Setup TOTP MFA for Student Users
Students can now enable and use multi-factor authentication (MFA) to protect their Louisiana Tech University user account. Student MFA can be provided using any app that supports time-based one-time passwords (TOTP).
Is MFA required?
See the KB article: Who is required to use MFA?.
Setting up MFA
The steps below will walk you through setting up MFA on your account. The first part of the process is to install an application on your smartphone capable of generating a TOTP token. The second part of the process is to enable MFA on your Tech account and synchronize your TOTP authenticator app using a QR code.
Install a TOTP-capable app
Install an application from your phone’s app store capable of generating a TOTP token. We use Google Authenticator (Android | iOS / iPadOS) for this walk-through; however, any TOTP-capable app should work. For more information on TOTP apps, see the KB article TOTP mobile applications.
Enable MFA on your account
DO NOT proceed with enabling MFA unless you are ready to begin using it. Once enrolled, you must contact the Help Desk to have MFA removed from your account.
Visit the website http://mfa.latech.edu/, and login through CAS. Read the instructions and click the OK button to enable MFA for your user account.
Once you click the OK button, the system will attempt to enable MFA for your user account. If the process is successful, you will see the success message shown in Figure 2.
Click Restart Login with MFA to logout.
Complete MFA setup
To complete MFA setup, it is recommended that you use two devices: a desktop or laptop computer on which to open the registration page and the mobile device/phone on which to you installed the authenticator app.
After enabling MFA for your account, log into a CAS-protected service, such as Moodle to open the MFA registration page. On your first login after MFA enrollment, CAS will present the MFA registration page that contains: a QR code, a secret registration key, and scratch codes for accessing your account when you do not have access to the authenticator app. A sample version of the registration page is shows in Figure 3.
It is strongly suggested that you either Print or capture an image of this page as the information on it can be used to access your account later should your authenticator app be unavailable or stop working. Keep in mind that this information could allow a third party access to know your one-time password, so make sure to keep copies in a safe and secure location.
Keep the registration page open in your web browser until you have completed setup of your authenticator app below. Once you have scanned the QR code and your app is generating a password, click Register.
Do not click Register before scanning your QR code and ensuring that the authenticator app is working. You will lock yourself out of your account.
Setup your authenticator
Open your preferred authenticator app. If you have never used the app before, it should prompt you to setup your first account.
Select the QR code option to setup an account. Use your device’s camera to scan the QR code from your computer screen. You may have to accept security prompts to provide use of the camera the first time.
If the scan is successful, you should see a screen with a six-digit code number, similar to Figure 6. This is your TOPT token. Your authenticator is working properly, and you can now close the Registration page.
Logging in using MFA
To sign in with MFA on your account, log in to a CAS-protected site, such as Moodle, normally. After your username and password are accepted, you will be presented with a text field that says Token and a Login button.
Open your authenticator app, and find the six-digit TOTP token that has been generated. Type the code into the Token field and click Login. Be sure to type the code quickly – if you take too long, the token will expire and regenerate.
If your token is accepted, the last part of the process will be to enter a name for the device you are using to login. You will not have to confirm again for 30 days on this device. Enter your preferred name and click Register.
Currently there is no way to skip this step, so if you do not want a device remembered (such as on a public or shared computer), you should use an incognito/private browser window.
Note: If you replace your phone, be sure and use the TOTP app’s backup option to make a backup that can be restored onto your new phone to allow uninterrupted login access.