Multi-Factor Authentication (MFA)

About MFA

MFA uses the combination of two or more credentials to verify identity. It is used at the University of Bern to better protect data and applications, to protect critical areas and to prevent identity theft.

The currently used 2-factor verification uses a combination of two different credentials to verify identity:

  1. what user knows: password
  2. what user has: mobile phone

Various contact methods can be selected for the second verification step. Access to the desired application/website then takes place optionally:

  • with an Authenticator App
    (you receive an access request, which you confirm with a click)
  • with an SMS to your mobile phone
    (you will receive a code via SMS which you enter on the login page of the application/website).

The following requirements must be met in order to use the MFA for services provided by the University of Bern:

  • valid campus account
  • mailbox on the central Campus Groupware
  • mobile phone with SIM card

Set up and use MFA

I have not used MFA at the University of Bern before, how can I register?

You should activate at least 2 contact methods when registering. The contact methods can be changed later.

One of the contact methods must be defined as the default method. We recommend setting up the Microsoft Authenticator app as the default method. However, you can also define another authentication app or contact method as the default.

I want to register an MFA method?

I want to change the MFA methods?

Applications that require MFA

You will need MFA for the following applications if you want to access them from outside the uni network:

  • Fortinet VPN
    Important: For VPN, you need a FortiClient in version 7 or more recent as well as the SAML profile (for Single Sign-On); the corresponding instructions can be found here.
  • Microsoft 365 services such as Office, Outlook, OneDrive, Teams, email, etc.
  • Microsoft Azure Services
  • Other applications for which the responsible office enforces MFA

Frequently Asked Questions (FAQ)

You can register for MFA at any time. We recommend doing this at least 1-2 weeks before the planned Mail2Cloud changeover.

MFA policies for different application areas:

  • VPN - every 14h
    When having established a connection by using your Campus Account and MFA you won't have to re-authenticate during a timeframe of 14h, when connecting to VPN from the same client.
  • Web Browser - every 7 days
    When using a web browser or a progressive web application (PWA) for accessing our services from outside the UniBE network, you will have to re-authenticate using your password and MFA every 7 days.

    Session/Cookie add-ons or Ad-Blocker may have a negative impact on the given timeframe.
    Changes to your browser or operating system (updates, config changes) may trigger a re-authentication.
  • Desktop applications - 90 days of inactivity
    When using a supported desktop application you won't be asked for an MFA re-authentication usually.

    However, an inactivity of 90 days and changes to your application or operating system (updates, config changes) may trigger a re-authentication.


Receiving SMS messages is always free of charge, even abroad.

Since there is a direct link between your MFA registration and the devices you use:

  • Install the Authenticator app on the new smartphone (either by transferring the apps from your old device or by reinstalling it)
  • Register for MFA again with the new device
    For accessing the MFA management site, you may have to verify once again using your old device.
    If you shouldn't have access to your old device anymore, please contact our servicedesk for an MFA reset.
  • Remove the old device as an authentication method

To prevent possible misuse:

  • Please contact the service desk so that they can reset the MFA registration

If you shouldn't own a mobile phone and thus can't install an authenticator app or receiving SMS, please contact our ServiceDesk for discussing possible alternatives.