【FAQ lists】

Multi-Factor Authentication(MFA)

Overview

When you log in to the University's SSO System from off-campus networks, you must enter your Osaka University personal ID and password, and then enter your six-digit authentication code (one-time password). (MFA stands for Multi-Factor Authentication).

Where can I find out how to register MFA?

You can find the link "Multi-Factor Authentication (MFA)" on the Campus-wide IT Authentication Platform Service portal site. The link will take you to the MFA overview and registration procedure page.
https://web.auth.osaka-u.ac.jp/portal/en/

I don't plan to use the SSO system from off-campus at the moment, but is it okay if I don't register MFA?

if you do not register within 90 days of pre-registration period,you will not be able to access from off-campus. Osaka-University has a system for reporting on the crisis management ,such as Osaka University Safty Confirmaton System in My Handai. Even if you do not plan to use the SSO system from off-campus,we ask that you register MFA in advance so that you will be able to take necessary actions from off-campus.

What happens if I do not register during the pre-registration period (90 days)?

You will not be able to login to the SSO System from off-campus networks. The following procedure is required.
a. Access the MFA registration URL from the campus network and register the MFA.Please check the following website.
https://web.auth.osaka-u.ac.jp/mfa/en/mf4mobile.html

b. Submit a personal ID reissue form by internal mail or fax.(In this case, your password will be reissued at the same time for security reasons.)Please check the following website.
https://web.auth.osaka-u.ac.jp/portal/en/password.html

What procedures need to be taken when I buy a new device(smart phone, tablet, PC,etc.) ?

Please refer to the information page below for explanations.
https://web.auth.osaka-u.ac.jp/mfa/en/mf4mobile.html

I have already done multi-factor authentication with ICHO or OUMail, do I need to re-register?

This is a different system than the ICHO and OUMail system. This system is set up for off-campus access to Campus-wide IT Authentication Platform Service (such as My Handai,KOAN,CLE,etc.).

Even if I am on campus, if I log in using my smartphone, is it treated as off campus?

If you are connected to your cell phone company's line, you will be treated as an off-campus network user.

Can MFA registration be done on a university computer?

Yes, you can register MFA from either on or off campus.

Can I register and use the app on multiple devices?

If you set up MFA registration on more than one device, only the authorization code of the mobile app or add-on on the device where you last registered the MFA will be valid.

How do I reset the "Temporary Release Code"?

Please re-register your MFA as you cannot reset the temporary release code only. (In this case, please delete the account you have already set up in the app or add-on in advance.)

MFA registration problem

I keep failing to register many times, what is the cause?

It is also related to the clock on the device. If the clock is off, please adjust it. If you fail MFA registration, check time and date setting of your smartphone. Please check Set automatically. Evenif the setting is on, please check it off and check it on again, and restart your smartphone.

After MFA registration, I checked the box for "don't ask the verification code for a given of time". But it does not work.

It depends on the settings of your web browser. The information is stored in your web browser's cookies, so if you have your web browser set to clear cookies when you close it, this could be the case.

When I enter everything on the MFA registration screen and click Register button, the temporary release code will be blank and I can not finish MFA registration.

The temporary release code must be 4-8 digits. If you enter any other symbols or letters, the temporary release code will be blank and you will not be able to register the code even if you click on "Register".

Browser addon (extension)

If I register MFA with a browser addon on a university computer, will I be unable to log in when I am working from home?

If you don't take your PC which you used for MFA registration, there is no way to display a one-time password, so you can't log in using an authentication code, but as an emergency measure, you can temporarily deactivate it (temporary release)and then log in.(about temporary release:a maximum 5 times, 2 hours per release.)

When I click on the "Scan QR Code" button in the Authenticator (browser addon), the QR code appears and the crosshair symbol automatically moves to enclose it over and over again, but the QR code cannot be recognized.

The automatic scanning of the QR Code is a sample video. Could you drag the mouse over the original QR code (the one behind the sample video), which is faded in color at the back of the screen?

About Web browser addon,how can I register MFA manually without QR code scan?

[Manual Entry]
1) Click on the pen symbol from the Authenticator symbol in the upper right corner of the screen.
2) Click on the "+" mark.
3) Click on "Manual Entry"
4) Enter the following two places
Issuer: enter "osaka-u".
Secret: Enter the "Manual input code" at the bottom of the table that shows the QR Code (case is not sensitive).
5) If the code is entered correctly, the Authenticator will display an authentication code (6-digit number) will be displayed.
Enter the authentication code in the ③Authentication code (for confirmation) below ②QR code field → click on the check button.
Thereafter, it's the same as setting up a QR code.

