Setting Up CUNY Multi-factor Authentication (MFA) Using the Google Mobile Authenticator App

CUNYMFA MicrosoftAuthenticator GoogleAuthenticator CUNYLogin brightspace cunyauthenticator

What is CUNY MFA?

CUNY Multi-factor Authentication (MFA) is an extra layer of security placed on the CUNYfirst account (@login.cuny.edu). This means in order to access CUNYfirst and its related applications, the CUNY MFA must be set up to verify that the account owner is signing in. For security purposes, it is mandatory to set up the CUNY MFA.

Affected Applications Include:

CUNYfirst
Brightspace / Blackboard
CUNYBuy
DegreeWorks
Other applications requiring the @login.cuny.edu user name.

Because this extra layer of security is associated with a personal device (such as a personal smart phone), this makes it harder for attackers to falsely log into an account and access sensitive information. As such, so long as the attacker does not have access to the device associated with the CUNY MFA, they would not get into someone's CUNY accounts.

How To Set-Up the CUNY MFA Using Google Authenticator?

The Google Authenticator Mobile App can be used to set up the CUNY MFA. You can download the Google Mobile Authenticator app on the Apple App Store for iOS devices or the Google Play Store for Android devices for free. This means a device compatible with the latest version of the Google Authenticator Mobile App will be needed for setting up the CUNY MFA. The Google Authenticator does support older smart phone models.

If you prefer not to use the Google Authenticator App or your device is not compatible with the Google Authenticator, you can explore these alternative options:

Setting Up CUNY Multi-factor Authentication (MFA) Using the Microsoft Authenticator App
Setting Up CUNY Multi-factor Authentication (MFA) Using a Cell Phone

Once you start the MFA set-up process, please make sure to complete the set-up. Failure to complete the set-up on the first attempt can result in being locked out of all CUNY applications. Should you get locked out, contact your college's IT department to request a CUNY MFA reset.

Setting Up for the First Time

1. On a desktop/computer open a New Private or Incognito Window:

Firefox: Click on the 3 horizontal lines in the top right > Click New Private Window > Copy following link paste into the address bar https://ssologin.cuny.edu/oaa/rui
Chrome: Click on the 3 dots in the top right > Click New Incognito Window > Copy following link paste into the address bar https://ssologin.cuny.edu/oaa/rui
Safari: Click on the File menu in the top left > select New Private Window > Copy following link paste into the address bar https://ssologin.cuny.edu/oaa/rui
Keyboard Shortcut: Open an Internet browser > Hold down Ctrl (Use "Command" key instead for MACs) + Shift + N or Ctrl (Use "Command" key instead for MACs) + Shift + P > Copy following link paste into the address bar https://ssologin.cuny.edu/oaa/rui

2. Next, sign in with your CUNY Login username and password, then click Log in. If you are also asked to share your location with the website, click Allow.

3. An Oracle Access Manager page will pop-up with a confirmation message. Click OK to proceed.

4. Next, an Oracle Identity Management page is displayed asking you to grant access to continue. Click Allow to continue.

5. Next, you will be taken to the "Hi, what are you managing today?" page. Under My Authentication Factors click on Manage.

6. After which, you will be shown the "My Authentication Factors" page. Click on the Add Authentication Factor button to open a drop down list of authentication methods.

7. To set up the CUNY MFA properly, select the mobile authenticator - TOTP method.

8. The "Setup Mobile Authenticator" page should be displayed. Under Friendly Name, give the account you want to authenticate a name. You can follow this example's format: "[YourName]'s CUNY MFA".

9. On a smart phone, open the Google Authenticator app. Tap on "Add a code" or the colorful "+" in bottom right right corner of the authenticator. Then, choose Scan Qr Code.

If there is an option to "Enter a set-up key", you can choose that option instead to type in the alpha-numerical key code.
When prompted to give the Google Authenticator access to use your phone's camera, select "Allow".
If prompted to sign into a Google account, you can sign in with a gmail account to back up your authentication codes (optional)

10. Now that the Google Authenticator app has accessed the device's camera, use it to scan the QR code from step 8 shown on the desktop/computer. Simply aim the camera at the QR code and the app should automatically add your account.

11. A new account will appear in the Google Authenticator App, it should show the friendly name you previously put in step 8.

If you have previously used the Google Authenticator App you may also see a personal, work, or school email account(s) in the authenticator. They can not be used to authenticate your CUNY MFA. Only the account with the same friendly name you put for step 8 will provide the proper TOTP for access to CUNY.

12. Back on the desktop/computer click on the "Verify Now" button beneath the QR code.

13. Next, a Verification Code field asking to "Enter verification code" will appear. Type in the TOTP from the Google Authenticator app. After doing so, click the Verify and Save option.

14. The "My Authentication Factors" page will display showing the Mobile Authenticator - TOTP MFA account was added successfully and is enabled.

How to Use the CUNY MFA TOTP

After successfully setting up and enabling the CUNY MFA, you will be able to log into your CUNY accounts. However, for each new log in session, you may be prompted to enter the TOTP.

For example, if you had set up your CUNY MFA using a campus computer you might be prompted for the TOTP when you try to access CUNYfirst on your home computer and vice-versa. This also applies when you switch Internet browsers (ex: chrome vs firefox vs safari) or if trying to access CUNY sites on a private browser.

Please note that no one should be calling, texting, or emailing you for your CUNY MFA TOTP and you should never share your CUNY login information.

If you suspect someone else is trying to access your CUNY login information, contact your college's IT department immediately.

When You Might Need to Provide the CUNY MFA TOTP

Accessing CUNY websites on a new/different device.
Switching between Internet browsers to access CUNY sites.
Using Private or Incognito browsers to access CUNY Sites.

Responding to CUNY Login MFA TOTP Prompts

1. In the CUNY Login window, enter your CUNY Login username and password, then click Log In.

If you are being asked to share your location with the ssologin.cuny.edu website, click on Allow.

2. A prompt will appear after you log in. Here, you must choose the MFA login method that you had set up and click on the switch to "Remember Choice".

3. Click on the Enter OTP from device link that has the friendly name you put for step 8. Then, you will be prompted to enter the TOTP.

4. In the Google Authenticator Mobile App select the account with the friendly name you provided in step 8 of How To Set-Up the CUNY MFA? above. Enter the TOTP from the authenticator app into the prompt on your desktop/computer.

5. Lastly, click on "Verify" after entering the TOTP and you will be provided access to your CUNY account.

Was this helpful?

0 reviews

Print Article

Updating...