Multi-factor authentication (MFA) is coming to RMIT

Multi-factor authentication (MFA) is being introduced for all students and staff across the University, to increase our cyber security and further protect RMIT’s systems. 

From May 2021, MFA will be required by all students and staff when accessing Microsoft 365 (M365) applications including Outlook Email (RMIT's email platform), Teams, OneDrive, SharePoint and Yammer.

Students and staff must register for MFA on their devices following the steps below.


How to register for MFA – user guides

To register for MFA, you need to:

  1. Reset your RMIT password via Self Service Password Reset. Once you change your password, it may take up to three hours for it to synchronise across all RMIT systems.
  2. Set up your MFA by downloading the appropriate guide below and following all steps to complete the registration process. You can choose to register for MFA via the Microsoft Authenticator app OR SMS code.

    Microsoft Authenticator app – available from your Play Store (Android devices) or App Store (Apple devices). RECOMMENDED for all smart phone users. Has a more secure set up and easier Yes/No verification.
    SMS code –the only option for users who do not have a smart phone. A 6-digit pin must be entered to verify.

What is MFA?

Multi-factor Authentication (MFA) requires you to provide more than one form of verification to be granted access to RMIT systems. 

This provides an extra layer of protection to your RMIT user login, by ensuring only legitimate users can access the University’s data and information. 

MFA will be required by all staff and students when accessing Microsoft 365 (M365) applications including Outlook (RMIT's email platform), Teams, OneDrive, SharePoint and Yammer.

From May 2021, when you sign in to M365 applications, you will be required to provide two factors to identify you:

  • A username and password
  • A request (yes or no response) or a passcode sent to your mobile phone.

If you don’t have the correct login credentials (username and password) AND code (when prompted to enter it), you won’t be able to log in. 

When will I need to verify my identity?

MFA won’t be required everytime you log in. It will be required when you: 

  • log in using a browser or device you haven’t used previously. 
  • log in from a country that is different from the country you last logged in from. 

How is MFA being rolled out?

All students and staff will be notified via email when to register for MFA and will have two weeks’ notice to register and set MFA up on your account.

After the allocated two-week registration period, the use of MFA will be mandatory for students and staff who have been invited to register for MFA.



General MFA Questions

Questions about MFA and Personal Mobile Devices

Questions regarding MFA use when travelling



Need help?

If you require support, please contact the ITS Service and Support Centre