I installed the Authenticator on firefox, but the icon does not appear in the menu bar.

Normally, the icon is shown, but if you are running in a private window, the icon may not be shown. Please check it. If you don't need to run firefox in a private window, just set it to normal mode and then the Authenticator icon will appear.

I installed the Authenticator on Chrome, but I can't see the icon in the menu bar.

Use the Extension Tool icon in the top right corner of your web browser screen.Click on the Extension Tool icon and you will see the Authenticator in it, click on the thumbtack icon to the right of the Authenticator -> the thumbtack icon will turn blue and the Authenticator tool will appear next to the Extension Tool.

Can I install the Authenticator browser addon in Safari (Mac) and set up MFA authentication?

Safari does not have a verified Authenticator, so please get another browser (Chrome, Firefox) and then install the Authenticator addon.

Mobile application

Can I use this service on smartphones and tablets without a contract with a phone company (no SIM)?

It is available. After connecting to Wi-Fi or other devices and installing the authentication app, you can register your MFA even if you are not connected to the network and the 6-digit authentication code will be displayed.

I can't download Microsoft Authenticator because the Android OS is old.

Google Authenticator has been tested and is available, please try to see if Google Authenticator can be downloaded or not. you can get it from Google Play or App store for free.If it is difficult, please use browser add-on to register it.

After installing "Microsoft Authenticator" and clicking "Open", the manual says that you will be presented with the "Add Account" screen, but "Set up passwordless Sign-in for your Personal Microsoft Account" screen is displayed.

You will see a Microsoft directions page for people who have a personal Microsoft account, so ignore that and press "Skip" at the bottom. And then,you can see a "Add Account" button. If you press that button, you can follow the instructions.

When setting up the MFA, if I select "other accounts" in the app on my phone to add an account, I am prompted to enter my "account name" and "private key", I cannot scan the QR code.

It appears that the camera is disabled. Please enable the camera setting for the app (Microsoft Authenticator) in your smartphone's settings.

I accidentally deleted the Authenticator app after registering the MFA.

If you deleted the app after registering the MFA, you will need to re-register the MFA. Check the following page and complete the MFA re-registration process. https://web.auth.osaka-u.ac.jp/mfa/en/mf4mobile.html
Don't just scan the QR code, be sure to complete the entire registration procedure, including the registration of the temporary release code.

Other

Please refer to the following information page for more information on MFA.
https://web.auth.osaka-u.ac.jp/mfa/en/mf1top.html

Frequently Asked Questions

I can log in ‘My Handai’ and ‘KOAN’. However, I cannot log in ‘ODINS’ and ‘OUMail’.

Count a total number of characters in your password.
If you set your own password over 17 characters:
Your password is automatically cut after 17 characters.
Log in with first 16 characters.

I cannot log in SSO system after I changed my password.

Count a total number of characters in your password.

Our Password rule is: Use a password that has at least 12 characters and 16 characters or less, use at least one number, one uppercase letter, one lowercase letter and one special symbol.

  • If you set your own password over 17 characters:
    Your password is automatically cut after 17 characters.
    Log in with first 16 characters.

  • If you set your password between 12 and 16 characters:
    You might have mistyped your password.
    Check that your keyboard Caps Lock and Num Lock are off, and retype your password.

I get a message saying “Access error”, when I clicked the URL to confirmation be sent to my email address.

Probably you have not closed all web browsers. Close all browsers including email. Then, try again. Enter OUPID and previous password after you was directed to log-in page.

NOTE: Other Tips
Try a different browser.
Clear your browser cache. Refer to your browser help for instructions.

Upon first-login procedure, what e-mail address should I register in ‘User Information’?

Register the email address provided by Osaka University. Its ending should be ‘osaka-u.ac.jp’. Also, you should register a valid email.

For faculty and researchers:
Your email address will be provided by your department. If you are not sure it please ask your General Affairs. Also, please confirm your e-mail address are ready before you proceed the first-time procedure.

However, providing an email is optional for some users. For more information, click here .

NOTE: OUMail account is only for students.

For office staff and students:
Your email address is automatically registered. You cannot change it.

I have not received the email with the link for activation a new password.

Check the spam or junk folders of your email program. Some programs automatically sort emails into the spam folder based on specific keywords.

  • Be sure your email address meets our requirements. Register the email address provided by Osaka University. Its ending should be ‘osaka-u.ac.jp’.
  • You might have mistyped your email address.
    Input correct email address. Also, check if ‘Caps Lock key’ is stuck or not.
  • Use valid email.
    Your email have to be setup correctly.
  • OUMail account is only for students.

