Multifactor authentication (MFA) - FAQ
To secure your accounts, there is multifactor authentication at Odisee on both your Odisee account and your Association KU Leuven account. Frequently asked questions and corresponding answers can be found on this page.
As of February 26, 2025, multifactor authentication (MFA) on your KU Leuven Association account will become mandatory! We encourage you to activate the KU Leuven Authenticator app now! There are also instructional videos that show step by step how to activate MFA If you have questions about this or are experiencing problems you can't solve with the information on this page, you can get specific support at your campus on weekdays until Feb. 28. See below for where and when.
|
General questions
-
Multifactor authentication (MFA) is, as the word says, authenticating yourself using multiple factors. Everyone knows the classic way of logging in with a username and password. Using a password is one factor, something you know.
MFA typically involves a second factor in the form of something you have. The most common way is a smartphone app that is tied to your smartphone and not transferable to another device.
In the smartphone app, you will receive a push notification that simply requires you to reply "Decline" or "Approve" to your login attempt. That way, you are demonstrating on something you have (your smartphone) that you are the one logging into your account.
-
Today, hackers are enormously creative and mostly automated in finding and abusing accounts - this with potentially serious consequences.
In the traditional way of working with just a username and password, knowing your password is enough for the hacker.
With the use of MFA, an additional factor comes into play that can stop the hacker. As long as no approval is given in the smartphone app, the hacker will not get into the account.
-
Yes, that's right. As a student or employee at Odisee, you have 2 accounts: an Odisee account that takes the form of your email address and an KU Leuven Association account (your r-number, your s-number, your u-number ...).
For both accounts, MFA is required.
For the Odisee account, you have to use the Microsoft Authenticator app for that, for the KU Leuven Association account you have to use the KU Leuven Authenticator app.
So both apps must be installed on your smartphone and for both accounts it must also be linked to the appropriate account.
-
The second factor for your Odisee account is enforced on Odisee applications including the following:
- E-mail (webmail, mail app, ...)
- Microsoft Teams
- OneDrive
- Student platform (odisee.be)
- Other Odisee applications (printcredit.odisee.be, ...)
For the KU Leuven Association account of Odisee students and staff, MFA is also enforced as of 26/02/2025, when you log in to:
- Toledo
- My Loket (KU Loket)
- Time Edit
-
For the Odisee account, you need the"Microsoft Authenticator" app on your smartphone. You can download it from the Google Play Store (for Android smartphones) and from the Apple App Store (for IOS smartphones). You can download and install the app for free.
When activating your Odisee account, the activation of the MFA is included in the activation process.
For the KU Leuven Association account, you need the"KU Leuven Authenticator." You can also download this from the Google Play Store and the Apple App store.
Activation of your KU Leuven Association account follows the activation of the MFA after setting your password in the activation process.
About the activation processes of both your accounts, you can find more information and a roadmap at https://www.odisee.be/accounts.
If you have already activated your account (you have already chosen a password for it) but you have not yet activated MFA, please refer to FAQ below "How do I register MFA for my Odisee account that is already activated?" and "How do I register MFA for my KU Leuven Association account that is already activated?".
-
Is your Odisee account already activated, but you forgot to register MFA beforehand or your registration was reset? Then you can follow these steps to register MFA:
- Take your smartphone and install the 'Microsoft Authenticator' app. You need it to successfully register your security credentials.
- Do you have an Android smartphone? Then you can find the app on the Google Play Store: Microsoft Authenticator app for Android
- Do you have an Apple smartphone? Then you can find the app on the Apple App Store: Microsoft Authenticator app for iOS
- Surf to portal.office.com
- Sign in with your username and password
- You will now be notified that more information is needed to keep your account secure and complete the activation process.
- Choose Next.
- You'll get a notification that you need the'Microsoft Authenticator' app. Choose'Next.
- You will get another notification that will start the registration process in the 'Microsoft Authenticator' app. Choose 'Next' again here.
- You open the Authenticator app on your smartphone
Microsoft asks if they may collect diagnostic information through the app to improve their service. Here you can choose whether to accept or decline. - On the next screen, choose"Scan a QR code.
- You now scan the QR code displayed on your computer screen with the app on your smartphone. The account is added to the Authenticator app and you choose'Next' in the web browser on your computer.
- You will now see the following window on your laptop. At the same time, a request is sent to the app on your smartphone.
- On your smartphone you have to approve the registration by entering the displayed number.
- Once you have approved the request in the app on your smartphone you will see a confirmation on your computer that the request has been approved.
- You have now linked the app on your smartphone to your Odisee account and successfully registered your security credentials.
- You can now start using this method as a second factor when logging in.
- If you opted for the Microsoft Authenticator, you will receive sporadic push notifications on your smartphone at login that you have to approve.
- Do not delete the app as you need it to log in to your Odisee account.
- Now that the security info has been successfully registered, select'Done'.
- Take your smartphone and install the 'Microsoft Authenticator' app. You need it to successfully register your security credentials.
-
How to do this can be read step by step on this page.
