» 2 Factor Authentication

Before continuing with Self-Enrollment, please be advised that this process will require a smartphone and for you to download the Microsoft Authenticator app.

Mobile Email Note: After your enrollment process is complete, your Chapman University account will be signed out of all Microsoft services, which includes mobile email access. You will be required to sign back into your email and authenticate the sign-in via the Authenticator app or six-digit code sent via text message. We strongly recommend that users to download and use the mobile Outlook app.

Android & Apple Mail App Users: If you are using the native mail app (Android mail or Apple mail) to access your mobile email, you will need to remove and re-add your Chapman Email account in your phone's system settings (similar to when you are setting up your email on a new phone).

Authenticator App Setup

1. Open the app store on your phone and download the Microsoft Authenticator App. 
2. Once downloaded, open the Authenticator app and tap “I Agree” on the Privacy Matters message.
3. At the top right corner of the sign-in screen, click “Skip”.  DO NOT select “Sign in with Microsoft”, “Scan a QR code”, or “Restore from backup”. (see below)
   1. 
4. Select “Add Account”
5. Select “Work or school account”
6. Select “OK” to allow the authenticator app to access your camera for scanning a QR code on your computer screen. (see below)
   1. 
7. A QR scanner will appear on your mobile phone screen

On your computer

1. Open any web browser and go to 2fa.chapman.edu
2. Click “Enroll Now”
3. You will be prompted to begin setting up authentication methods. You are required to setup two different methods, first being the authenticator app. Click “Next” to continue.
4. Click “Next” again to begin syncing the Authenticator app.
5. A QR code will appear on the screen, using the QR scanner in the Authenticator App on your phone, move the QR code into the scanning frame. 
   1. Once the app detects the QR code, it will automatically scan the code.
   2. Be sure to “ALLOW NOTIFICATION” for the authenticator app.
   3. Your Chapman University profile will now appear in the Authenticator app.
6. On your computer, click “Next” to send a test authentication message to your phone
7. On your phone, open the authenticator app and click “Approve” for the test notification message.
   1. Again, make sure Notifications are enabled for the authenticator app.
8. On your computer, click “Next” to continue to the phone setup.

Mobile Phone Setup

The purpose of setting up your phone is to have a backup authentication method in the event your authenticator app is not working. You will receive a six-digit code via text message to enroll.

1. On your computer
   1. Enter your mobile phone number to receive a six-digit code via text message.
   2. Click “Next.”
2. Once you receive the text message with the six-digit code, enter the code on the blue line on your computer.
3. After the text is successfully verified, click “Next.”
4. Your phone setup is now complete. Click “Next” to continue.
5. Your Authenticator app and phone verification method setup is now complete; click “Done” or simply close your Internet browser.

After I registered my account on 2FA, I no,longer have access to my email on my mobile device.

After registering your account on 2FA, Microsoft will automatically sign your Chapman University account out of all services, including mobile email. If your are using the native mail apps (Android mail or Apple mail) on your mobile device, you  will need to remove and re-add your Chapman inbox in your device system settings. 

We highly recommend that you download and use the Outlook 365 email app for all sending and receiving Chapman email from your mobile devices.

I have been locked out of my accounts after registering for 2FA

1. Go to 2fa.chapman.edu
2. If you did not complete the full registration, you will be prompted to do so.
3. Once you have setup your authentication methods (Authenticator App & Phone) you are all done.
4. Try signing back into your email, Teams, etc. You will be asked to Authenticate if you are logging in from off campus.

My Authenticator App is not working anymore

1. Open the authenticator app on your mobile device and select your Chapman profile.
2. Delete the chapman profile from the authenticator app by selecting "Remove Account".
3. On your computer, go to 2fa.chapman.edu and click "Add Devices"
4. You will be prompted to setup your Authentication method, select the Authenticator App option in the drop-down menu.
5. Click Next and then Next again.
6. A QR will appear on your computer screen.
7. On your mobile device, open the Authenticator App and select Add Account.
8. Be sure to ALLOW NOTIFICATIONS
9. Select "Work or School Account"
10. Using the QR scanner in the Authenticator App, scan the QR code on your computer screen.
11. Once the account is re-added in the App, Click next on your computer screen to test the connection. You will receive a notification from the app to Approve the sign-in request, click "Approve".

 I clicked "Enroll Now" on 2FA.chapman.edu but I don't have a Smart Phone

Smart Phones are required for the Self-Enrollment process. In the event you click on "Enroll Now" and do not have a Smart Phone or a phone that does not support modern authentication (Authentication apps), please call the Service Desk for assistance with setting up your authentication methods. You can also try going through the steps listed below:

1. Go to 2FA.chapman.edu and click on "Add Devices"
2. You will be prompted to go through the authentication method setup. When asked to setup your authenticator app, click the option for "I want to setup a different method"
3. You will be asked to setup your phone as the default Authentication Method. Follow the steps for setting up your phone.
4. Once your phone is setup to receive a 6-digit code via text or call, exit out of the setup process.
5. Go back to 2FA.chapman.edu and select "Add Device"
6. On your security info pare, click the "Add Method" option. Select your preferred secondary authentication method and follow the instructions for setup.
7. Once you have your required authentication methods setup, log into your email on your computer. You will be required to authenticate your login at this time.

In the event that need to replace you mobile phone, you will need to re-add the authenticator app to the new phone. Even if you had all of you apps and data successfully transferred over, the authenticator app notifications may not work. If this is the case, follow the steps below and your authenticator app will be up and running in no time.

