Security Engineering January 25, 2018

Multi-Factor Authentication (MFA) for Remote Access

to PeaceHealth Resources

PeaceHealth is enforcing Multi-Factor Authentication (MFA) for remote access to PeaceHealth resources.

This could include Citrix Access Gateway (CAG), browser-based external access to Office 365, Webmail,

SharePoint, and MyHR.

What is MFA? When you log in to a PeaceHealth resource remotely, your password is the first

authentication. MFA requires a second authentication, which can be handled one of three different ways:

1. A text notification to your mobile device containing a code that is entered on the web page, or…

2. A prompt on your mobile device to approve access to the resource (requires Microsoft Authenticator

app installed on your mobile device), or…

3. A code from a mobile device app that is entered on the web page (requires Microsoft Authenticator

app)

The combination of your password and the prompt on your mobile device (one of the three options above)

make up the multi-factor authentication.

In order to use the Authenticator app (option 2 or 3 above), you will first need to enable the option 1. Please follow the instructions below to set it up.

You need to be logged into a PeaceHealth computer that is onsite at a PeaceHealth facility, or be connected

to PeaceHealth via a VPN or CAG connection to register.

1. On your computer open the MFA portal in your browser: www.peacehealth.org/mfa

a. If using CAG, launch “PeaceHealth MFA” icon:

2. If prompted to sign in, enter your PeaceHealth email address, or your {3x3}@peacehealth.org. Click

‘Next’ and on the next screen, enter your password.

1. SMS / Text Message Setup

Overview

MFA FOR EXTERNAL O365/AZURE ACCESS

2 | P a g e

3. This is the first screen for MFA set up. Click on ‘Set it up now’

4. Step 1: Select the ‘Authentication phone’ and select the United States for the country code and enter

your cell phone number or verify the number listed is correct and then click ‘Next’

5. You will receive a text message at the number you provided that contains a six-digit verification code.

Enter the verification code in the field provided and click ‘Verify’.

MFA FOR EXTERNAL O365/AZURE ACCESS

3 | P a g e

6. Once successful, you should see a message stating verification was successful. Click ‘Done’.

How it works: When accessing a PeaceHealth resource remotely, after entering your password, you will

be prompted to enter a code that you receive as a text on your mobile device.

You will first need to download the Microsoft Authenticator application on your phone from your app/play store.

The app is free but will require you to use your personal app store credentials to download.

The instructions that follow describe the setup for using a prompt from the Authenticator app on your mobile

device to approve access when logging in to a PeaceHealth resource (option 2 noted at the beginning of this

document).

2. Mobile App Setup – Approve/Deny Prompt Option

MFA FOR EXTERNAL O365/AZURE ACCESS

4 | P a g e

1. Once you have downloaded and installed the app on your phone, go to the MFA portal in the browser

on your computer (www.peacehealth.org/mfa). Click on the drop-down box for verification options

and select ‘Notify me through app’, then check the ‘Authenticator app’ box and then click on

‘Configure’.

2. Open the mobile app on your phone and enable push notifications. Click ‘Allow’

*If you click Don’t Allow you will need to go into the app settings on your phone and allow notifications. (iOS: Settings

– Authenticator – toggle Notifications to on. Android Authenticator – Settings – Toggle Notifications on)

3. Click the plus ‘+’ in the center of the screen or upper -right corner to add an account.

4. Select ‘Work or School Account’

MFA FOR EXTERNAL O365/AZURE ACCESS

5 | P a g e

5. You will be prompted to allow access to the camera. Click ‘OK’.

*If you click Don’t Allow you will need to go into the app settings on your phone and allow access to the camera. (iOS:

Settings – Authenticator – toggle Camera to on. Android Authenticator – Settings – Toggle Camera on)

6. Hold the phone up to the screen on your PC that displays the QR code to configure the app

NOTE: You can either scan the QR Code Image (blocky, black and white box – example above) or click enter code

manually and enter the 9-digit code and URL listed below the QR Code Image.

7. Click ‘Save’

MFA FOR EXTERNAL O365/AZURE ACCESS

6 | P a g e

8. If your notification method was updated, you will be prompted to verify your preferred method

9. You will then get a notification pop-up on your phone to Approve this Change. Click ‘Approve’

9. The final screen will display your user profile page. This page can be closed.

How it works: When accessing a PeaceHealth resource remotely, you will receive a push notification on

your phone when you have a login attempt on a device. You must click ‘Approve’ to log into the requested

resource like webmail or CAG.

IMPORTANT: If you did not initiate login and you receive a prompt to from

the Microsoft Authenticator app Touch ‘Deny’ and contact the PeaceHealth

Service Desk at 1-800-452-1425.

MFA FOR EXTERNAL O365/AZURE ACCESS

7 | P a g e

Utilizing the Authenticator app code is the third option as noted at the top of this document. The setup is the same

as the Approve/Deny prompt, except for the authentication option. Choose ‘Use Verification code from app’ in the

drop-down options, then click ‘Save’.

How it works: When accessing a PeaceHealth resource remotely, you will be prompted on the webpage for a

verification app code. Enter the numbers displayed in the app. Example:

NOTE:

If you need to adjust your communication settings or preferences, you can always return to

www.peacehealth.org/mfa, log in, and edit your selection/settings.

3. Mobile App Setup – Code Entry Option