Information Technology Services

Frequently Asked Questions

Multi-Factor Authentication FAQs

Get answers to your most frequently asked questions about multi-factor authentication at Merrimack College. 

Who is required to use MFA?

Currently, Merrimack College faculty and staff who have an account to access college systems and services are required to enroll in MFA.

Is MFA required for all services and systems at Merrimack College?

No. You will only be prompted for MFA when logging in to an MFA-protected system or service. This list will continue to grow over time.

Where is MFA required?

MFA is required for access to email and many other college systems such as myMack and Canvas. Merrimack account holders should expect to use MFA to log in to an increasing number of the college’s most frequently used sites.

What is the Microsoft Authenticator App?

Microsoft is the company that provides the SSO and MFA services used by the college. The Authenticator app can be downloaded and installed on smartphones and tablets. The app makes MFA simple without the need for typing in a code.  The app can also be used when cellular service is not available, or when traveling internationally.

What do I do if I get an MFA notification that I did not request?

Select “Deny” in your Authenticator app if you did not initiate the request. Then contact the Office of Information Technology via askit@merrimack.edu or x3500.

How can I set up and use the Microsoft Authenticator app?

Visit myaccount.microsoft.com and log in with your Merrimack credentials. You will be prompted for MFA. After authenticating you can click on “Security Info” in the left nav, and then click “Add sign-in method.”

Can the Authenticator App be used while traveling abroad?

Yes. The Microsoft Authenticator app can be used in instances where there is no internet connection or reliable cellular data service (for example, while on an airplane or traveling internationally).The Microsoft Authenticator app can be used for two different types of MFA: notifications sent to your phone or time-based passwords. If you use the time-based password option then Microsoft Authenticator won’t use the phone network or internet on your phone. Notification MFA does require phone or internet signal to work, so you may not wish to use this option unless you have a local SIM card and data plan.

Can I still use MFA if I don’t have a reliable cellular network or internet access on my cell phone?

Yes. The Microsoft Authenticator app can be used in instances where there is no internet connection or reliable cellular data service (for example, while on an airplane or traveling internationally). The Microsoft Authenticator app can be used for two different types of MFA: notifications sent to your phone or time-based passwords. If you use the time-based password option then Microsoft Authenticator won’t use the phone network or internet on your phone. Notification MFA does require phone or internet signal to work, so you may not wish to use this option unless you have a local SIM card and data plan.

How do I set up my iPad to work with Microsoft MFA?

You can install and configure the Microsoft Authenticator app on your iPad or other mobile device. Click here for instructions on how to configure and use the Authenticator app.

What devices can I use to authenticate with MFA?

While most people choose to use their cell phone for authentication, users can also use any mobile device such as an iPad, and faculty/staff can use their office phones as a backup method for receiving a verification code via phone call.

What if I don’t have a cell phone?

Tablets can be configured with the Microsoft Authenticator app in lieu of a cell phone. Office phones can also be used as a backup method for receiving an MFA code.

What if my family shares a cell phone?

If a cell phone is inconvenient, MFA can be set up on your Merrimack-issued iPad.

What if I leave my cell phone at home or do not have it physically with me?

Any mobile device can be configured for authentication, including a school-issued iPad. Faculty and Staff can also set up an office phone as a backup authentication method. If none of these options are available, call the help desk at x3500 and they can assist you.

What if my cell phone is lost or stolen?

Contact the Office of Information Technology immediately if you lose your cell phone, or any device configured to receive MFA prompts. IT will help to disable MFA on that device and will assist you with a temporary way to log in.