-
On the Odisee account , the MFA login is valid for
- 7 days on a computer
- 30 days on a smartphone
provided you have clicked "Yes" to the question "Stay logged in?"
On the KU Leuven Association account , the login is valid for a maximum of 12 hours or until when you close your entire browser session. Also when you change your IP address (i.e. when your device connects to a different network), you have to log in again.
So for the MFA on your Association KU Leuven account, you will need your Authenticator app on your smartphone every day!
At this page we give you some more tips for efficient use of the KU Leuven Authenticator App.
-
Odisee, KU Leuven and Microsoft do not charge a fee to use the smartphone app for MFA.
Smartphone related questions/problems
-
Unfortunately, for the Odisee account, you cannot register a new multifactor method without your old smartphone. Therefore make a ticket to the ICT service desk or go to your local ICT service desk at your campus.
For the KU Leuven Association account, you can remove your lost or stolen device as MFA device and register a new device yourself, using your reset code or via ItsMe. On this page we explain how to do this.
The ICT Service Desk can temporarily disable the MFA requirement (maximum 7 days) until you have a new device. To do so, stop by the ICT Service Desk on your campus.
-
For the Odisee account, unfortunately we can't help you any further. You will have to go get your smartphone. Please know that you can also use Odisee computers, no MFA is required here.
If your KU Leuven Association account is protected with the KU Leuven Authenticator then you cannot log in without a device. If you need to log in very urgently (e.g. for an exam) contact the ICT service desk on your campus. There they can disable the mandatory MFA for a short time so you can still take your exam.
-
For the Odisee account, unfortunately we can't help you any further. Maybe you can borrow a charger from one of your fellow students. Please note that you can also use Odisee computers, no MFA is required here.
If your KU Leuven Association account is protected with the KU Leuven Authenticator then you cannot log in without a device. So look for a charger from a colleague or fellow student. If you need to log in very urgently (e.g. for an exam) contact the ICT service desk on your campus. There they can disable the mandatory MFA for a short time so you can still take your exam.
-
Then you need to register the multifactor authentication (MFA) for your Odisee account as well as for your KU Leuven Association account. This is because MFA is device-specific when using a smartphone app.
Do not delete the Authenticator apps on your old device yet, because you will need them for a while to register your new device.
Have you got a new smartphone? Then you need to re-register multifactor authentication (MFA) on it for your Odisee account. That's because MFA is device-specific when using a smartphone app. Don't delete the app on your old device yet, because you'll need the Microsoft Authenticator app to register your new device.
For the Odisee account (Microsoft Authenticator App)
- Surf to https://mysignins.microsoft.com/security-info
- Log in with your Odisee account
- Run MFA with your old device
- Click on + Add login method
- Choose method Authenticator app
- Click on Add
- Follow the instructions in the web browser
- Download the Microsoft Authenticator app on your new smartphone
- Click Next in your browser window
- At the Set Up Your Account window, click Next again
- Scan the QR code in the Microsoft Authenticator app
Having trouble following these steps? Then take a look at the video about activating your Odisee account.
- You will now see a window asking you to approve the notification in the Microsoft Authenticator app
- Approve the notification on your smartphone
- When you get the message in the browser window that the notification was approved, you have successfully registered MFA on your new device
For the KU Leuven Association account:
- Go to https://account.kuleuven.be/mfa and log in there using the KU Leuven Authenticator on your old smartphone
- Click on'Add device'.
- You follow the same steps as activating MFA on your old smartphone. You can find those steps on this page.
-
For the Odisee account, you can (for now) use SMS to do MFA. Do know that this is less secure than an app and you cannot receive SMS if you do not have a connection. This can also cause problems abroad.
Registering via SMS is done like this:
- At the step where you are asked to download the Microsoft Authenticator, click at the bottom on I want to set up another method
- Under Which method would you like to use? choose Phone
- Click on Confirm
- Choose the country to which your cell phone number belongs
- Fill in the remaining digits of your cell phone number
- Click on Next
- You will now receive an SMS on the number you entered mentioning Microsoft authentication.
- Made a mistake in the cell phone number? Click on Back and repeat the steps.
- Still haven't received the SMS after some time? Then click on Resend code
- Enter the six digits of this SMS in the browser window
- Click on Next
- Multifactor authentication via SMS has now been successfully registered
For the KU Leuven Association account, there is no alternative to authentication via the KU Leuven Authenticator App.
Do you also not have a GSM device? Then we recommend contacting the student services department (STUVO). This way we can see what we can do for you with the social service.
Questions/Problems with MFA Odisee
-
Be sure to check first that you are indeed using the Microsoft Authenticator app and that it is up-to-date. Also check your smartphone's app settings. Make sure you have allowed access to your camera for the Microsoft Authenticator app, otherwise you won't be able to scan a QR code from within the app.
Be sure to check first that you are indeed using the Microsoft Authenticator app and that it is up-to-date. Also check your smartphone's app settings. Make sure you have allowed access to your camera for the Microsoft Authenticator app, otherwise you won't be able to scan a QR code from within the app.
