1

Guide for Setting Up Your Multi-Factor Authentication Account and

Using Multi-Factor Authentication

This document serves as a “How To” reference guide for employees to execute the following MFA tasks:

1. New User Login and Setup 2. Complete User Setup and Authentication – Phone Call 3. Complete User Setup and Authentication –Text Message 4. Complete User Setup, Activation, and Authentication – Mobile App 5. Setting Security Questions 6. Logging In with Security Questions/One-Time Bypass 7. Example: Accessing MFA-Enabled Resources – VPN using Text Message MFA 8. Example: Accessing MFA-Enabled Resources – PeopleSoft using Mobile App MFA 9. Example: Accessing MFA-Enabled Resources – Connect.baptisthealth.net VPN or CAG 10. Example: Resetting MFA pin or Changing your Phone Number

1: New User Login and Setup

New Users receive Multi-Factor Authentication welcome email

1. Open the email and click the link https://mfa.baptisthealth.net/portal. This link takes you to the MFA User Portal site where you complete your account setup.

2. Enter your Active Directory Username and Password.

3. Click the Log In button.

If you are a new user and have not changed your default password, or if your password is expired, you may be prompted to change your password.

4. Select an authentication Method. Options are:

Phone Call

Text Message

Mobile App

Based on the method selected, follow the instructions in section 2, 3 or 4 to complete your account setup.

2

2: Complete User and Authentication Setup – Phone Call

1. Select Phone Call as your authentication

method. 2. Enter a phone number (area code and

phone number). 3. Enter a 4-digit PIN. 4. Enter your PIN again to confirm your PIN. 5. Click Call Me Now to Authenticate

button.

Note: your PIN must meet the following criteria: • Must be numeric. (0-9) • Must be between 4 and 20 digits long. • Cannot contain 3 sequential digits. (i.e.: 12384) • Cannot contain 3 repeating digits. (i.e.: 33384) • Cannot contain any 4 digit subset from your phone

number (i.e.: If phone number is 305-372-6658, PIN cannot contain 3053, 5372 or 6658 or any other 4 digit subset of the number)

Shortly after clicking the Call Me Now to Authenticate button, you will receive a phone call.

6. Answer the phone call.

7. When prompted, enter your PIN followed

by the # key.

8. Hang up to complete the authentication setup process.

3

3: Complete User and Authentication Setup – Text Message

1. Select Text Message as your

authentication method. 2. Enter a phone number (area code and

phone number). 3. Enter a 4-digit PIN. 4. Enter your PIN again to confirm your PIN. 5. Click Text Me Now to Authenticate button.

Note: your PIN must meet the following criteria: • Must be numeric. (0-9) • Must be between 4 and 20 digits long. • Cannot contain 3 sequential digits. (i.e.: 12384) • Cannot contain 3 repeating digits. (i.e.: 33384) • Cannot contain any 4 digit subset from your phone

number (i.e.: If phone number is 305-372-6658, PIN cannot contain 3053, 5372 or 6658 or any other 4 digit subset of the number)

You will receive a text message asking you to reply and

6. Enter the verification code provided in the

text message and your PIN. In this example, the verification code is 193061 and the PIN is 9845. Enter 1930619845.

7. Tap the Send button.

Once the message is delivered the authentication process is completed.

4

4: Complete User and Authentication Setup – Mobile App

Before proceeding, you must install the Multi-Factor Authentication app on you mobile device. 1. On your mobile device access the App

Store (Apple devices) or Play Store (Android devices) or Windows Phone Store (Windows devices). You can have up to two devices activated.

Search for multi-factor authentication or PhoneFactor.

Download and install the app on your mobile device.

Once installed, open the app.

Go to the Multi-Factor Authentication User Setup page on your computer.

Select Mobile App as your authentication method.

Click the Generate Activation Code button.

5

The system generates an Activation Code, URL, and scan barcode.

8. On your mobile device, do one of the

following:

Enter the Activation Code and URL. The Activation Code expires after 10 minutes. If needed, you can generate another Activation code, or

Tap the Scan Barcode button and scan the barcode image. Use your phone’s camera to capture the barcode from the Multi-Factor Authentication User Setup screen. Your phone captures the barcode automatically.

Once you have entered the Activation Code and URL or scanned the barcode, activation will start automatically and may take a minute or two. Please be patient. You should see your BHSF account when activation is completed.

