Intended Audience
The purpose of this document is to help you set up multi-factor authentication to use Cisco AnyConnect. This is replacing the current DUO multi-factor application currently in use. These two applications (MFA and AnyConnect) work together to allow you to connect to the CWF computer network through a Virtual Private Network (VPN) while at home or traveling.
MFA is a multi-factor authentication application. It will be used to verify your credentials while you connect to the CWF VPN network. MFA will consist of "something you know" (password) and "something you have" (your phone app).
AnyConnect is the application used to connect to the VPN. It will require MFA before it will connect you. AnyConnect should have been already installed on CWF laptops. Cisco AnyConnect is installed on CWF laptops before they are issued.
NOTE: Disconnect from VPN before starting this procedure.
Installing the Microsoft Authenticator on your phone
You will find the Microsoft Authenticator in your App Store or Google Play Store.
2. Install the app on your phone and click Open. If you receive a request for the Authenticator to send you notifications, please click Allow.
Skip any intro requests. When you reach the screen that allows you to add an account, click the ADD ACCOUNT button.
NOTE: If you are using an iPhone, you might receive a window informing you
of the usage data and/or a backup. Please click OK/Continue.
3. You will be asked to pick between three options (Personal account, Work or school account or Other). Choose Work or school account.
4. Allow the Authenticator to take pictures and send notifications.
iPhone example: Android example:
5. The QR Code reader will come up. At this time, you can put your phone down until Step 10 of Initial install of Microsoft Multi-Factor Authentication.
NOTE: Some mobile phones might receive the below message after taking the picture. If you do not receive
the message at this time, you will more than likely receive it further along in the setup.
Initial Setup of Microsoft Multi-Factor Authentication
- Open a web browser on your computer and log into Office.com.
- This screen will popup asking for your email address. Type your CWF email and click Next.
3. The Colonial Williamsburg Federated Sing-On screen will look like this. Ensure your username is correct, type your CWF password and click Sign in.
4. When your account comes up, look for the picture (or your initials) on the top right-hand side of the screen.
Click the picture/initials and you will see the My account. Click My account to open your account overview.
5. The Security Info box in the middle of the screen. Click on Additional Security Verification.
6. The Additional security verification window will open and look like this.
Step A – Make sure that you change the default verification option to Notify me through app.
Step B – Check the box next to the Authentication Phone and add your country then your mobile phone with the area code, if it is not already there.
Step C –Check the box next to Authenticator app or Token. Then click the Setup Authenticator app button.
2. In the Connection field, type secure.cwf.org and click Connect. You should only have to enter this once to fill it in. Any other connections from the same system will have this listed.
3. At the login prompt, you will see a drop-down menu. Select the CWF_VPN (with the underscore) from the drop-down.
This will change the way you usually see the VPN login. This is ONLY for those using Microsoft MFA.
NOTE: DUO will still be used the same until it is removed from the network.
4. The Cisco AnyConnect window below will pop up. If you find you mistakenly chose the wrong VPN Group, you can use the drop down here to change back to using VPN with DUO.
5. This screen will popup asking for your email address. Type in your CWF email here and click Next.
6. The Colonial Williamsburg Federated Sign-On screen will look like this. Enter your username and password. Click Sign in.
7. After logging in, this window will appear requesting more information. At the More information required screen, please click Next.
8. Now you will need to provide additional information. This screen will come up with the Authentication phone. Choose the drop-down menu for the Mobile app. DO NOT CLICK NEXT.
9. After you have chosen the Mobile app in Step 1, click the button next to Receive notifications for verification (Do not use verification code). After this, click the Set Up.
10. This is where you will need your mobile device. The phone should open to where you left the QR Code option. Line up the phone with the QR code shown on your screen. This will transition to Step 2. Keep your phone unlocked.
11. Step 2 of the process will begin. Have your phone unlocked. At this time, you will receive a push notification from the MS Authenticator on your mobile device. Click Approve.
This is what will appear on your mobile device. It will time out after one minute.
This is what will appear on your computer screen. It will stay like this until you acknowledge the request on your mobile device.
12. Step 3 will allow you to add your mobile number in case you run into any issues in the future or need to set up the Authenticator again.
Related articles