NOTE: For office staff and students:
Your email address is automatically registered. You cannot change it.

When is the switched content updated?

It is updated the day after you change.

The Osaka University Personal ID

How can I get the Osaka University Personal ID ?

Issuance of the Osaka University Personal ID is stipulated in the Usage Policies of the Campus-wide IT Authentication Platform Service. A Personal ID is issued to meet the conditions of these policies.

As faculty, staff, and students in Osaka University receive the notification of Personal ID from the Department of Information and Communications Technology Services through in-house mail service, They do not need to make application in advance. Please note that it may take some time to receive the notification at the beginning of an academic year due to the rush of delivering new notifications.

If you need your personal ID in a hurry, contact Information and Communications Technology Services Planning Group, Information and Communications Technology Services Planning Division, Department of Information and Communications Technology Services.

Students who enrolled in Osaka University before the 2007-08 academic year can use their old Unified Account (user name) that they were informed of at the time of their admission as their Osaka University Personal ID.

Persons not fitting one of the above categories but who need the Osaka University Personal ID must make apply separately. For application, please contact a General Affairs staff member of your organization.

I have forgotten my password and cannot login the system. What should I do?

Even administrators don't have the means to retrieve your password. You need to apply for password reissue. Even if your password is reissued, your personal ID will not change.

For the procedure for reissuing your password, please go here.

How do I change my password?

You can change your password in the following steps:

  • Access to portal site
  • Input Personal ID and Password on the login screen of the Campus-wide IT Authentication Platform Service in Osaka University
  • click on "Change of password, user attribute informations" in menu.

Then a screen to change your password, email address, and extension number will be displayed.

Students can change only their password. However, staff can change all items except for their email address(es); faculty, all items.

Is there a limit in the number of characters and usable characters as password rule ?

For password rules, see the Password Rules on Campus-wide IT Authentication Platform Service in Osaka University.

Under the current Campus-wide IT Authentication Platform Service, the number of characters in a password is set at more than 12 characters and less than 16 characters.

What is a Role ID ?

Under the old Campus-wide IT Authentication Platform Service, multiple Personal IDs were issued to the same person belonging to several organizations and having several positions. Such users had to login to different systems using different the Osaka University Personal IDs, which was troublesome for them.

To solve this problem, under the current Campus-wide IT Authentication Platform Service, the Osaka University Personal ID used in an SSO login authentication process is limited to one per person. A new Personal ID system has been designed so that users with different attributes in job titles and positions can login to SSO federation systems in campus without using different IDs.

In the current Campus-wide IT Authentication Platform Service, users with multiple the Osaka University Personal IDs, the ID necessary for the SSO login authentication process has been unified to the Personal ID for which personal attributes such as name and date of birth are related. Other personal attributes such as organization and job title concern the Role ID. In this way, the two types of ID are related and used in systems.

The Personal ID and Role ID of users who have only one Personal ID are usually the same, but some persons have a Role ID different from their Personal ID. Users who had multiple personal IDs can see the "Role Selection" screen by clicking the link to List of Available Role IDs after SSO login authentication.

For more information, see "Guide for Users”.

In addition to the SSO federation systems, users can login to the following systems through authentication using their Role ID.

Systems requiring Role ID to login:

  • Information Education System, CALL System, Library multimedia terminals
  • OUMail

For more information, see Systems login authentication using Role ID.

Login

I cannot login. I get a message saying, “Authentication Error. You cannot login. Your Personal ID or password may be incorrect.”

There are two possible causes.

  1. You have entered an incorrect Personal ID or password. Make sure that the Caps Lock and Num Lock keys on your keyboard are toggled properly (usually, Caps Lock should be off and Num Lock [Windows only] should be on.) Alphabets used in Personal ID must be lower-case characters. In old system, upper-case and lower-case characters were mixed in Personal IDs for SSO login authentication, but the change has been made to contain only lower-case alphabet characters in a Personal ID. Thus, if alphabet characters in the notification of your Personal ID are written in upper-case characters, please replace them with lower-case characters. For more information, please go here.
  2. The password change has not been updated. It may take some time to be updated on the system. Try again after from 5 to 10 minutes.

I cannot login. I get an error message saying, “Error Code - SASE0038 Message -- the session is not valid.”

This error message often appears because URL of the web site has been typed incorrectly. Make sure the address in the bookmark is correct and try again.

