An MFA hardware token—or "fob"—is a piece of hardware that is used to authenticate when a person is not using a phone to authenticate on the MFA service. The token is a small, battery-powered device that is usually attached to your keychain. Pressing a button on the token will display a code on the built-in display.

No one is required to have an MFA token, and most people will not want (or need) a token. Only in special cases (when a phone cannot be used for MFA) should a token be used. (Note: Using a phone (mobile and/or tablet) is the preferred way to use MFA for greater security, having one fewer "thing" to keep track of, battery life, etc.; therefore, only in limited cases will a token be needed or required.)

MFA tokens are issued via walk-in centers located on each UM campus*. To be issued a token, a person needs to visit a location and provide identification. In some cases, tokens will also be issued to IT departmental partners who can distribute to their colleagues.

If you would like to use an MFA token as your authentication method, please visit one of the convenient locations listed below and an IT specialist will enroll the token in your Microsoft Authenticator account:

Coral Gables Campus

• Ungar Building
  • Open Monday-Friday, 9 a.m.-5 p.m.
  • Location: 1365 Memorial Drive, Suite 136
  • Email: umit-procurement@miami.edu
  • Call: 305-284-2000
    
    
• Student Technology Help Desk
  • Open Monday-Friday, 9 a.m.-5 p.m.
  • Location: Richter Library, 3rd Floor, Room 325
  • Email: STHD@miami.edu
  • Call: 305-284-8887

Marine Campus

• RSMAES Computing Facility
  • Open Monday-Friday, 9 a.m.-5 p.m.
  • Email: rcf-support@earth.miami.edu
  • Call: 305-421-4028

UHealth/MSOM Campus

• 1501 Building
  • Open Monday-Friday, 8 a.m.- 5 p.m.
  • Location: 1501 NW 9 Ave, Suite 101G, Miami, FL 33136
  • Contact: Terrynce Jones

It's simple—enroll your device(s) in Microsoft Authenticator!

Make sure you download the official Microsoft Authenticator app on your mobile device from the Apple App Store and/or Google Play Store. The Microsoft Authenticator app is free to use.

When you reach the University-branded login page, enter your University of Miami Login ID* and password. You will then be prompted to authenticate with multi-factor authentication (MFA).

*Your Login ID provides unified access to the majority of University of Miami applications and systems, and is sometimes referred to as your User Principal Name (UPN). Your Login ID is usually formatted like your CaneID; however, the Login ID has @miami.edu or @umiami.edu appended to the end of the ID. (The @miami.edu or @umiami.edu at the end of the Login ID indicates that you are associated to the University of Miami organization.) If you don't know your Login ID, visit CaneID Self-Service at caneid.miami.edu and click the "Login ID" banner to view your information. You can use your CaneID to log in and access this information on the CaneID Self-Service page.

Your CaneID is your unique identifier within University systems, and you will continue to use your CaneID for a variety of reasons—including when connecting to wireless networks at the University of Miami or systems that do not use the University's branded login screen (palm trees/flying ibis). Keep in mind that some University applications/systems may require a different ID to log in, and will prompt you accordingly.

For instructions on how to manage your University of Miami Microsoft Authenticator account—including adding a new device and deleting a device—review the following tip sheet:

• Original Login Experience: How to Manually Generate an MFA Access Code
• New Login Experience: How to Manually Generate an MFA Access Code

Yes. To change which authentication method you are automatically prompted for, visit it.miami.edu/manage-mfa, log in, and then select "Change." In the pop-up, select your preferred method and then click "Confirm" when complete:

• If you select "App based authentication - notification," you will receive a notification within your Microsoft Authenticator app to input a two-digit code visible on the sign-in screen into the mobile app.
• If you select "App based authentication or hardware token - code," you will need to open the Microsoft Authenticator mobile app to find a six digit code and then enter the code into the sign-in screen.

For step-by-step instructions on how to changing your default authentication method with your University of Miami Microsoft Authenticator account, review the following tip sheet:

• Original Login Experience: How to Manually Generate an MFA Access Code
• New Login Experience: How to Manually Generate an MFA Access Code

The map you see in Microsoft Authenticator shows the IP address location of the device trying to sign in—not your phone's location. This feature helps you verify if a login attempt is legitimate.

If the location on the map looks unfamiliar or suspicious, do not approve the request; instead, tap "No, it's not me" to deny the sign-in.

This is a known issue within the Microsoft Edge browser on Mac (Apple) devices when signed in with your profile and Copilot is enabled; Microsoft is currently working on a fix. (For reference of what the pop-up looks like, see sample below.)

In the meantime, to disable the sign-in pop-up, follow the steps below:

• On the top-right of the Microsoft Edge browser, click the ellipses (...) and then select Settings.

• Within the Settings panel, select Sidebar and then select Copilot.

• Disable Copilot within the browser by toggling off the option to "show Copilot button on the toolbar" and "allow Copilot to use page content." Your selection is automatically saved.

The IT Service Desk is available 24/7 to provide technical support.