Multi-Factor Authentication | CUNY School of Professional Studies

Getting Started with Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) is one of the most effective ways to protect your digital identity. In today’s world, passwords alone are no longer enough to keep your accounts secure—they can be guessed, stolen, or leaked in data breaches. MFA adds an extra layer of protection by requiring a second form of verification, such as a code sent to your phone, a prompt from an authentication app, or biometric data like a fingerprint.

For students, this means your university email, class materials, grades, and financial information are better protected. Even if someone manages to get your password, they won’t be able to log in without your second factor. This is especially important for university systems, which often contain sensitive personal and academic data.

It’s also important to understand that not all MFA methods are the same, and the type of authentication you’ll use can vary depending on the application or service. Some systems may send a text message or make a phone call to verify your identity, while others may require you to approve a notification in an app like Microsoft Authenticator. The method used depends on how the application is configured and what options it supports.

Beyond personal protection, MFA helps safeguard the entire university community. When everyone uses MFA, it reduces the risk of large-scale cyberattacks, phishing scams, and unauthorized access to shared resources. That’s why starting after the launch of the Fall 2025 academic semester, MFA will be required to access university systems. Enabling MFA now ensures you’re ready and secure when the policy goes into effect.

What is the Microsoft Authenticator app?

The Microsoft Authenticator app is a free mobile application developed by Microsoft that provides a secure way to verify your identity when signing into accounts. It’s commonly used for Multi-Factor Authentication (MFA), adding an extra layer of protection beyond just a password.

The Microsoft Authenticator app is already being used to verify your identity when accessing Microsoft Office 365 tools such as Word, Excel, and your campus email. Because of its compatibility and reliability, the university recommends using Microsoft Authenticator to authenticate your access to other key online resources, including CUNYFirst, Brightspace, and additional university systems. Using a single trusted app helps streamline your login experience while keeping your accounts secure.

Authentication Methods May Vary by System

It’s important to understand that the type of authentication method you’ll use can vary depending on the application or system you’re accessing. For example, services like Microsoft Office 365 may offer multiple options, such as sending a text message, calling your phone, or prompting you through the Microsoft Authenticator app to verify your identity.

However, CUNY’s MFA system does not support these alternative methods. Instead, when accessing platforms like CUNYFirst or Brightspace, you’ll be required to open the Microsoft Authenticator app and retrieve a six-digit code. You’ll then enter this code into an authentication field managed by the university. This method ensures consistent and secure login experience across CUNY’s online resources.

How To Create Your MFA Account

This video was created by CUNY Brooklyn College Office of Information Technology

Create your MFA Account

Go to the CUNY MFA Self-Service Portal
Using a desktop computer, open an internet browser and visit: https://ssologin.cuny.edu/oaa/rui
Log In
Enter your CUNY Login username and password.

Image

Note: If you receive an error message like the one below, your account has been locked and will require a manual reset from the Help Desk. For students at the CUNY School of Professional Studies (CUNY SPS), please contact the help desk at helpdesk@sps.cuny.edu. For students from other CUNY campuses contact your home campus at:
https://www.cuny.edu/about/university-resources/tech-resources-help-desks/#senior-colleges

Image
Grant Access
If prompted by your web browser, to “Know your location”, you can select the option you best feel comfortable with. Your decision will not impact your ability to continue with the configuration.

Image

If prompted by Oracle Identity Management, click Allow to continue.

Image
Manage Authentication Factors
On the dashboard, click Manage under “My Authentication Factors.”

Image
Add a New Factor
Click Add Authentication Factor and select Mobile Authenticator – TOTP (Time-based One-Time Password)

Image
Set a Friendly Name
Enter a name like “CUNY Login MFA” to identify this account in your Authenticator app.

Image

You're almost finished setting up your CUNY MFA account

The final step is to choose which authentication app you’d like to use either the Microsoft Authenticator app, which is recommended by the university, or the Oracle Mobile Authenticator app. Please note that the Oracle app must be installed on a Windows-based device and does not support mobile use. This means you will only be able to authenticate from the specific device where it’s installed, and you will not be able to access CUNY online resources while away from that device. For flexibility and full access from anywhere, the university strongly recommends using the Microsoft Authenticator app.

How Do I Set Up MFA Using the Microsoft Authenticator app?

The university recommends using the Microsoft Authenticator app for this purpose. This app generates a secure, time-based numeric code that you will enter into the CUNY One-Time Password (OTP) portal when prompted during login. Microsoft Authenticator is free and available for download on both Android devices via the Google Play Store and iPhones via the Apple App Store.

