Introduction to using MFA for VPN
MFA (Multi-Factor Authentication) has been implemented to improve the EFSC VPN security. The instructions below will demonstrate how to use MFA with VPN. With MFA, you will be prompted when you connect to VPN to verify your sign in request.
If you have not setup MFA for your EFSC Email account, please visit the How to Setup MFA for Microsoft 365 article for assistance.
General Tips and Information:
1. After successfully connecting with your credentials and MFA, you will not be prompted every time after logging in if Microsoft trusts the device, only once every 8 hours.
2. If a "Still Working" message continuously appears on the VPN program, it may be necessary to sign out from within the Settings and delete, then re-add the connection information required. If the issue persists, contact the IT Support Desk for assistance.
3. If you receive a "Sorry, but we're having trouble signing you in." error and a corresponding message that shows your email address "is not assigned to a role for the application." this means that the user's account does not have access to the VPN.
4. To request access for VPN, open an IT ticket with an explanation and justification to why the VPN access is required.
What to Expect from MFA for VPN
Begin by connecting to the VPN software as you are used to. You may not be immediately prompted to enter your credentials in the VPN software as before, and a new window will open instead to sign into a Microsoft account. This will happen after clicking Connect in the VPN software. Enter your credentials for your EFSC email address and then click Sign in.
Note: You may notice the VPN software will say "Still Working". This is normal but will not change to Connected until the MFA has been completed.
At this point you will be prompted to complete your MFA verification before you are able to use VPN. This will be identical to when you sign into other Microsoft 365 products such as Outlook.
First, select an option that is either most convenient for you at the time or is the one you have available to confirm your identity. Then, follow the instructions depending on the option selected to approve the sign-in.
A. Approve a request on my Microsoft Authenticator app – After selecting this option, you will be prompted to the Approve sign in request page which will have a two-digit number. A notification will be sent to your phone to open, and then you will enter the two-digit number here. This should complete the verification.
B. Use a verification code – This will utilize the Microsoft Authenticator app and is an alternative to the approve notification. You will be asked for a code that can be found within the Microsoft Authenticator app on the mobile device it is installed on.
After opening the app, select your EFSC Email account and there will be a section for One-time password code. This will be a 6-digit code to enter to approve the sign in request. Please note that the code in the app is on a 30 second timer and will refresh to a new code, so this must be entered quickly. After entering the code and clicking Verify, this should complete the verification.
C. Text – After choosing the Text option, you will be prompted to enter a 6-digit code. This randomly generated code can be found in a text message that was sent to your phone with the content of the text stating “Use verification code ###### for Microsoft authentication.”. Enter the code found here and click Verify. This should complete the verification.
4. Call – After choosing the Call option, you will answer a phone call from a Microsoft number and press the # key when instructed. The following screen seen below will be open while the Microsoft call is in process. Once you press the # key during the call and the automated message indicates it was successful, this will complete the verification. Please note this will likely not work when selecting an Office phone number since VPN is not used on campus.
After your verification has been complete, you will be connected to VPN and can then proceed to Remote Desktop Connection.
Essentially the three steps for this whole process is to begin the connection to VPN, verify your identity with MFA to complete the connection, and then access your office computer with Remote Desktop Connection.
For further assistance, questions, or concerns, please either create a ticket or call the IT Support Desk at 321-433-7600, open 7am to midnight, 7 days a week.
When creating a ticket, select the WiFi & Network category, followed by the VPN Issues service to submit a ticket. Include details, error messages, and provide screenshots if possible of the steps you have taken so we may further assist you. If you are requesting access to VPN, please include an explanation and justification as to why VPN access is required.
