MCAD is upgrading its login security as required by our cyber insurance provider. Our Identity Provider (IdP) is OneLogin, which will handle Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for logging into your email and authenticating Google Workspace (Gmail, Drive, Docs, Calendar, and Meet, etc.).
Actions Required to Sign in to Google Services provided by MCAD
Install authenticator app
OneLogin offers OneLogin Protect, which we recommend for use with MCAD SSO as it lets you sign in via push notifications (like iCloud). It is available for both Android and iOS devices; should you switch devices Help Desk is able to help you migrate from one device to another. You can also use apps from other providers:
- Google Authenticator. Please note that this feature account support, so make sure you are using the correct account when scanning the QR code, we recommend that you use a personal Google account.
- Microsoft Authenticator. It also has account support for personal Microsoft accounts.
- Cisco Duo
- Twilio Authy
All of them are available for both iOS and Android; some of them are also compatible with macOS, Windows, and Linux, and they all have provide the same basic functionality to generate one-time passwords (OTP) to sign in. Keep in mind only OneLogin Protect offers the ability to receive push notifications on your mobile device!
After you have chosen and installed an app on your personal mobile device you can proceed to the next step.
Configure Multi-Factor Authentication
These steps will happen the first time Google requires you to sign-in to verify your identity or if you log out and log yourself back in if you have not yet configured this service:
- On your computer, go to https://gmail.com and click Sign In at the top.
- Enter your MCAD email address and your password. If your browser autofills them for you that’s okay.
- Gmail will forward you to the OneLogin sign-in page (White MCAD logo on deep blue background).
- Type in your MCAD email address and your password.
- OneLogin will start the enrollment process. It will provide links to the OneLogin Protect app if you haven’t installed it on your phone already, or you can use one of the other options (WebAuthn Biometric, or Authenticator). Click Activate.
- The page will display a QR code.
Now switch to your phone
- Open the OneLogin Protect app, or authenticator app of your choice.
- When prompted, Allow notifications. This is what allows the app to provide you with push notifications when you sign-in.
- Tap the ➕ sign to add a new account.
- iOS: Top right corner of the screen.
- Android: Bottom right of the screen.
- Scan the QR displayed on the computer screen.
- OneLogin servers will acknowledge the enrollment. If you’re using another authenticator app, type in the OTP (One-Time Passcode) to confirm enrollment.
- The process will finish and you’ll be forwarded to Gmail and you can access email as usual.
At this point you are now enrolled in MFA and don’t need to perform any additional actions. OneLogin should redirect you back to Google and finish the login process.
If you receive OneLogin notifications when you are NOT signing-in, change your password IMMEDIATELY.
It means someone has your MCAD password and is trying to sign-in to your account.
Go to https://password.mcad.edu to change your password.
Signing in to your MCAD Google account.
You will only be required to provide MFA when you are trying to sign-in to Google Workspace:
- Using a new device, whether it is a computer, tablet, or phone. Even if it’s borrowed for five minutes.
- Using a different web browser.
- Google periodically asks you to verify your identity.
- You sign out of Google Workspace manually.
After enrollment your MCAD Google account will require three things from you in order to sign in:
- Your MCAD email address.
- Your account password.
- Authorization from OneLogin Protect app, OTP from the authenticator app of your choice, Yubikey authorization, or biometric authentication.
- OneLogin Protect: You will get a push notification on your phone that you can open to confirm it’s you signing-in. Tap “ALLOW” or “ACCEPT” to authorize.
- Third-party authenticator app: Click Enter Code, then type in the OTP generated by your app.
- Yubikey: Insert the key into an USB port of your computer, then press your finger to the flashing light on the key to confirm.
- WebAuthn (Biometric): Use TouchID sensor or the fingerprint reader on your laptop. Be aware you need to use the same web browser you set-up MFA with! Otherwise this process will not work.
When the sign-in is successful, you’ll automatically be forwarded to your MCAD Google account.
Managing or adding additional Multi-Factor authenticators
Should you ever need to change MFA methods for whatever reason (getting a new phone, trying out a new app, setting up a Yubikey or TouchID), or if you wish to add a secondary MFA (RECOMMENDED), you can administer your MFA settings using the OneLogin self-service portal:
- Go to https://mcad.onelogin.com/
- Sign-in with your MCAD email address, your password and your MFA method.
- On the top-right corner of the page, click on your name, then Profile.
- On the left pane, click Security Factors
Depending on your device, operating system, and browser, a variety of additional methods are available:
- macOS: You can use TouchID only if you are using Google Chrome or Apple Safari. Firefox does not support it except in limited cases.
- Windows 10/11: You can use any device that supports Windows Hello.
- iOS: TouchID via Google Chrome or Safari. FaceID is only supported on iPad Pro devices!
- Android: Biometric devices via Google Chrome or Microsoft Edge.
- Additional 3rd Party Authenticators such as Microsoft/Google Authenticators can also be set up in this system.
If you have any trouble following any of these steps or if you encounter any issues along the way, please contact the Help Desk at helpdesk@mcad.edu, stop by the Help Desk during normal business hours (9:00 a.m. to 5:00 p.m , Monday-Friday), or call our office at 612-874-3666.