your browser where and select ‘Next’ on the ‘Configure mobile app’ QR page.
7. The web browser will send a Number Matching Notification to your mobile device. Enter to number shows on screen to complete the configuration.
8. Once you enter the number on the app and click ‘Yes’ to approve the notification, the process will be completed.
9. Select ‘Next.’
10. Select ‘Done.’
If the previous step is completed successfully, you will see the Authenticator App listed as a Sign-In method.
Step 3/3 Configure Cisco AnyConnect and use Microsoft Authenticator to sign into VPN
Select the Cisco AnyConnect application version that matches your device’s operating system.
Downloading and Installing Cisco AnyConnect Secure Client – Windows
Please note that majority of College issued laptops have the required Cisco Client/App installed, use the search function on your laptop to locate it, if you do not have it, please follow the instructions to download and install it.
1. Follow the link to access the Cisco AnyConnect – Windows file (if prompted, log in using your full college email and network account password.)
2. Click the ‘Download’ button in the top left corner of the page.
3. Once downloaded, locate the file and double click to open it.
4. Next, double-click the installer file to begin the installation
5. Click ‘Next’.
6. Select ‘I accept the terms…’ and click ‘Next’.
7. Click ‘Install’ to begin the installation.
8. Click ‘Finish’ to complete the installation.
Once the installation process is complete, you can proceed to the next step “Login using the CISCO AnyConnect Secure Client“
Downloading and Installing Cisco AnyConnect Secure Client – MacOS
Please note that majority of College issued laptops have the required Cisco Client/App installed, use the search function on your laptop to locate it, if you do not have it, please follow the instructions to download and install it.
1. Click on the link below appropriate version for you operating system.
Note: If prompted login using your full college e-mail address and network account password. Once logged in, you will have the option to download the file.
64 Bit MacOS File Name: AnyConnect – MacOS 64 Bit
64 Bit Big Sur, MacOS 11 : AnyConnect -MacOS11_64bit
2. Download the required file.
3. Find the Anyconnect DMG file in your downloads folder and double click it to mount the image and open the location of the install file.
4. Press ‘Continue’.
5. Press ‘Continue’.
6. Click ‘Agree’ to continue.
7. Deselect all options except VPN and press ‘Continue’.
8. Press install to start the installation.
9. If prompted input your Macbook login password and press “Install Software“
10. When prompted press ‘Allow’ and press ‘Close’ to complete the installation.
- If applicable, press “Move to Trash” to clean up the installer from your device if prompted.
You can now proceed to the next step “Login using the CISCO AnyConnect Secure Client”
How to use the Microsoft Authenticator App to sign into VPN
Logging into the VPN
Note: VPN will not work while you are on campus.
1. Open ‘Cisco AnyConnect’
2. If connecting for the first time, type in ‘secure.algonquincollege.com’ into the connection window.
Select ‘Connect’ in the popup window.
3. Choose ‘Student_MFA’ from the Group drop down menu to use the new method of MFA. This window might be hidden by the larger sign-in window.
The next time you sign into VPN, you will not have to do this step, Student_MFA will be the default selection in the Group drop down menu.
4. Your VPN Sign In Prompt will change to a new User Interface.
5. Enter your email address, and password when prompted.
6. Enter the code from the Microsoft Authenticator app or hardware token into the MFA ‘Code’ field and select ‘Verify.’
In the past, this is where you would have entered the code from Entrust soft token or the grid card.
CONGRATULATIONS! You have successfully logged into the VPN.
How to use the Microsoft Authenticator App to sign into VPN
Logging into the VPN
Note: VPN will not work while you are on campus.
1. Open ‘Cisco AnyConnect’
2. If connecting for the first time, type in ‘secure.algonquincollege.com’ into the connection window.
Select ‘Connect’ in the popup window.
3. Choose ‘Student_MFA’ from the Group drop down menu to use the new method of MFA. This window might be hidden by the larger sign-in window.
The next time you sign into VPN, you will not have to do this step, Student_MFA will be the default selection in the Group drop down menu.
