Instruction: How to set up multi-factor authentication
Before you start using multi-factor authentication, you need to registered at least one authentication device. The first one has to be a TOTP app, then you can register arbritrary number of TOTP apps and WebAuthn authenticators. After you add your first token, you can go to user profile and enable MFA for all services connected to MUNI Unified Login.
Sign in with MUNI Unified Login
You will see a QR code with a shared secret. Scan the QR code with your TOTP app.
If you are enrolling from the mobile phone that has installed a TOTP app, click on Here next to the QR code. Shared secret will be transferred via link.
You do not have to backup the QR code or the link - you can register more TOTP apps later, using a different code.
Click on Enroll a new token. If you opened the page on a WebAuthn capable device, choose token type WebAuthn, enter a description (e.g. "Work laptop") and continue by clicking Enroll token.
A dialog widow from the web browser or from the operating system pops up, asking for confirmation.
Push the button on your physical authenticator, confirm by fingerprint when on smartphone or perform another required action depending on the device. In the picture you can see the variant for Windows 11 (USB authenticator)
You may add arbitrary number of TOTP apps and WebAuthn devices. We highly recommend adding at least two devices and at least one of them with TOTP app.
To prevent losing access in case you lose all registered devices, it is possible to generate one-time recovery codes, which you can securely store or print out.
Go to Settings > Authentication and toggle the Turn on multi-factor authentication for all services switch (see the picture).
You be asked to sign in again using multi-factor authentication to confirm the action. From now on, every sign in to your account will require the multi-factor authentication.