Anchor
StudentOrg_InitialMFA StudentOrg_InitialMFA

Initial MFA Registration for Student Orgs

NOTE: This documentation is intended for signing up a brand new Student Org for use of MFA, or during the initial rollout Spring 2022. For other situations, please refer to "Registration of new Student Org Officers" below.

NOTE: ITaP can only work with the President/Advisor of Record (displayed on Catbert on the Org's account) for the student org. If the contact in this case is NOT the President/Advisor of Record for the student org, they will need to be directed to the President/Advisor of the student org for assistance.

NOTE: If the information for the President/Advisor of Record for the student org is incorrect, the user will need to contact SAO to get this information updated (SAO sao@purdue.edu 765-494-1231).

Use this documentation when you are contacted by a member of a student org who has either,

• Received an email informing them that they will need to register their student org for MFA
• Or upon logging into the O365 account for their Student Org, they're prompted for 'More Information'

1. Assuming the user already has the username & password for the account, skip to the next step.
   1. If they do not have the username for the account
      1. Have them try to search the name of the org on purdue.edu/directory, otherwise, they'll need to contact SAO for that information.
   2. If they do not have the password for the account
      1. Look up the Student Org's Alias on Catbert, to find the President or Advisor of record for a Student Org, check the relevant fields.
         NOTE:ITaP can only work with the President/Advisor of Record for the student org. If the contact in this case is NOT the President/Advisor of Record for the student org, they will need to be directed to the President/Advisor of the student org for assistance.

         NOTE: If the information for the President/Advisor is incorrect, the user will need to contact SAO to get this information updated.

      2. Verify your contact is the registered President/Advisor of record using the standard ID verification process.
      3. A specialist will need to generate a Temporary Password for the account via BoilerAD
      4. Direct the user to purdue.edu/apps/account/ChangePassword to use the Temporary Password to set a new Career Account Password.
         NOTE: There will likely be a brief delay before the new password syncs to O365, so you may need to pause for a minute or two.
2. Direct the user to visit portal.office.com via a web browser, log in with ________@purdue.edu and the password for the account.
   
   1. See above if they don't know the alias/username or password for the account
      
      
3. Assuming the user is prompted for "More Information" have them click the blue "Next" button to proceed to MFA registration.
   1. If they're NOT prompted for "More Information" after login, direct them to mysignins.microsoft.com/security-info they'll need to manually register their authenticator.
   2. Notify a Specialist of the student org's alias so they can get it added to the 50096173-MFA-Require_After_Grace_Period group in Azure AD.
      
      
4. For Student Org accounts, they are VERY STRONGLY ENCOURAGED to register via the Microsoft Authenticator App rather than via other means.
   1. Only one phone number per method can be registered.
   2. These should be mostly all students, who seem to already be adopting the Microsoft Authenticator App without much issue.
      
      
5. MFA Authenticator Device Registration Step 1:
   1. For How should we contact you? select "Mobile App" from the drop down
   2. For How do you want to use the mobile app? select the radio button for "Receive notifications for verification"
   3. Have them click the blue "Set up" button to get the QR code to scan into the Microsoft Authenticator App
      
      
6. MFA Authenticator Device Registration Step 2:
   1. They'll be prompted to register a phone number, just skip this step
      
      
7. VERY VERY IMPORTANT MFA Authentication for multi-user non-person accounts
   NOTE: Student organization accounts are unique amongst ALL Purdue O365 accounts in that it is a single account, with the possibility of multiple users authenticating into it.
   1. Please read this to your user while they are still on the phone: