KTH has started implementing multifactor authentication, MFA for all KTH accounts. This means you will log in using your username, password, and an approval via a mobile app. The rollout is gradual, and you will receive information when it’s time for your department. Here you’ll find instructions on how to prepare and manage MFA for your KTH account.
To protect your KTH account, you need to use an app to confirm who you are when you log in to KTH services. You do this via multifactor authentication, MFA. This means that you log in in two steps: using your username and password, and with approval via an app on your phone.
Link a mobile phone to MFA
Linking a mobile phone to MFA only needs to be done once per device. After linking the phone, you simply log in with your password and verification via your mobile phone.
When you link your phone to MFA, you need to have access to a computer and your mobile phone at the same time.
Click on the headers below and follow the instructions step-by-step.
Use your mobile phone when performing the following step
Download and install the Microsoft Authenticator app.
Search for "Microsoft Authenticator" in the App Store or Google Play on your mobile phone.You can scan the QR code below or tap the direct links on your mobile device to access the correct app for download.
When you open the app, you may be asked about Microsoft's privacy policy. Select Agree.
The app may then ask about app data usage. Select Continue.
Grant the app access to notifications, camera, and location when prompted.
Use a computer when performing the following step.
Right-click on the link
aka.ms/mfasetup
and choose to open the link in a private window or incognito mode.
Enter your username followed by @ug.kth.se in the login box (example: testjp@ug.kth.se)
You will then be redirected to KTH's login service. Enter the password for your KTH account.
You can now proceed to the next step to add a login method.
In this step, you need both your computer and your mobile phone.
On your computer: Once you have logged in via your computer's browser, click Add sign-in method.
On your computer: Click on Microsoft Authenticator.
On your computer: Microsoft Authenticator will now prompt you to install the app on your mobile phone, which you did in step 1 of this guide.
On your mobile phone: Go to the Microsoft Authenticator app. If it's your first time using the app, choose to Scan a QR code. If you already have accounts added in the app, click on the QR code symbol down to the right of the app.
On your computer: Click Next in the box.
On your mobile phone and computer: Scan the QR code that appears on your computer using your mobile phone.
On your computer: After you have scanned the QR code, click Next in the box.
On your computer and mobile phone: Now the configuration will want to test the authentication. A number will appear in the browser on your computer and a push notification will be sent to your mobile phone to approve the login.
On your mobile phone: Enter the same number that appears in the browser on your computer and approve the authentication.
On your computer: After you have approved authentication, a message will appear stating that the notification has been approved. Click Next to complete the configuration.
Activation is complete! You can now start using MFA when you log in with your KTH account.
Remove a mobile phone linked to MFA
If you need to remove a mobile phone that is connected to MFA, you can do so using Mobile BankID.
If you do not have access to Mobile BankID, you need to
Contact KTH IT-Support
for assistance.
Click on the header below and follow the instructions step-by-step.
Check one or more mobile phones that you wish to remove and click “Remove selected”.
Confirm that you really want to delete the selected devices.
Approve that the device should be removed using Mobile BankID.
Manage your account and security settings
You can manage MFA settings for your KTH account yourself, via
My KTH account
.
On this page, you can do the following things:
Enable MFA requirements when logging in to central login services
Remove mobile phones linked to MFA with Mobile BankID
FAQ about MFA
Click on the headers below for more information about MFA.
Multifactor authentication, MFA is currently the single most important security measure to ensure that the right person is logging in with their KTH account. In this way, we reduce the risk of identity theft, strangers logging in with the account and abusing it. It is about protecting KTH's IT systems from various forms of attacks or intrusions by preventing, detecting and managing threats that target networks, devices, programs and data.
An iPhone 11 or later model with iOS 16 or later installed
An Android phone with Android OS 8 or later installed.
Information about model and version can be found under settings in the mobile phone.
The steps you need to take depend on whether you still have access to your previous mobile phone with MFA or not.
You still have your old phone
If MFA is enabled on your old phone, you need to add MFA to your new one before erasing or restoring the old one.
Follow the instructions further up the page to add MFA on a new device.
In “Step 2: Log in with your KTH account”, approve the login with your old phone where MFA is already activated.
You don't have your old phone any more
If you've erased, reset, or lost your old phone without first enabling MFA on your new one, you can still remove the old device from MFA.
Follow the instructions further up the page to “Remove a mobile phone linked to MFA” using Mobile BankID.
You do not have Mobile BankID
If you do not have access to Mobile BankID and cannot log in with MFA, you need to
Contact KTH IT-Support
for assistance.
Yes, you can have MFA configured on multiple devices at the same time.
In addition to username and password, you need to use MFA for the central login service. It is used for example for kth.se, Canvas or Zoom.
You need to sign in with MFA per browser and device. If you close the browser window or are inactive for more than 12 hours, you will need to authenticate again with MFA the next time you sign in.