To get started, scan the QR code below using your mobile device. This will take you directly to the app’s download page. Once installed, follow the instructions provided to link your account to the app. During setup, you may be asked to scan a QR code or enter a setup key to connect your account. After setup is complete, the app will begin generating codes that you’ll use to verify your identity when accessing university systems.

Apple Store

Google Play

After installing the Authenticator App:
- Tap Add Account
  
  Image
- Choose Other Account
  
  Image
- Scan the QR code shown on your computer screen (see step 6).
  
  Image
Verify the Code
Open the Microsoft Authenticator app on your mobile phone to display the one-time password code.

Image
Enter this code in the Verification Code field on the setup page and click Verify and Save.

Image
You have successfully added the CUNY Login MFA account onto your My Authentication Factors page.

Image

How Do I Setup MFA Using the Oracle Authenticator App?

The Oracle Authenticator app is a security tool developed by Oracle that supports multi-factor authentication (MFA) by being installed on a Windows-based operating system. Authentication can only be performed on the specific device where the software is installed. As a result, you will not be able to access CUNY online resources away from that device, which limits flexibility and mobility. For this reason, the university recommends using the Microsoft Authenticator app, which is mobile-friendly and compatible with CUNY systems.

Download the Oracle Mobile Authenticator application
- Microsoft Store for Windows Computer
- Apple Store for IPad
Run and install the application

Image
Accept the license agreement

Image
Select “Add Account”

Image
Select “No”

Image
Select “Enter key manually”

Image
Scroll down to the bottom and select “Other”

Image
Return to the CUNY Login Advance Authentication screen and obtain the key

Image

$A screenshot of the "Setup Mobile Authenticator" copying the code \key (text) from the "Enter the key below, manually in your Authenticator Application" field.$
Add the account information, type in the key and select “Save” in the Oracle Mobile Authenticator app

Image

$A screenshot of the "Add Account" page adding the code\key text into the "Key" field and selecting the "Save" option.$
You will receive an authentication code

Image
Return to the CUNY Login Advance Authentication screen and select “Verify Now”

Image
Enter the “Verification Code” and select “Verify and Save”

Image
The Oracle Mobile Authenticator has been successfully added and is now configured to meet the CUNYfirst Multi-Factor Authentication (MFA) requirement

Image

Multi-Factor Authentication for MacOS

At this time, the university has not recommended or endorsed a specific desktop multi-factor authentication (MFA) solution for macOS devices. Users who wish to implement MFA on their Mac computers may explore options available through the Apple App Store. One app that has been positively mentioned by some users is Step Two, a macOS-compatible MFA application. While we will provide installation instructions for Step Two to assist interested users, please note that the university does not offer technical support for this app.

Link to installation instructions

The university strongly recommends using the Microsoft Authenticator app for all users. As a mobile-based solution, Microsoft Authenticator does not rely on a single installation on a computer, making it more flexible and accessible across multiple devices and locations.

PDF Instructions and Software Downloads

Software Downloads

PDF Instructions

CUNY Applications Requiring MFA

Here are some of the key applications that now require MFA:

Brightspace D2L – Online Course Learning Management System
DegreeWorks - Online tool used by students and academic advisors
Schedule Builder - Visual tool designed for students to explore, plan and build their class schedule for the upcoming semester.
Top Hat- Platform as a tool to enhance student engagement and improve learning outcomes
CUNYfirst – Tools that manages academic careers, including registration, grades, and financial aid
FACTS - Online tool used by students to understand and monitor their eligibility for New York State financial aid programs like TAP
Zoom - Cloud-based service that allows users to conduct virtual meetings, webinars, and online classes
OneSearch - Cloud-based service that allows users to conduct virtual meetings, webinars, and online classes

FAQ

General Information About MFA

What is Multi-Factor Authentication (MFA)?

MFA is a security method that requires two or more forms of identity verification before granting access to an account. It adds a layer of protection beyond just a password.

Why is MFA important?

MFA helps prevent unauthorized access to your accounts, even if your password is stolen or compromised. It protects sensitive data like grades, financial aid, and personal information.

Why is CUNY requiring MFA?

To strengthen cybersecurity across university systems and protect student data from phishing, hacking, and identity theft.

When will MFA be required for students?

Starting after the launch of the Fall 2025 academic semester, MFA will be mandatory to access university systems.

Is MFA required for all university systems?

Yes, MFA will be required for accessing key platforms like Brightspace, CUNYFirst, and campus email.

Which university systems require MFA?

Brightspace, CUNYFirst, Office 365, and other academic and administrative platforms.

Can I opt out of MFA?