4. Your VPN Sign In Prompt will change to a new User Interface.
5. Enter your email address, and password when prompted.
6. Enter the code from the Microsoft Authenticator app or hardware token into the MFA ‘Code’ field and select ‘Verify.’
In the past, this is where you would have entered the code from Entrust soft token or the grid card.
CONGRATULATIONS! You have successfully logged into the VPN.
Instructions for connecting to VPN on mobile devices
Connecting to VPN on Android (phone or tablet)
The following instructions are for Android devices 4.0 or higher
- Go to the ‘Play store’ and search for ‘Cisco Secure Client – AnyConnect’ app
- Press ‘Install’ to install the app on your device
- Once installed, open the app and accept the License Agreement
- On the next screen, press ‘Connections’
- On the next screen, press the + in the bottom right corner to add a connection
- In the Connection Editor, type in the description and server address as pictured below and click ‘Done’.
- Click on the arrow to return to the Connection Selector’ and slide the ‘AnyConnectVPN toggle to on position
- You will now be prompted for your network username and password (do not use your full email address). Leave the ‘Second password’ field blank and press ‘Connect’
- Next, you will be prompted for the answer to the eGrid or Entrust token challenge. Input the answer and click ‘Continue’
- On your first attempt, you may see a prompt asking you to allow a connection request, you must allow it to complete your connection.
Connecting to VPN on iOS (iPhone and iPad)
The following instructions will work with any iOS (iPhone and iPad) device with iOS version 10 or higher.
- Go to your devices App store
- Search for the “Cisco Secure Client” application
- Press “Install” or the cloud button to install/Re-install Cisco Secure Client.
4. Once installed open the application and press the toggle next to “AnyConnect VPN”
5. A prompt will appear on your first time connecting requesting permission to add a VPN Configuration. Press “Allow” once added you will be navigated back to the Cisco Secure Client Application.
Note: You may be prompted for a TouchID/FaceID/Pin Number for verification.
6. The Cisco AnyConnect Application will prompt for a Description and Server Address which can be found below. Once filled out press “Save”
Description: Algonquin College (Or any other name that helps you identify this connection)
Server Address: secure.algonquincollege.com
7. You will be taken back to the main page of the Cisco Secure Client Application. You can now toggle the connection for the colleges VPN connection.
8. You will now be prompted for your username and password for the college once entered press “Connect”
Note: Leave “Second Password” blank and don’t enter your full email address as your username, leave out @algonquincollege.com.
9. You will now be prompted for your eGrid or Entrust MFA answer. Input the answer and press “Continue”
Note for Entrust Users: Within the Entrust app navigate to your code and tap the numbers to allow you to Copy it to your clipboard. You can then navigate back to the Cisco Secure Client Application and double press the answer field to bring up the Paste option.
10. The connection will now be established and you can verify the connection by the toggle showing green in the Cisco Secure Client Application and the VPN icon in the top left corner next to your internet connection icon.
Note: You can disconnect VPN by pressing the green toggle in your Cisco Secure Client Application.
11. You’re now successfully connected to Cisco AnyConnect on your mobile device and may now navigate to VPN dependent services such as your N drive or Workday Website.
Multi-Factor Authentication Frequently Asked Questions
If I already have the Microsoft Authenticator app, do I need to reinstall it?
If you already use the Microsoft Authenticator app for other services, you don’t need to reinstall it. You can register your Algonquin account.
Why is it important?
Security breaches due to compromised credentials have unfortunately become a regular occurrence. With an increasing number of passwords to remember, people are prone to re-use the same passwords for many accounts or to use passwords with easy-to-use and easy-to-access information (date of birth, names of family members or pets, etc.). When other non-College services (social networks, websites, etc.) have breaches, these in turn can lead to your credentials being compromised and used to access confidential or restricted College information.
Multi-Factor Authentication (MFA) is an additional service in the authentication process. It validates the identity of the user accessing online systems and applications. MFA works on these principles: what the user knows (their password), what the user has (their mobile phone or a physical device that generates one-time passwords).
What is multi-factor authenticaton?
Authentication is the process of verifying a person’s identity. It answers the question, “Who are you?” Multi-factor authentication uses both a password and a one-time code provided through an application on a mobile device.