On your computer

1. Go to 2fa.chapman.edu
2. Click "Add Devices"
3. On the Security Info page, remove the Microsoft Authenticator from your authentication method list by click the blue "Delete" link on the right.
4. Once removed, click "Add method"
5. Select the Authenticator app option and click "add".
   1. This will kickoff the Authenticator app setup process
   2. (PAUSE HERE)

On your phone

1. Open your Authenticator app
2. Select your Chapman University account on the main app screen
   1. This will open the account card in the app
3. In the top-right corner of the account card, select the white pinwheel icon.
4. Select "Remove Account"
   1. A warning message will appear, click "Continue".
5. Once the account is removed, click "Add account"
6. Select "Work or School" account
   1. Be sure to "Allow Notifications"
7. A QR code scanner will open in the app
   1. (RETURN TO YOUR COMPUTER)

On your computer

1. On the screen that asks you to install the Authenticator app, click "Next"
2. On the Authenticator app setup screen, click "Next"
3. You will see a QR code appear, scan the QR Code with your phone via the Authenticator app.
4. Once scanned, click "Next" to send a test notification to the authenticator app
5. On your phone, click the "Approve" message in the authenticator app.
6. If successful, you will see a message on your computer stating that the test was approved successfully.

All Done!

It is recommended that you download and register with the Microsoft Authenticator app on your smartphone/device, even if your primary authentication method is SMS/text message. Mobile phone coverage varies by provider and location; The Microsoft Authenticator app will provide a time-based one-time passcode for authentication if you are without cellular service.

Why 2FA?

Phishing campaigns are increasing in frequency and sophistication, and many result in staff and faculty unwittingly providing their passwords to scammers. By requiring a second factor to authenticate from untrusted machines, the likelihood of illegitimate access to your account is significantly reduced.

What are my enrollment options?

• Self-Enrollment: This method offers users a fast and easy way to enroll into 2FA at their own convenience. Please note that once you begin the self-enrollment process, you will need to complete it. If you do not complete the setup process after clicking "Enroll Now" you will be logged out of your email, Canvas, Microsoft, etc. accounts and will be required to complete the setup in order to regain access to your accounts. 
  • SMART PHONES are required for this method
• Assisted Enrollment: For anyone who would like assistance with their 2FA enrollment or do not own a smart phone, please contact the Service Desk at Servicedesk@chapman.edu or (714)997-6600.
  
  
• 2FA Tokens: If you would like to opt out of using any personal devices for your 2FA authentication, IS&T is offering a hardware tokens. These tokes can be synced with your 2FA account and will provide you with a six-digit code for authentication your sign in.
  • If you opt for the hardware token, it is very important to remember that you will need to have it with you at all times when working remotely. If you do not have your token or you have lost your token, you will need to contact the Service Desk for assistance with accessing your account and replacing your missing token.
  • To be setup with a 2FA Token, please contact the Service Desk at Servicedesk@chapman.edu or call (714) 997-6600.

What is the App Lock feature, and can it be disabled?

Microsoft has enabled the APP LOCK feature on the Authenticator App for both iOS and Android devices. The App Lock feature uses the phone's sign-in method (facial recognition, fingerprint, code, etc.) as an extra layer of protection for the authenticator app itself in the event your phone is stolen or an unauthorized user gains access to your home screen. This feature will be seen mostly by users who are enrolling for the first time or who setting up the Authenticator app on a new phone or mobile device. Although this feature is initially unavoidable, it can be easily disabled after the app setup process is completed: 

1. Open the Authenticator App  
2. Open the App’s Settings 
3. In the App settings menu, you can toggle the App Lock On or OFF 

Do I have to approve every logon request?

No. Connections from campus are exempted from the 2FA requirement. If you connect from a personal device on an off-campus network, you have the option to trust that particular device for 30 days.

Are Smart Phone required for Self-Enrollment?

Yes. In order to complete the self-enrollment process you will need Smart Phone that supports modern authentication. For those who do not own a smart phone or mobile device, please contact the Service Desk for assistance with your 2FA enrollment.

Why Microsoft Authenticator?

Microsoft is our 2FA provider, and the Authenticator app provides the added convenience of push notifications. With Authenticator, you will receive a pop-up notification on your device to approve or deny the request. For apps that do not support push notifications, you will enter a code displayed within the app after you supply your password. 

The codes generated by the Microsoft Authenticator application are based on a time-based algorithm. It is important to note that when the application communicates with the authentication server, it sends encrypted data to protect the user's privacy and security. Additionally, the app does not collect or store any personal information, such as the user's username or password. 

What if I do not want to enroll using my own personal device?

We completely understand if you wish to not use a personal device for work related purposes. Please contact the Service Desk to for assistance with the registration.

Can I enroll more than one device?

Yes, you may enroll multiple devices. Each device will need to have the authenticator app installed and paired with your account through the QR code scanning method demonstrated in the video.

Do I have to provide my cell phone number?

You may use the mobile app in combination with any of the following: your office or mobile number, a personal e-mail address, or security questions. The personal e-mail address and security questions cannot be used as a second factor for authentication. Instead, they are reserved for use with self-service password resets. We recommend using the mobile app with a mobile number since both options may be used interchangeably for 2FA.

If you replace your cell phone, the mobile number may be used for 2FA requests until you activate the mobile app on your new device.

What do I do if I forget my phone?

Please contact the Service Desk for a temporary override. You will be asked to provide details to validate your identity.

When will I receive the 2FA prompt?

Chapman's campus networks are exempted from 2FA. You may be prompted to verify your login if you connect to a protected service from your mobile device from an off-campus network. For example, if you connect to Dropbox from your mobile device on a cellular network, or if you login to Office 365 from your home.