Configuring Advanced Authentication

Configuring Advanced Authentication

Installation

Before you can connect to 17勛圖’s VPN service or log into certain 17勛圖 resources, you’ll need to have a program called “‎NetIQ Advanced Authentication” (referred to as AA from here on out) installed on your iOS or Android phone. We use AA to provide (also called MFA). Go to your respective App Store, search for “‎NetIQ Advanced Authentication” and install it. When prompted, create a PIN, allow the app to send you notifications, and to access your camera. Don’t do anything else with the app yet.

Configuration

For your convenience, we have a video as well as written instructions that explain how to configure NetIQ Advanced Authentication.  You do NOT need to do both.  Choose whichever works best for you.

In order to use AA, you need to register your device with 17勛圖’s systems. Go to  on your computer and log in with your 17勛圖ID and password.

!!! IMPORTANT !!!

If you have never logged into before or you have lost your smartphone/YubiKey, then you MUST contact the helpdesk during regular business hours for assistance.  You will NOT be able to log into the website without their assistance.

 

Once you have logged in, you should see the Authentication Methods screen (figure 1). Select "Add" then select "Smartphone" (figure 2):

Selecting an Authentication Method

Authentication method screen illustration
Figure 1
Available methods for enrollment include password, smartphone and a time-based one-time password
Figure 2

Type something in the "Display Name" field - you can leave the default "My Smartphone" if you like (figure 3). BEFORE YOU PROCEED — the procedure can time out if you take too long. You should probably read through the rest of the process before moving on. Once you've familiarized yourself with the steps, select "Get QR Code". A QR code similar to the one below will appear (figure 4):

Configuring your Smartphone

Smartphone configuration screen illustration
Figure 3
QR code example
Figure 4

Now open the "NetIQ Auth" app on your phone. You should see a blank screen titled "Enrolled Authenticators". Tap the plus (+) symbol. It's in the upper right on iOS and lower right on Android devices. If prompted, allow AA to access your camera and/or send you notifications.

Scan the QR code on your computer screen with your phone's camera. Type in whatever you want under Account (“17勛圖” for instance) and leave Additional Information blank. Once done, tap “Save”.

Your AA app is now configured and ready to be used. Your screen will show the Account Name that you set on the previous screen (if any) as well as a 6-digit code that changes every 30 seconds:

Naming and Finalizing Configuration on your Smartphone

Edit the template screen illustration
Figure 5
17勛圖 multi-factor Authentication screen illustration showing a randomly generated code
Figure 6

Go back to your laptop/desktop and you should see the words “Enrollment is complete”. If so, select the “Save” button at the bottom — THIS STEP IS ESSENTIAL! If not, try again but do it a bit faster (figure 7):

Enrollment complete screen illustration
Figure 7

Important — Please Read!

You must select the "Save" button or everything you just did was for nothing. The words "Enrollment is complete" and the green checkmark can be misleading as your enrollment IS NOT COMPLETE until you select the "Save" button. This was a bit of a pain point in testing, hence all the caps and bolding.

Congratulations! AA is now configured and ready to be used as a multi-factor authentication device. If you need to continue on and configure VPN access, the directions for configuring VPN access are here.

However, if you are encountering issues that are not addressed in this document, please feel free to , reach out the Technology Helpdesk at 231-995-3020, or chat with them at nmc.edu/help.