For example, the correct URL of My Handai is https://my.osaka-u.ac.jp/. However, if you register the URL of the login screen as a bookmark after the completion of even one login step, a subsidiary URL will be registered as the bookmark and use of that bookmark will result in an error.

Use the correct URL for the system you're going to use.

I cannot login. I get a message saying, “Access error or HTTP error.”

Under the Campus-wide IT Authentication Platform Service, cookies are used in order to manage the session from login to logout. So please check the following.

  • Make sure that cookies are enabled in your web browser.
  • Make sure Java Script is enabled in your web browser.
  • If the error message appears when accessing the URL for registration of user information, close all web browsers before accessing.
  • In Internet Explorer;
    (1) Select "Internet Options" from the Tools menu;
    (2) In the Internet Options dialog box select the "Security" tab;
    (3) Click Custom level at the Medium or higher.
  • In Internet Explorer;
    (1) Select "Internet Options" from the Tools menu;
    (2) In the Internet Options dialog box select the "Privacy" tab;
    (3) Click setting of Medium or higher.

I cannot login on Mac OS X and Safari. I get an error message saying, “An error occurred in SSL client authentication.”

This is a unique problem for SSL authentication (in Campus-wide IT Authentication Platform Service) using Safari.

In Safari, if a user's certificate is stored in a keychain, regardless whether the certificate can be used in the Campus-wide IT Authentication Platform Service or not, the certificate will be used. For that reason, if the user has a certificate issued outside of the Campus-wide IT Authentication Platform Service, the above error may happen.

To use the Campus-wide IT Authentication Platform Service, try one of the following.

  • Use Firefox instead of Safari. (https://mozilla.jp/firefox/)
  • Create a new account in Mac OS and use the terminal through the new account.
  • Delete the user certificate stored in the keychain by following these steps.

How to delete the certificate
Please note that you will not be able to receive services using certificates if you delete them.

  1. From a Finder Window, open Applications, Utilities - Open Keychain Access
  2. Highlight the "login" keychain. Then select Certificates in the bottom menu (category). The user certificate will be displayed in the right side of the window.
  3. After copying the user certificate (for SSL authentication) somewhere, delete the certificate in keychain.
  4. Close Safari and try again.

What web browsers can be used for this system ?

We have verified that Campus-wide IT Authentication Platform Service is available in the following operating systems and web browsers.

OS\Web browserEdge 89Firefox 86Chrome 89Safari 13Safari 14
Windows 8.1--
Windows 10--
Mac OS Catalina---
Mac OS Big Sur--

Official Microsoft support for Internet Explorer for Mac has ceased. So its use is not recommended.

Campus-wide IT Authentication Platform Service in Osaka University

What campus systems can access with the Campus-Wide IT Authentication Platform Service?

As of July 2021, SSO federation systems in campus were as noted below:

Please note: to access some systems, you may need to complete application in advance. If you cannot use one of the SSO federation systems, please contact the administrator of that system.

  • My Handai
  • Work Management System
  • Travel Expenses System
  • Financial Accounting System
  • Student Administration System (KOAN)
  • Collaboration and Learning Environment
  • Researchers Data System
  • Campus License for Microsoft Products
  • Library Web Service
  • Career Support web
  • Employment Support System
  • Application for Permission for Animal Experiments
  • Graduate School of Science & School of Science web site (only available internally)
  • International Student Support System, Support Office web site
  • Osaka University Web Library
  • Photonics Center Portal
  • E Content Remote Access Service
  • Web-based Pre-registration and Questionnaire System for health examinations
  • IPRISM System
  • OSAKA University Portfolio System for Studying-abroad
  • Stress Check System
  • Research Center for Nuclear Physics (www)
  • The Enrollment and Tuition Fee Exemption Application System
  • Osaka University Goods Procurement System
  • Overseas Travel Resistration System
  • Information for technical support staff (only available internally)
  • Ground and Tennis Court Reservation System for School/Graduate School of Engineering
  • Conference Room & Lecture Room Reservation Management System for Graduate School of Engineering
  • Webpage of the Center for the Study of Higher Education and Global Admissions
  • Instruments reservation & contract service reception system
  • Repository Deposit System

In addition to SSO federation systems, users can use by login authentication the following systems using their Role ID.

Systems requiring your Role ID to login:

  • Information Education System, CALL System, Library multimedia terminals
  • OUMail

For more information, see Systems login authentication using Role ID.

Regarding questions other than the above, where should I direct questions ?

Please contact Campus-wide IT Authentication Platform Service staff.