Multi-Factor Authentication


Extra layer of protection for your account

SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code). 

By using MFA, your digital identity, data, and access to systems are still protected even if your password is compromised.

Who needs to set up MFA? 

MFA enrollment is required for all faculty, staff and students.

  • All faculty and staff at SFU will be required to enroll in MFA. If you are a new employee (including TAs and RAs), enroll in MFA as soon as possible to maintain your access to SFU online services. 

Faculty and staff who cannot or do not wish to use a mobile device for any reason may request a hardware token as an alternative. To get started, visit the Set up MFA page for more information.

  • New students starting in Fall 2021 will be required to enroll in MFA by Monday, Oct. 4, 2021.
  • All current students who started before Fall 2021, sponsored accounts, retirees, and any other accounts will be required to enroll in MFA by December 2021, and will be fully supported if they choose to enroll sooner. 

Note: If you have a shared sponsored account, we recommend to hold off on enrollment until we have a process in place. For more information regarding sponsored accounts, please visit the FAQ page.

Which SFU applications are protected by MFA?

Currently, MFA at SFU is implemented for web applications that use SFU's Central Authentication Service (CAS) for authentication. You will be prompted for your MFA code when you sign into most web applications and/or services at SFU, including:


  • goSFU, Canvas
  • FINS, myINFO
  • SFU Mail (via a browser)
  • Zoom
  • Microsoft 365 (via web portal)
  • SharePoint
  • AEM (
  • SFU Maillist (
  • Research Ethics Application system (Kuali)


  • Remote Desktop

Note: Future services at SFU will require you to be enrolled in MFA. More details will be announced with the new services.

Do I need to have cellular service or data coverage to use the MFA Applications?

No; Aside from the initial app download, TOTP MFA applications do not require any internet connection, cell service, or data coverage to display the MFA codes.

Note: TOTP (Time-based One-time Password) protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.


Set up MFA

The initial setup includes three parts which will take approximately 5 minutes.

Manage MFA settings

You can manage the following MFA settings using the  SFU MFA Management App:

  • Change your MFA device,
  • Change your MFA mobile app,
  • View or generate emergency login codes, and
  • View or remove the browsers you authenticated to “remember you”.

Have questions? Please see our collection of FAQs or visit the MFA Toolkits.

Need additional assistance?

Required for

You may also be interested in