- If this still doesn't work, in the MFA registration, click Can't scan the image?
- In the Microsoft Authenticator, first choose to add a Work or School account via QR code
- On the camera screen click at the bottom on Insert code manually
- Then enter the code and URL that appear in the browser window
- Once completed, click Next in your browser window
- You will now receive a push notification on your smartphone which you must approve
- Once approved, the browser window will show whether the registration was successful or not
Do you prefer to use a different app? No problem! At Odisee, we leave you the choice to use any MFA app you want. Just be aware that push notifications will not work and you will always need to request a verification code in the app when signing in.
Prefer to use a different app? No problem!!! At Odisee, we leave you the choice to use any MFA app you want. Just be aware that push notifications will not work and you will always have to request a verification code in the app to use when signing in.
If you want to set this up click on I want to use a different authentication app at MFA registration.
-
Are you not getting a push notification? Then your device may be offline .
If so, on the login screen, select I can't use my Microsoft Authenticator app right now.. Then use the method described in the question Where do I find the code I need to sign in?
Also check that you have allowed notifications for the Microsoft Authenticator app on your smartphone. Typically this is prompted when you first use the app. You can check this in your smartphone's system settings.
It is also possible that something went wrong while registering your MFA method. In this case we recommend to have the registration of your MFA method reset. Make a ticket at the ICT service desk with a clear description of your problem or visit your local ICT service desk.
-
If you don't get a push notification, you can also choose to enter an authentication code. This can be found in the Microsoft Authenticator app in the following way.
- Open the Microsoft Authenticator app
- Tap your username
- Enter the one-time passcode displayed in the Microsoft Authenticator on the login page
- Once completed, click Verify on to sign in with your second factor.
-
Unfortunately, without an authenticator app, you can no longer perform MFA if you do not have a second method set up such as SMS. Therefore, create a ticket with the ICT service desk or stop by your local ICT service desk so they can reset your MFA registration.
Once reset, you can register MFA again. To do so, follow the FAQ item "How do I install the authenticator app for multifactor authentication?".
-
You always have a default method to satisfy MFA with, typically that is the first method you registered. However, it can often be convenient to add a second method as a backup method. For example, you can authenticate with the Microsoft Authenticator app by default, but you can also choose to sign in via SMS should you have trouble with that.
Adding additional methods is done as follows:
- Surf to https://mysignins.microsoft.com/security-info
- Log in with your Odisee account
- Perform multifactor authentication with your old device
- Click on + Add login method
- Under"Which method do you want to add", choose the second method you want to add
- Authenticator app (authentication via Microsoft Authenticator or another authenticator app)
- Phone (authentication via SMS)
- Security key (physical FIDO2 security keys)
- Click on Add
- If you chose the Authenticator app, follow the FAQ item'I have a new smartphone' for further steps.
- If you chose phone, follow the FAQ item 'I do not have a smartphone' for further steps
- You can now choose to change the default login method to your preferred option on the registration page
Questions/Problems with MFA of KU Leuven Association
-
KU Leuven Authenticator requires a working Internet connection. Therefore, if your device is temporarily unable to access the Internet, you will not be able to log in with KU Leuven Authenticator.
-
Yes, you can. You log on to https://account.kuleuven.be/mfa where you can click on add device. There you can add a second smartphone or tablet that you can also use to log in.
But note: the KU Leuven Authenticator should only be registered on a personal, non-shared device.
-
If you have a reset code , you can use the reset code to delete all your registrations. On this page we explain how to do this.
If you do not have a reset code but do have a card reader + electronic identity card or itsme, you can also use it to delete all your registrations. You can find more instructions on this on this page. Please note, this only works if you have a Belgian national number known to us.
If none of the above options works, contact the Odisee ICT service desk at your campus, they can delete your registration and you can register again.
-
If your device is correctly added to your KU Leuven Association account, and the requirement to use MFA is on for your account (as of 26/02 this is effectively mandatory for all Odisee students and staff), then logging in will go as follows:
- You surf in your browser to e.g. toledo.odisee.be and get the login screen of the association.
- You click on the button"KU Leuven Authenticator" and a QR code appears on your screen.
- You open your KU Leuven Authenticator and click on "Scan QR" there. You scan the QR code on your screen.
- You confirm in the Authenticator app with your PIN code or your biometric data (fingerprint, facial recognition)
- You are then logged into your browser.
TIP! You can also make it even easier by checking the"Remember my device" option on the KU Leuven Association login screen. The next time you need to log in, all you have to do is click the "KU Leuven Authenticator" button and follow the instructions on your smartphone. You will then no longer need to type in your account name and password.
At this page we give some more tips for efficient use of the KU Leuven Authenticator.
-
If you have another question about the use of the KU Leuven Authenticator, you can take a look at the FAQ page of KU Leuven itself.
Keep in mind that not all KU Leuven features necessarily apply to Odisee. Odisee does not work with tokens for students.
As an Odisee student or employee, you can contact the Service Desk of Odisee, and not the one at KU Leuven.