Staff Remote Working: Multi Factor Authentication

What is Multi Factor Authentication?

Multi Factor Authentication (MFA) is a feature which adds more security to our North Bristol NHS Trust (NBT) user accounts, when staff are using NBT applications via a non-NBT device. It is an extra verification step to make sure users are who they say they are when logging in remotely.

When will staff need this?

Staff will be asked to authenticate their user information when accessing our Cloud-based services including Microsoft Teams and the NBT intranet (LINK).

How does it work?

There are several different MFA options for staff to choose from as shown below.

• Android / iOS app:
  • Notifications: Receive a notification via an app, and authenticate via a phone.
  • Verification Code: Copy a code sent to your app into your login screen.
• Mobile phone:
  • Phone Call: Answer an automated call, and press # to authenticate.
  • Text message: Receive a code via text message – copy this into your login screen.
• Other phone - Phone call: Answer an automated call, and press # to authenticate.
• Other Security questions: Set up answers to 5 security questions.

How does a user set this up?

The following guide will walk you through how to setup and install Microsoft Authenticator on your phone. You will however need a trust desktop PC to complete the process.

By using Microsoft Authenticator you will be able to access your work emails via outlook.com and link.nbt.nhs.uk from your home PC and your mobile phone.

PLEASE NOTE: This can ONLY be done when on site and using an NBT device. Do not attempt this at home.
 

1. On an NBT PC. Open your web browser and go to myaccount.microsoft.com. You will automatically login as you are onsite.
    
2. Click on Update Info on the Security info tile.
    
3. Click on Add sign-in method.
    
4. Select Authenticator app from the drop down menu. No other option will work with the current Microsoft setup.
    
5. Click on Add.
    
6. You will be prompted to install the Microsoft Authenticator app on your mobile phone.
    

Microsoft Authenticator App

The Microsoft Authenticator App is available from both the Apple App Store and the Google Play Store and must be installed on your smart phone to enable two step authentication when accessing trust websites remotely.

1. On your phone search for and download the Microsoft Authenticator.
    
2. Once downloaded open the Authenticator app.
    
3. Accept the terms and conditions. Microsoft and NBT will have access to this part of your phone, but not any of your personal data, information or content.
    
4. We ALWAYS add a work or school account
   
   Never Sign in with Microsoft
    
5. Select to Scan a QR code
   
   Now return to the PC to complete the next steps.
    

Scan the QR code and Complete Authentication
 

1. On the PC now click on Next.
    
2. Click on Next again.
    
3. When the QR code appears you will need to scan it with your phone.
   Select Allow when asked to receive notifications.
    
4. On your phone the Authenticator App will now show your North Bristol Trust account
    
5. On the PC click on Next
    
6. You will be prompted to use the authenticator and Let's try it out with a numbered code.
    
7. On your phone you will need to enter the code shown on the PC. Then select Yes.
    
8. On your phone you will now see your account is approved.
   
   On the PC you will also see a notification approved message.
    
9. Your Authenticator will now appear on the Security info screen on the PC.
   
    

Now when you log into LINK, email, Teams, Windows Virtual Desktop, LEARN or other trust applications and websites outside of the trust you will get a notification on your phone to approve when signing in.
 

How does a user reset Multi Factor Authentication?

We recommend that staff set up at least two methods of authentication to assist with resetting their Multi Factor Authentication.

If a user needs to change, or remove a method of authentication:

• Visit https://myprofile.microsoft.com.
• Use the NBT email address as a username.
• If at work, staff will not be asked for your password. Away from work staff will need to enter their NBT user password also.
• In the ‘Security Info’ section, click ‘Update Info’.

When asked to confirm MFA, if the preferred method is not available the user will need to select ‘Sign in another way’ where they can choose from their configured methods of Authentication. Then, from here, they can delete old methods and set up new ones as required.

Experiencing problems?

Staff experiencing problems signing into their account, or using Multi Factor Authentication in general, should contact the NBT IT Service Desk.