FAQ ‒ Services and resources ‐ EPFL

Below you’ll find a series of questions and answers to help you use Microsoft Entra ID and the Microsoft Authenticator application. This FAQ will be amended as and when IT teams come across new cases.

If your question is not answered here, please contact the Service Desk.

While completing the migration of our services requiring the 2FA from Gaspar/Tequila to Microsoft Entra ID, please keep your 2FA codes from Gaspar/Tequila.

Q: I want to use Google Authenticator, but the QR code doesn’t work.

A: When Microsoft Entra ID prompts you to download the Microsoft Authenticator app, do not click on Next, but instead click on the text “Use a different app” in the message body.

Q: I prefer to use Google Authenticator rather than Microsoft Authenticator.

A: During your enrollment, when Microsoft Entra ID prompts you to download the Microsoft Authenticator app, do not click on Next, but instead click on the text “Use a different app” in the message body.

Q: The Microsoft Authenticator app is asking me for a QR code, but I haven’t set up my second factor (2FA) yet.

A: First, uninstall and reinstall the Microsoft Authenticator app. Once the app is launched, you will be prompted to select an account. Choose the “Scan a QR code” option and then scan the QR code displayed on the Microsoft Entra ID authentication page.

Q: My password is auto-filled by my browser, but I have an AADSTS90019 error, why ?

A: It is possible that your browser or password manager has saved a password linked to a Microsoft account (private or institutional) or an old password. Not knowing exactly which account you are logging in with, it inserts a password that may be incorrect. Make sure the password is the current one – even if you have to enter it manually – and change it in your various managers if necessary.

Q: I can’t access my emails. I’m being asked for a QR code, but the Gaspar strong authentication isn’t working.

A: Email authentication now works with the Microsoft Entra ID solution. To activate this new authentication system, please refer to our video tutorials or contact the Service Desk.

Q: When I log in to account.microsoft.com, the page asks me for a code. However, I haven’t set up my strong authentication yet, what should I do?

A: To set up your new system, please refer to our video tutorials or contact the 1234.

Q: I’m trying to log in to account.microsoft.com with my email and Gaspar password, but I get a message indicating that my password is incorrect.

A: You can test the validity of your credentials on the gaspar.epfl.ch page. If the password works on Gaspar, it’s likely that your current password contains special characters. If so, please change your Gaspar password and remove the special characters.

Q: An Office/Windows application is asking me to stay connected to all my applications, what should I do?

A: When logging into an Office application on Windows, you may see a prompt at the end asking if you want to stay connected to all your applications. To avoid errors or looped connections, uncheck “Allow my organization to manage my devices” and click “No, sign in to this app only.”

Q: My Office suite applications, including Teams, are not connecting correctly to my account or showing a warning triangle, what should I do?

A: Simply log out and log back in to one of the Office suite applications.

Q: What should I do if I get the following error message: “Enter your used ID in the format domain\user or user@domain”?

A: Authentication on Microsoft Entra ID requires an email address in the format [email protected]. If you don’t have an EPFL email address, you must use your Gaspar username followed by @epfl.ch: [email protected].

Q: I changed my phone and need to reconfigure my strong authentication, how do I do that?

A: If you still have your old phone, log in to the page mysignins.microsoft.com/security-info. Then, delete the line corresponding to your current multi-factor authentication (MFA) method. Once deleted, you can restart the registration process by following our video tutorials. If you no longer have access to your old phone or if you need assistance with enrolling your new phone, please contact the Service Desk.

It’s the new authentication system being rolled out at EPFL. Microsoft Entra ID better meets our School’s needs and complies with Swiss cybersecurity and data protection standards.

Microsoft Entra ID stores data on various resources depending on the region in which users are based. For users in Switzerland, the eligible region is EMEA, whose data centers are located in the Netherlands.

Multifactor authentication is an enhanced security method whereby users must confirm their identity in several ways before being able to log into a system. The authentication factors can be a combination of passwords and codes, for example. Multifactor authentication reduces the risk of unauthorized people accessing your accounts.

The system collects information on your approximate geographic location, operating system, browser, IP address, authentication app and Microsoft account.

Microsoft Entra ID stores data logs for 30 days. The logs are also sent to EPFL’s IT security and incident management system, which compiles and analyzes security data.

Up to 90 days.

EPFL staff managing authentication systems and authorizations, and our IT security staff. You can also view your log on your recent activity page.

Physical tokens can be used with Microsoft Entra ID as well as Tequila and Gaspar. The authentication process using tokens will not change.

The process will remain the same and must still be done in Gaspar.

Yes. Gaspar accounts will remain active alongside Entra ID. Passwords will be managed by Gaspar until it is taken out of service.

No, you cannot. Only staff at the IT service desk can reset the two-factor authentication.

You can use [email protected] to log in.

The language used in the login window is the same as language set for your browser.

Contact our IT service desk to reset your two-factor authentication.

No, the second factor is mandatory.

Most EPFL services and resources have a “.epfl.ch” URL address, except for certain applications like office.com and Google Workplace. You should therefore pay close attention to the address of the link you click on. You should be redirected to an https://login.microsoftonline.com/ or https://cloudfs.epfl.ch/ page for the authentication process.

Yes. The recovery email address you provide will be used for the reset password feature for users who have forgotten their password. Our IT security staff may also use this email address to force a large-scale password reset in the event of a security breach.

You can contact the project manager.

Microsoft Authenticator is a two-factor mobile app that lets you log into third-party applications. Another such app is Google Authenticator.

No. If you prefer, you can use another app (such as Google Authenticator) that generates two-factor authentication codes. However, we may require Microsoft Authenticator for certain sensitive administrative users and accounts, owing to the app’s heightened protection against identity theft.

It offers passwordless sign-in and push notifications for increased security and convenience.

Capability	Microsoft Authenticator	Google Authenticator
Two-factor authentication (2FA)	Yes	Yes
Passwordless sign-In	Yes	No
Account backup and recovery	Yes	Yes
Multi-platform support	Yes	Yes
Push notifications	Yes	No
Time-based one-time password (TOTP) generation	Yes	Yes
Biometric authentication support	Yes	No

The app works with Android 8.0 and above and iOS 15.0 and above.

he app collects GPS information to determine the place from which a connection is made. Your country and/or region along with the coordinates are recorded in the Microsoft Entra ID log. When you use Microsoft Authenticator with Microsoft Entra ID, the data in the log are checked against those in the app to make sure they match

On Microsoft servers in the United States.

Watch the video on this page.

Open the app and simply tap on the corresponding account to display the 6-digit code.

No, there’s no need. During the process to set up two-factor authentication, click on the “Unable to scan image?” button. This will show you what information to enter manually into the authenticator app. Different information will be required depending on whether you use Microsoft Authenticator (code and URL) or Google Authenticator (account name and secret key).

If you use Microsoft Authenticator, this window will appear:

If you use Google Authenticator, this window will appear:

Previous