Multi-Factor Authentication


What is MFA?

SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code). 

By using MFA, your digital identity, data, and access to systems are still protected even if your password is compromised.

Who needs to set up MFA? 

MFA enrollment is required for all faculty, staff and students.

  • All faculty and staff at SFU will be required to enroll in MFA. If you are a new employee (including TAs and RAs), enroll in MFA as soon as possible to maintain your access to SFU online services. 

Faculty and staff who cannot or do not wish to use a mobile device for any reason may request a hardware token as an alternative. To get started, visit the Set up MFA page for more information.

  • All students, sponsored accounts, retirees, and any other accounts will be required to enroll in MFA by December 2021, and will be fully supported if they choose to enroll sooner. 

Note: If you have a shared sponsored account, we recommend to hold off on enrollment until we have a process defined by Summer 2021. For more information regarding sponsored accounts, please visit our FAQ page.

Which SFU applications are protected by MFA?

Currently, MFA at SFU is only implemented for web applications using SFU's Central Authentication Service (CAS) for authentication. You will only be prompted for your MFA passcode when you sign into the following applications and/or services:


  • goSFU, SFU Mail, Canvas
  • FINS, myINFO
  • Maillist
  • Zoom
  • Microsoft 365 (via web portal)
  • SharePoint
  • AEM (
  • Research Ethics Application system (Kuali)


  • Remote Desktop

Note: Future services at SFU will require you to be enrolled in MFA. More details will be announced with the new services.

Do I need to have cellular service or data coverage to use the MFA Applications?

No; Aside from the initial app download, TOTP MFA applications do not require any internet connection, cell service, or data coverage to display the MFA codes.

Note: TOTP (Time-based One-time Password) protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.


Set up MFA

The initial setup includes three parts which will take approximately 5 minutes.

Manage MFA settings

You can manage the following MFA settings using the  SFU MFA Management App:

  • Change your MFA device,
  • Change your MFA mobile app,
  • View or generate emergency login codes, and
  • View or remove the browsers you authenticated to “remember you”.

Have questions? Please see our collection of FAQs or visit the MFA Toolkits.

For additional assistance, please contact your department’s IT staff or the IT Service Desk.

Required for

You may also be interested in