Frequently Asked Question

How do I setup Multi-Factor Authentication on my account?
Last Updated a year ago

The ESU #2 requires Multi-Factor Authentication (MFA) to be enabled on all staff email accounts. We utilize a protocol to generate tokens called Time-based One Time Password (TOTP). This protocol will probably feel familiar as lots of other services use the same protocol, or something similar.

In order to setup your MFA token, you will need a TOTP compliant Authenticator application. This can either be a password manager, or an app on your phone or desktop. The ESU2 recommends using the provided password manager, Bitwarden, to store your TOTP codes. For more information on how to setup a password manager, please view this page.

Other TOTP compliant authenticator options include Google Authenticator, Authy, privacyIDEA Authenticator, etc. These other options have been tested as working, but will be considered unsupported by the tech department. For your best experience, please use Bitwarden.

When logging into a service that requires you to enable MFA, like your email, if you have not already setup a token, it will generate one for you and ask you to add it into your password manager. The following site,, will always ask you to setup your MFA token if you have not already.

Please be warned - the token enrollment / shared secret will only be shown once. If you navigate away from the page without storing it, you will not be able to recover it. Please contact the tech department if you need help resetting your TOTP token!

A video is provided, otherwise written steps are show below as well:

Here are the steps for the enrollment process:

  1. Go to
  2. Sign in using your normal SSO credentials
  3. You will see a page with a QR code you can scan with your phone, or a block of text you can copy into an app of your choice. Here is an example of how it would look:
  4. Add the code into your app of choice and save it. If you use a Bitwarden browser extension, it will look like this: 
  5. Copy the code generated by your Authenticator app into the 'one time passcode' input and hit submit to complete the registration process
This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.

Loading ...