Multi-Factor Authentication (MFA)

Many Luther services are protected by a Multi-Factor Authentication (MFA) sign-in that uses your Norse Key .

Note: This is a separate sign-in and multi-factor process than the one for your Norse Apps (i.e. email). Learn more about 2-Step Verification for Norse Apps .

Initial sign-in prompt for Microsoft MFA

Initial sign-in prompt for Microsoft MFA

Set Up Multi-Factor Authentication

The first time you sign in to any of the services listed at the top of this page you’ll be prompted to turn on Multi-Factor Authentication. Alternatively, visit to set up or alter your Multi- Factor Authentication settings.

You’ll see a Microsoft prompt— Sign in with your Luther Email address and Norse Key password. If you’re asked, choose “Work or School Account”.

After signing in, you’ll see a “More information” prompt.

You have several options for your 2-factor authentication. For your primary method, we strongly recommend the Microsoft Authenticator app’s push notifications or phone calls. Some services don’t support verification through text message or app-generated codes.

Here’s how to set up each method:

A window with the message "More information required—Your organization needs more information to keep your account secure", followed by a "Next" button

MFA setup prompt

Microsoft Authenticator (recommended)

Note: The Microsoft Authenticator app is only available for mobile devices.

  1. On a computer rather than a phone, visit
  2. Follow the on screen prompts—you’ll pause when you see QR code. If you’ve already setup a different method but just want to add the authenticator, first you’ll need to choose “Add sign-in method” and then “Authenticator App”.
  3. Download the Microsoft Authenticator app on your mobile device ( iOS, Android, Windows Phone).
  4. When adding your account, choose “Work or school” account. 
  5. DON’T sign in to the phone app—instead, choose the Scan QR code setup path.
  6. Accept the push notification on the Microsoft Authenticator app.
  7. Lastly, your computer will show a two digit code—enter the 2-digit confirmation code into the Authenticator App when prompted to finish setup.

Don’t delete the app after setup—you’ll be locked out unless you’ve setup another method, like a phone number (see below).

Phone call or text message

  1. At the multi-factor setup page, choose Phone and enter a phone number.
  2. You’ll get a call or text with a one-time verification code
  3. Enter the one-time verification code on the multi-factor setup page and click Done .

Other authenticator app

  1. On a computer rather than a phone, visit
  2. If this is your first time setting up MFA, choose “I want to setup a different method”. If you are adding this method later, choose “Add sign-in method”, then “Authenticator App”, and then “I want to use a different authenticator app”
  3. Pause when you see the QR code and begin the new account setup process in your authenticator app.
  4. If your authenticator app can scan QR codes, scan the new code; otherwise, click “Can’t scan” and enter the alphanumeric “Secret Key” into your authenticator. If successful, your authenticator should display a 6 digit numeric code that cycles every 30 seconds.
  5. After you click next on the original MFA setup page, you’ll be prompted for the rotating code from your authenticator app. If successful, you should be taken back to the main setup screen.


Q: How do I change my MFA settings?

Q: What do I do if I get locked out? Are there backup codes?
Backup codes don’t exist yet for this system. Call the Technology Help Desk for help altering your MFA settings.

Q: The verification options above don’t work well for me. What should I do?
If you don’t have a phone number at all, we recommend the browser extension; if you have a phone number but prefer to authenticate from a computer, we recommend Authy. Both of these methods will work for most MFA services. Both of these methods can be set up using the other authenticator app instructions above.

Q: The verification code from my authenticator is always rejected. What am I doing wrong?
It’s important to know that verification codes are time based, and that each code only covers a 30 second window. Our first recommendation is to wait until a new code is generated so that you have the full 30 seconds to complete the sign-in or setup process. If that still doesn’t work, make sure that the clock and time zone on both devices are exactly the same. Also make sure your clock is getting the correct time “automatically” rather than using a manual setting.

Technology Help Desk

Preus Library
Main Level
700 College Dr
Decorah, IA 52101

Spring Hours

Limited services after 5 pm and on weekends

M-Th: 7:30 am – 9:00 pm
F: 7:30 am – 5:30 pm
Sa: 2 pm – 5:30 pm
Su: 12 pm – 9:00 pm

Full Hours

Phone: 563-387-1000