What is changing?
Students, Faculty, and Staff will be required to utilize Microsoft Multi-Factor Authentication when accessing Cal State LA Single Sign-On starting May 29th, 2025.
To improve security and reduce the need for help desk assistance, Microsoft Entra authentication includes the following components:
- Self-service password reset - Lets users update or change their passwords using a web browser from any device without waiting for helpdesk or administrator to provide support.
- Microsoft Entra multifactor authentication - Works by requiring two or more authentication methods which include:
- A password
- Trusted device like a phone or hardware key
- Biometrics like fingerprint or face scan
- Hybrid integration to enforce password protection policies for an on-premises environment - Enforces strong passwords by having a global and custom banned password list. A password change request fails if there's a match in this banned password list.
- Passwordless authentication - Credentials would be provided by using methods like biometrics.
Microsoft Authentication Options
Microsoft MFA login options will depends on the policies applied by your University's Microsoft MFA administrator.
Microsoft Authenticator supports passkey, passwordless sign in, and MFA by using notifications and verification codes.
- Users can sign in with a passkey in the Authenticator app and complete phishing-resistant authentication with their biometric sign-in or device PIN.
- Users can set up Authenticator notifications and sign in with Authenticator instead of their username and password.
- Users can receive an MFA request on their mobile device, and approve or deny the sign-in attempt from their phone.
- They can also use an OATH verification code in the Authenticator app and enter it in a sign-in interface.
First Time Enrollment in Microsoft MFA
To install Microsoft MFA, scan the QR code below or search for "Mircrosoft Authenticator" in the app store or google play store.
After installing the app, select which method you would like to verify your identity.
Once you have verified your identity, you can now add a sign in method.
After adding your sign in method, the Microsoft authenticator will send a test to ensure you successfully registered. Once you receive the notification of approval, you have successfully registed with the Microsoft Authenticator.
Manage MFA Login Methods
When logging onto your MyCalstate LA portal, in the upper right hand corner, click your profile icon initials and click view account.
Click security info to manage your sign-in methods and devices.
To add a new sign-in method or change your device, click on "Add method," "Change," or "Delete" as needed. It will then prompt you to add your new/updated device.
If you wish to change your default sign-in method, click change and a drop down menu will pop up allowing you to change your authentication method.