CUNY Multi-Factor Authentication | Hunter College

CUNY Multi-Factor Authentication | Hunter College
CUNY Multi-Factor Authentication
On This Page:
What is CUNY MFA
CUNY applications requiring CUNY MFA
Getting started with CUNY MFA
Using CUNY MFA
Frequently Asked Questions
Additional Assistance
What is CUNY MFA
Hunter College and CUNY require all students, faculty, and staff to use Multi-factor Authentication (MFA) to sign into specific applications. This website will assist members of our community in uploading the tools necessary to confirm MFA factors to sign into CUNYfirst, CUNY Buy, Brightspace, Zoom, and other systems, which are listed on this site.
The CUNY MFA is not the same as Microsoft 365 MFA used for programs like Teams and Outlook.
CUNY MFA is an additional step to prevent bad actors from accessing accounts, data, and personal information. Every college at CUNY will require CUNY MFA as well.
CUNY applications requiring CUNY MFA
These CUNY applications require MFA upon log in (starting June 30, 2025):
BrightSpace D2L
Connect2
CUNYBuy
CUNYfirst – Self-Service, Campus Solutions, HCM and Finance
DegreeWorks
EAB Navigate
Ezproxy
FACTS
InfoReady
LinkedIn Learning
Online Orientation
Quinncia
Schedule Builder
Top Hat
Zoom
Getting Started with CUNY MFA
Video Tutorial
Watch the following video for a quick overview on setting up and using CUNY Login MFA:
The remainder of this document provides step-by-step instructions on setting up and using CUNY Login MFA.
Setting Up for the First Time
The following one-time procedure provides instructions on setting up CUNY Login MFA TOTP (Time-based One-Time Password) for use with the Microsoft Authenticator mobile app when you have access to a computer and your phone.
1. In a new web browser window, open the
CUNY MFA Self-Service
(https://ssologin.cuny.edu/oaa/rui).
The CUNY Login page displays.
2. Enter your CUNY Login username and password, then click
If you are also prompted to share your location with ssologin.cuny.edu, click
Allow
An Oracle Access Manager page is displayed with a confirmation message with the instruction to click OK to continue.
3. Click
OK
to acknowledge the message.
An Oracle Identity Management page is displayed asking you to grant access to continue.
4. Click
Allow
to continue.
The "Hi, what are you managing today?" page is displayed.
5. Click
Manage
in the My Authentication Factors tile.
The CUNY Login Advanced Authentication – My Authentication Factors page is displayed.
6. Click on
Add Authentication Factor
to display the list of authentication factor methods.
7. Choose
Mobile Authenticator – TOTP
(Time-based One-Time Password).
The CUNY Login Advanced Authentication - Setup Mobile Authenticator page is displayed.
8. In the
Friendly Name
field, type a name (such as “CUNY Login MFA”) to easily distinguish CUNY Login MFA from any other accounts in Microsoft Authenticator.
If you are using Microsoft Authenticator on an iPhone, consider using hyphens or underscores instead of spaces in the Friendly Name field. Some older iPhones may replace the spaces in the friendly name with
%20
when the Friendly Name is added to the Microsoft Authenticator mobile app.
9. Open Microsoft Authenticator on your mobile phone.
10. Tap
Verified IDs
at the bottom of the page or the circular button above it.
The Microsoft Authenticator Verified IDs page is displayed.
11. Tap
Scan a QR code
The Microsoft Authenticator Scan QR Code page is displayed.
12. Use the camera window on the Scan QR Code page to capture the QR code displayed on the CUNY Login Advanced Authentication - Setup Mobile Authenticator page on the computer.
This sets up a new MFA account in Microsoft Authenticator having the friendly name you entered with a time-based one-time password (TOTP) code that changes every 30 seconds. A count-down timer indicates how much longer the password code remains valid for authentication.
13. On the CUNY Login Advanced Authentication - Setup Mobile Authenticator page on the computer, click
Verify Now
A Verification Code field is added to the CUNY Login Advanced Authentication - Setup Mobile Authenticator page.
14. In the
Verification Code
field, type the password code from the Microsoft Authenticator app on the phone.
15. Click
Verify and Save
The My Authentication Factors page displays showing the Mobile Authenticator - TOTP MFA account just added.
16. Click on your CUNY Login username in the top right corner of the page, choose
Logout
, and close your browser.
Your CUNY Login MFA TOTP method has been set up, and the corresponding MFA account is now in your mobile phone’s Microsoft Authenticator app.
