What is Single Sign-On?


Single Sign-On (SSO) automatically signs you into Sharepoint Online when you are on your employee computer AND connected to our campus network.  This feature provides you easy access as you don’t need to type in your username or password to sign into Sharepoint Online


Note, if you are using a student or instructor computer, Single Sign-On is not available for these devices.


What is Multi-Factor Authentication?


Multi-Factor Authentication (MFA) is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone.


If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.


How to Setup Up Multi-Factor Authentication (MFA) for the First Time:

  1. Sign in to Sharepoint Online with your work or school account with your password like you normally do.
    After you choose Sign in, you'll be prompted for more information.
  2. Choose Next.
  3. Select your verification method and then follow the prompts on the page. 
  4. After you test your additional verification method, choose Next.
  5. Once you complete the instructions to specify your additional verification method, the next time you sign in to Microsoft 365, you'll be prompted to provide the additional verification information or action, such as typing the verification code that is sent to you by text message.
  6. To have a new code sent to you, refresh your browser tab.


How Change My Multi-Factor Authentication (MFA):

  1. Go to https://myaccount.microsoft.com
  2. If prompted, enter your full BRCC-assigned email address (i.e. username@blueridge.edu or username@webmail.blueridge.edu)
  3. If prompted, select "Work/School Account" NOT Personal account
  4. Select "Security Info"
  5. Change or add 'sign-in' methods as needed


Multifactor Authentication Method Options:

  1. Microsoft Authenticator (Works great over wi-fi - no cell service needed)
  2. Phone - SMS text (requires cell signal)
  3. Office Phone - Voice call (can be associated with employee desktop or landline phone)
  4. Email - (use your personal email address, NOT your College email address)


We strongly recommend everyone set at least 2 methods.  



Using the Microsoft Authenticator App


The easiest verification method to use is the Microsoft Authenticator smart phone app. It's just one click instead of typing in a 6-digit code. And if you travel, you won't incur roaming fees when you use it.

1.  Download and install the Microsoft Authenticator app for Android, iOS or Windows Phone.


2.  Open a browser on your computer and go to Sharepoint Online and sign in.

7f8cf142-ff2a-4281-9e4b-b0093d3162d0.png

3.  Click Set it up now.

4.  Choose Mobile app from the dropdown.

5.  Make sure "Receive notifications for verifications" is selected. Click Set up.

6.  Wait for configuration pop-up box.  You should see a window on your computer that looks like this.

e8c5fc28-4cb9-46cc-914d-ea4dc53ef362.png

7.  Open the Microsoft Authenticator app on your phone.

8.  Tap the +Work or school account.

9.  Use your phone to scan the QR square that is on your computer screen.
        Notes:
        iPhone users may have to enable the camera in Settings in order to scan.

        If you can't use your phone camera, you'll have to manually enter the 9 digit code and the URL.

10.  Your account will be added automatically to the app and will display a six-digit code.

11.  Switch back to your computer and click Done.

12.  Now wait for the Checking activation status text to finish configuring your phone.

13.  When it's complete, you'll be able to click the Contact me button on the right.

38fef146-99ed-444b-9248-491fe088ed89.png

14.  Switch back to your phone and you'll see a notification for a new sign in.

15.  Go to the Microsoft Authenticator app.

16.  Tap Approve to allow it.

17.  Back on the computer, follow any prompts that you might see such as adding a mobile number.

18.  You're good to go!  From now on, whenever you have a new sign in or add your Microsoft 365 work or school account to an app, you'll open the Authenticator app on your phone and tap Approve.


Multi-Factor Authentication and Single Sign-On

If you see the following prompt, go ahead and checkmark “Don’t ask again for 30 days” and you will not have to approve the sign in request on that computer for 30 days.

Capture.PNG