SSO MFA FAQ
Frequently Asked Questions for Multi-Factor Authentication
Is this required?
- Yes. You must have one form of MFA. This is to improve our security posture and help protect your user accounts. We highly recommend 3 for our initial implementation.
How do I set this up?
- Please follow these instructions (PDF)
What happens if I forgot my phone?
- You will be able to use security questions.
Can I use Google authenticator or another third-party authenticator app?
- No. The only app supported by IT services is the Microsoft Authenticator app, available for both Android and Apple products.
Does this affect my Raider email account login?
- No. This MFA is for SSO only at Student Login – Rose State College. It is not tied to raider.rose.edu Gmail or Microsoft accounts.
How long do I have to enter the code generated by Microsoft Authenticator?
- The Microsoft Authenticator app generates a unique code every 30 seconds. The code is synchronized with a server, so it changes every 30 seconds. This means that you only have 30 seconds to enter it before it expires.
How do I know if I was successful?
- Once the Microsoft Authenticator app has been successfully configured you should be able to see the image below on the SSO under the Authenticator tab.
Please Note that the authenticator app will utilize different setups for SSO access and Microsoft account access
Policies and Procedures
From the Rose State College 2026 Policies & Procedures Manual:
Sec. 5-3 (e) (4) Multi-factor Authentication (MFA): To further secure access to Rose State College’s electronic computing and information resources, Multi-Factor Authentication (MFA) is required for all user accounts accessing rose.edu and raider.rose.edu domains. All users will be required to have a device to receive SMS code or use authentication software. RSC will not provide devices for user account authentication. No exceptions will be granted.
Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act, sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.
- 314.2 Definitions.
(c) Design and implement safeguards to control the risks you identify through risk assessment, including by:
(5) Implement multi-factor authentication for any individual accessing any information system, unless your Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls.
(k) Multi-factor authentication means authentication through verification of at least two of the following types of authentication factors:
(1) Knowledge factors, such as a password.
(2) Possession factors, such as a token.
(3) Inherence factors, such as biometric characteristics.