Using CUNY MFA
Responding to CUNY Login MFA TOTP Prompts
The following procedure tells you how to enter the password code from Microsoft Authenticator when CUNY Login MFA prompts you to enter a TOTP (time-based one-time password):
1. In the CUNY Login window, enter your CUNY Login username and password, then click
If you are also prompted to share your location with ssologin.cuny.edu, click Allow.
A window is displayed prompting you to choose your MFA login method from the displayed list of your previously established CUNY Login MFA authentication factors.
Note:
If you do not see a window prompting you to choose your MFA login method, your CUNY Login MFA setup may be incomplete. Clear the browser cache, close the browser window, and then follow the instructions in “Setting Up for the First Time.”
2. Click on the Enter OTP from device link corresponding to the friendly name you set up for CUNY Login MFA.
3. Open the Microsoft Authenticator app on your mobile phone to display the one-time password code.
Make sure to open the account you set up for use with CUNY Login MFA.
Consider waiting for the one-time password (OTP) code to refresh if the count-down timer gets close to zero.
4. In the Enter OTP from the registered phone field, enter the one-time password code from Microsoft Authenticator.
5. Click
Verify
The CUNY application or service opens for your use.
Frequently Asked Questions
Microsoft provides information for
general questions about MFA
. The FAQs below are specific to Hunter College and CUNY.
Following CUNY Login MFA implementation, you will have to provide a CUNY MFA code each time that you are presented with the CUNY Login page to enter your CUNY Login credentials.
It is important to set up CUNY MFA for your Hunter College work and use the code from that identity when prompted.
If you get a new mobile phone, you will need to transfer your MFA credentials to the new one.
Do not erase the MFA on your old phone
- follow these
instructions
If you have issues with this transfer, contact the Hunter College help desk.
View Procedure
If you delete all your authentication factors, you will no longer be able to access and manage your CUNY Login MFA authentication factors. You must then contact the Hunter College Help Desk to request to have your CUNY Login MFA reset so you can set up at least one authentication factor.
If your phone and authenticator app support it, you can back up your CUNY Login MFA account settings so they can be loaded onto a new or replacement phone. See your phone's and authenticator app's documentation for information on backing up and restoring your MFA account settings.
If you do not have access to a computer, the following one-time procedure provides instructions on using only your mobile phone to set up CUNY Login MFA.
View Procedure
Please note the following before setting up CUNY Login MFA for the first time: The first authentication factor you should set up for CUNY Login MFA should be a time-based one-time password (TOTP) generated by an authenticator app—like Microsoft Authenticator or Google Authenticator—on your mobile phone.
There are a few reasons why CUNY Login MFA may not work after you set it up: You did not verify your new CUNY Login MFA TOTP factor after adding it to your authentication app on your phone.
Yes. CUNY Login MFA supports the following factors: Mobile Authenticator - TOTP, FIDO 2 Challenge, and Yubico OTP Challenge.
Learn More On Authentication Factors
No. Microsoft MFA is only used as an additional layer of security when accessing Microsoft 365 applications. CUNY Login MFA is used as an additional layer of security when using CUNY Login credentials to access other CUNY and college applications, such as CUNYfirst, Brightspace, Zoom, Dropbox, and CUNY IT Help.
Yes, you can add new or delete existing CUNY Login MFA authentication factors, but make sure you have at least one valid authentication factor saved before exiting the CUNY Login Advanced Authentication application.
Yes, CUNY Login MFA works with Microsoft Authenticator, Oracle Mobile Authenticator, and Google Authenticator. The MFA set up and operation is similar for each. Microsoft Authenticator is recommended because many CUNY users already use it for multi-factor authentication with Microsoft 365.
You can add new or delete existing CUNY MFA authentication factors, but make sure you have at least one valid authentication factor saved before exiting the .
Generally, you do not need to request a CUNY Login MFA reset unless you lost or replaced your device. If you lost your device or got a new one, contact your campus help desk to request to have your CUNY Login MFA reset.
No, you are set. You will be prompted for CUNY MFA when signing into CUNY applications.
If you get a new phone, see how to manage that change for MFA (above).
If you have not added the Digital OneCard to your phone or watch and wish to do so, visit the
Hunter Digital OneCard setup instructions
Additional Assistance
Contact Hunter’s
help desk
for assistance if:
You lost or are replacing the mobile phone used for CUNY Login MFA
Having issues with your CUNY Login
Having issues setting or using CUNY Login MFA