Multi-Factor Authentication


Extra layer of protection for your account

SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code). 

By using MFA, your digital identity, data, and access to systems are still protected even if your password is compromised.

Who needs to set up MFA? 

MFA enrollment is required for all faculty, staff and students.

  • All faculty and staff at SFU are required to enroll in MFA. If you are a new employee (including TAs and RAs), enroll in MFA as soon as possible to maintain your access to SFU online services. 

Faculty and staff who cannot or do not wish to use a mobile device for any reason may request a hardware token as an alternative. Visit the Set up MFA page for more information.

  • All new students are required to enroll in MFA by the end of your first semester. We recommend enrolling prior to the end of the semester to maintain your access to SFU online services. 
  • All other accounts, including current students, retirees, alumni and sponsored accounts, will be required to enroll in MFA during 2022 (finalized dates are pending). 

Note: If you have a shared sponsored account, we recommend to hold off on enrollment until we have a process in place. For more information regarding sponsored accounts, please visit the FAQ page.

Which SFU applications are protected by MFA?

Currently, MFA at SFU is implemented for web applications that use SFU's Central Authentication Service (CAS) for authentication. You will be prompted for your MFA code when you sign into most web applications and/or services at SFU, including:


  • goSFU, Canvas
  • FINS, myINFO
  • SFU Mail (via a browser)
  • Zoom
  • Microsoft 365 (via web portal)
  • SharePoint
  • AEM (
  • SFU Maillist (
  • Research Ethics Application system (Kuali)


  • Remote Desktop

Note: Future services at SFU will require you to be enrolled in MFA. More details will be announced with the new services.

Do I need to have cellular service or data coverage to use the MFA Applications?

No; Aside from the initial app download, TOTP MFA applications do not require any internet connection, cell service, or data coverage to display the MFA codes.

Note: TOTP (Time-based One-time Password) protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.


Set up MFA

The initial setup includes three parts which will take approximately 5 minutes.

Manage MFA settings

You can manage the following MFA settings using the  SFU MFA Management App:

  • Change your MFA device,
  • Change your MFA mobile app,
  • View or generate emergency login codes, and
  • View or remove the browsers you authenticated to “remember you”.

Have questions? Please see our collection of FAQs or visit the MFA Toolkits.

Need additional assistance?

Required for

You may also be interested in