6

On the Multi-Factor Authentication User Setup page

9. Enter a 4-digit PIN. 10. Confirm your PIN by entering it again. 11. Click the Authenticate Me Now button.

Note: your PIN must meet the following criteria: • Must be numeric. (0-9) • Must be between 4 and 20 digits long. • Cannot contain 3 sequential digits. (i.e.: 12384) • Cannot contain 3 repeating digits. (i.e.: 33384) • Cannot contain any 4 digit subset from your phone

number (i.e.: If phone number is 305-372-6658, PIN cannot contain 3053, 5372 or 6658 or any other 4 digit subset of the number)

You receive a notification on your phone requiring you to verify the request.

9. To complete your sign in verification to the User Portal, tap the PIN field.

10. Enter your PIN using the mobile device

keypad. 11. After entering your PIN, tap the Verify

button. You have successfully completed the app setup on your mobile device.

12. Tap the Close button.

7

5: Setting Security Questions

After completing the verification step for your selected authentication method, you are prompted to setup your security questions. 1. Select four questions and enter the

appropriate responses. 2. Click the Continue button.

The enrollment process is now complete.

You can now access any MFA-based resource, use the user portal to enable a one-time bypass for MFA authentication, change the notification method, update the contact number, change your PIN, activate the mobile app (one of the methods), or change your security questions.

6. Login In with Security Questions/One-Time Bypass

If your device is unavailable, you may initiate a one-time bypass to access MFA-enabled resources. To do this, use your security questions as your second level verification.

1. Enter your AD Username. 2. Enter your password. 3. Click the Log In button.

8

Since your device is unavailable, wait 60 seconds to be prompted for with your security questions.

4. Answer the security questions. 5. Click the Log In button.

6. Click the One-Time Bypass icon.

7. Verify you want to continue by clicking the

Confirm button.

A one-time bypass is issued and multi-factor authentication is be skipped during your next sign on.

You will be able to access a MFA-enabled resource using only your AD credentials for either 5 minutes or one successful authentication, whichever occurs first.

9

7. Example: Accessing MFA-Enabled Resources – VPN with Text Message MFA

• Follow the logon procedures available for the

particular resource you are accessing (PeopleSoft, VPN, CAG, etc.).

• Those resources will likely require that you enter your AD credentials.

• Depending on the method of authentication selected, the following steps may vary slightly. In the following example, you will access BHSF’s VPN using text message as the authentication method.

1. Launch the Cisco AnyConnect Secure

Mobility Client. 2. Select connect.baptisthealth.net and

click the Connect button.

3. Enter your AD credentials. 4. Click the OK button.

You will receive a text message asking you to reply with the verification code provided followed by the PIN you created during setup.

1. Enter verification code followed by your PIN. In this example, the verification code is 193061 and the PIN is 9845.

2. Tap the Send button.

Upon successful Multi-Factor Authentication, the MFA-enabled resource grants you access.

10

8. Example: Accessing MFA-Enabled Resources – PeopleSoft with Mobile App MFA

• Follow the logon procedures available for the

particular resource you are accessing (PeopleSoft, VPN, CAG, etc.).

• Those resources will likely require that you enter your AD credentials.

• In the following example, you will access PeopleSoft using the mobile app as the authentication method.

1. Launch PeopleSoft and enter your AD

credentials. 2. Click the Sign In button.

When you click the Sign In button, you will receive a notification on your phone requiring you to verify the sign in request.

3. Tap the PIN field.

\

4. Enter your PIN using the keypad. 5. Tap the Verify button. 6. Once you successfully sign in, tap the

Close button.

11

Upon successful Multi-Factor Authentication, the MFA-enabled resource grants you access.

9. Example: Accessing MFA-Enabled Resources – Connect.baptisthealth.net VPN or CAG

To use CAG with your MFA access type in your browser:

Portal.baptisthealth.net

To use VPN with your MFA access type in your browser:

Connect.baptisthealth.net

12

10. Example: Resetting MFA pin or Changing your Phone Number

1. Login to:

https://mfa.baptisthealth.net/portal

2. Once you have entered your AD-login and password. You will receive a message on you’re App asking you for your pin.

3. Enter your pin or select on Time By-Pass (page 8)

or

4. From this screen you have several options. 5. These are menu driven or icon driven

One-Time Bypass

Change Phone

Change Pin

6. When you select change phone from either the menu or icon you will get the screen on the left where you can update your phone number

7. Then Save

8. The screen to the left is the Change Pin screen.

9. Once complete hit Save