How to Setup MFA for VPN

Introduction to Setup MFA with Mobile App 

MFA (Multi-Factor Authentication) has been implemented to improve the EFSC VPN security. The instructions below will demonstrate how to setup MFA on a Mobile App (Microsoft Authenticator) for VPN. With MFA, you will be prompted when you connect to VPN to approve your sign in request via the Microsoft Authenticator app, the preferred and most secure method for MFA. A phone number will also be added to the account during the setup as a backup option (phone call or text).

Important notes:

  • After successfully connecting with your credentials and MFA, you will not be prompted every time after logging in if Microsoft trusts the device, only once every 8 hours.
  • If a "Still Working" message continuously appears on the VPN program, it may be necessary to sign out from within the Settings and delete, then re-add the connection information required. If the issue persists, contact the IT Support Desk for assistance.
  • If you receive a "Sorry, but we're having trouble signing you in." error and a corresponding message that shows your email address "is not assigned to a role for the application." this means that the user's account does not have access to the VPN.
  • To request access for VPN, open an IT ticket with an explanation and justification to why the VPN access is required.



How to Setup MFA with Mobile App – Receive/Push Notifications (Approve)

These instructions will walk you through setting up the MFA with the Mobile app (Microsoft Authenticator) so that when you connect to VPN, you will simply need to press "Approve" in the app to proceed.


  • If the steps below are hard to work with on one device, consider using two devices in this setup process, preferably a desktop/laptop device for applying the Mobile app option to your device, and of course your mobile device itself to install and setup the Microsoft Authenticator app.
  • Due to security policy, screenshots are limited for the Microsoft Authenticator app, but an explanation will be provided of what to look for when referencing the app.
  • If a window is closed during the setup process, simply go back to the VPN software, click Disconnect, and then click Connect again.


1. Begin by connecting to the VPN as you are used to. You may not be immediately prompted to enter your credentials in the VPN software as before, and a new window will open instead to sign into a Microsoft account. 

a. Enter your full email address (including

b. Click on the Next button to reach the screen to enter your password.

c. Type in your password associated with your account.

d. Then, click on the Sign in button.



2. During the initial setup of MFA, you will be directed to the following More information required prompt. Click Next to proceed.



3. You will now be directed to the Additional security verification screen to begin choosing which MFA option you would like to use. These instructions will focus on setting up the MFA option for the Mobile app (Microsoft Authenticator).


4. To setup MFA so that you will use the Mobile App to approve your sign in:

  1. Select Mobile app in the dropdown.
  2. Select the Receive notifications for verification option in the How do you want to use the mobile app? section below.
  3. Click Set up to proceed.

Note: You may choose Use verification code for your preferred method. This will involve entering a code from the app as the MFA option. The setup procedure will be similar to the remaining steps if that method is chosen.


5. A new Configure mobile app box should now appear. Take note of the Microsoft Authenticator app that you will install on your mobile device (ex. Android, iOS). This will be the app you will use for this MFA method for VPN. At this point, continue with the steps below to setup the app on your device while leaving this window open (do not click Next yet).



6. On your Mobile device, install the Microsoft Authenticator app. This will be available via the appropriate app store depending on the operating system of your phone (ex. Google Play Store, Apple App Store).



7. After installing the app, locate and open the app on your device (appearance of icon may vary).



8. Once in the app, there should then be an option for Scan a QR Code to select. This should enable the mobile device’s camera to scan the QR code located back on the Configure mobile app prompt (seen in Step 5 of these instructions). Use your mobile device to scan this QR code and the account should be successfully added. 

Notes: You may notice that the Configure mobile app instructions refers to adding a Work or school account. While this option may be available, scanning the QR code usually provides the best results, especially during initial setup of MFA. Scanning the QR code may be tricky and require backing out and trying again to refocus the camera.


9. Back on the Configure mobile app window (seen in Step 5), click Next and then you should be returned to the Step 1 screen (seen in step 4 of these instructions) where the Set up box will now be grayed out and a message that indicates the Mobile app has been configured. Click Next to proceed.


10. You will now be on the Step 2 screen indicating to respond on the mobile device. At this point you should receive an Approval request on your mobile device via the Microsoft Authenticator app. On the Approve sign-in? prompt in the app, select Approve on your mobile device to confirm.

Note: You may receive a screen lock prompt on your device at this time. This will be whichever option you have setup on your mobile phone to protect your device, such as a lock screen, pin, or fingerprint.



11. Once approved, you will then be automatically brought to the Step 3 screen to include a phone number on the account in case access to the app is unavailable. Select the country and then enter your phone number to the blank field (ex. 321XXXXXXX). Click Next to proceed.


12. Lastly, you will now be on the Step 4: Keep using your existing applications page. This will include an App Password that can be used under special circumstances (apps and devices that don’t support two-factor verification), but likely won’t be needed in most cases. Click on the Done button to conclude the setup for MFA.


13. You may be given the prompt to Stay signed in. If you plan on staying connected for at least 8 hours, click on Yes. Keep in mind that since the VPN will need re-authentication through MFA after 8 hours, you will be prompted to sign in again to your account and use the Mobile app to approve your sign in.

With the MFA setup, you will now be connected to VPN. The VPN software should show at this point that you are connected, and you may then proceed to use Remote Desktop Connection to access your EFSC office computer.



What to Expect from MFA for VPN

The next time you connect to VPN and you are required to confirm your identity, a Microsoft sign in window like the one below will appear after clicking Connect in the VPN software. Enter your credentials for your EFSC email address and then click Sign in.

Note: You may notice the VPN software will say "Still Working". This is normal, but will not change to connected until the MFA has been completed.


After signing in with your account, you will be prompted with the following Approve sign in request screen. You will receive a notification on your mobile device at this time to approve the sign in request (similar to step 10 in these instructions). After you select Approve, you will be connected to VPN and can then proceed to Remote Desktop Connection.

Note: If you cannot access the Microsoft Authenticator app for any reason, there should be an option on the Approve sign in request window that will allow you to utilize a different MFA method to approve your sign in request.



For further assistance, questions, or concerns, please either create a ticket or call the IT Support Desk at 321-433-7600, open 7am to midnight, 7 days a week.

When creating a ticket, select the WiFi & Network category, followed by the VPN Issues service to submit a ticket. Include details, error messages, and provide screenshots if possible of the steps you have taken so we may further assist you. If you are requesting access to VPN, please include an explanation and justification as to why VPN access is required.


Article ID: 134760
Tue 10/12/21 11:47 AM
Mon 1/30/23 12:27 PM