No. MFA is required for all students to ensure secure access to university resources.

Setup and Usage

What happens if I don’t set up MFA by the deadline?

You will lose access to platforms like Brightspace, CUNYFirst, and campus email until MFA is configured.

Will I need to enter a code every time I log in?

Yes, when accessing protected systems, you’ll be prompted to enter a code from your authenticator app.

What is the CUNY One-Time Password (OTP) portal?

It’s the login interface where you enter your six-digit code from Microsoft Authenticator to verify your identity.

Where can I find the QR code to link my account?

The QR code will be provided during the MFA setup process through the university’s OTP portal.

What if I lose access to my phone or authenticator app?

For students at the CUNY School of Professional Studies (CUNY SPS), please contact the help desk at helpdesk@sps.cuny.edu. For students from other CUNY campuses contact your home campus at:

https://www.cuny.edu/about/university-resources/tech-resources-help-desks/#senior-colleges

Microsoft Authenticator Apps

What is the Microsoft Authenticator app?

It’s a free mobile app that generates secure codes for MFA. It’s recommended by CUNY for its compatibility and ease of use.

Where can I download Microsoft Authenticator?

From the Google Play Store or Apple App Store.

Is Microsoft Authenticator free?

Yes, it’s free to download from the Google Play Store and Apple App Store.

How do I set up MFA with Microsoft Authenticator?

Download the app, link your CUNY account using a QR code or setup key, and use the app to generate login codes.

What if I already use Microsoft Authenticator for other accounts?

You can add your CUNY account to the same app—it supports multiple accounts.

Which authentication app does the university recommend?

The university recommends the Microsoft Authenticator app for its mobile compatibility and ease of use.

Can I use text messages or phone calls for MFA?

No. CUNY’s MFA system does not support SMS or phone call verification. You must use an authenticator app.

Oracle Mobile Authenticator

What is the Oracle Mobile Authenticator?

It’s a Windows-based software that generates MFA codes. It must be installed on a specific computer and does not support mobile use.

Can I use the Oracle Mobile Authenticator instead?

Yes, but it must be installed on a Windows-based computer and only works on that device. It does not support mobile use.

Why does CUNY recommend Microsoft Authenticator over Oracle?

Microsoft Authenticator works on mobile devices, allowing access from anywhere. Oracle Authenticator only works on the device where it’s installed.

What are the limitations of Oracle Mobile Authenticator?

You can only authenticate from the device where it’s installed. If you're away from that device, you won’t be able to log in.

MFA for MacOS

What MFA app does the university recommend for macOS desktop devices?

The university recommends using the Microsoft Authenticator app for macOS users whenever possible. It is a secure and supported option for multi-factor authentication.

Can I use other MFA apps on my Mac?

Yes, while Microsoft Authenticator is preferred, users may explore other MFA apps available through the Apple App Store. However, these alternatives are not officially supported by the university.

Does the university recommend a specific MFA app for macOS desktop devices?

No, the university has not officially recommended or endorsed any desktop MFA solution for macOS devices at this time.

Has any app been suggested by other users?

Some users have recommended an app called Step Two, which is available on the Apple App Store and compatible with macOS. Link to installation instructions.

What is Step Two, and can I use it?

Step Two is a third-party MFA app available on the Apple App Store that some users have found helpful. You are welcome to use it, but please note that the university does not provide technical support for this app.
Link to installation instructions.

Where can I find installation instructions for Step Two?

Please refer to the installation instructions.

Support and Help

Who can I contact for help with MFA setup?

For students at the CUNY School of Professional Studies (CUNY SPS), please contact the help desk at helpdesk@sps.cuny.edu. For students from other CUNY campuses contact your home campus at:

https://www.cuny.edu/about/university-resources/tech-resources-help-desks/#senior-colleges

What should I do if I lose access to my phone or authenticator app?

For students at the CUNY School of Professional Studies (CUNY SPS), please contact the help desk at helpdesk@sps.cuny.edu. For students from other CUNY campuses contact your home campus at:

https://www.cuny.edu/about/university-resources/tech-resources-help-desks/#senior-colleges

Is support available after the MFA deadline?

Yes, but delays may occur. To avoid losing access to university systems, it’s best to complete setup before after the launch of the Fall 2025 academic semester.

What if I accidentally delete my authenticator app?

For students at the CUNY School of Professional Studies (CUNY SPS), please contact the help desk at helpdesk@sps.cuny.edu. For students from other CUNY campuses contact your home campus at:

https://www.cuny.edu/about/university-resources/tech-resources-help-desks/#senior-colleges