Setup multi-factor authentication

If your password is weak or has been exposed elsewhere, is it really you signing in, or is it an attacker? Multi-factor authentication (MFA) helps protect your account by adding additional verification methods beyond a password.

How does MFA work?

Registering MFA methods such as notifications or codes received by mobile app, phone, or text messages on your account makes it harder for bad actors to log in as if they were you.

You may even be familiar with this feature: your bank, social media, and shopping sites already offer multi-factor authentication to help protect your personal data! 

Depending on your configuration, from time to time you'll need to process an approval request or type in a numeric code retrieved from your phone or email.

You won't have to do this every time you log in; eventually, the system will recognize all of your devices and locations. It will only prompt you for an additional authentication confirmation when you are logging in from a brand new device or location it has not seen before. Why? Because log-in attempts from unrecognized devices or locations are often someone else attempting to compromise your account.

Need help?

These instructions will continue to be updated as we receive user questions. If you encounter any issues registering MFA on your account, join us in the NetID 2.0 Q&A forum to review or ask questions about any of the upcoming features. Topics include:

Multi-factor authentication

Mobile app notifications, SMS text messages, email verification

Logging in

Changes to the log-in experience


Usernames, identifiers

If you have any trouble setting up your MFA methods—or you are locked out of your account after losing or replacing one of your MFA devices—you are also welcome to contact IT Services for assistance.

NetID 2.0

MFA is a new feature of your NetID 2.0 account.

The NetID 2.0 username is your university email address—not your original NetID like "abc1"—and is the same account you use to log into a campus office or lab computer joined to the UALR Active Directory domain as well as Office 365 applications.

Password problem?

Your NetID 2.0 account is currently labeled Active Directory on the BOSS password reset page. Soon, we will be simplifying the password reset experience down to managing a single password. Keep on the lookout for an update about that upcoming change!

Replacing your phone or changing your number?

Don't get locked out of your account! Visit the account security dashboard and update your MFA methods before you lose access to your phone. Remove or modify any methods that are tied to your phone—such as the Microsoft Authenticator app—or your phone number before you switch to your new phone. 

You will need a computer and your mobile device on hand in order to complete the registration steps.

Having trouble logging in? 

Reset your Active Directory password inside BOSS, as that's what you'll use to log in with your NetID 2.0 account. Password resets may sometimes take 1-2 minutes to synchronize to the cloud.

Note that the original NetID account (e.g., abc1) will not work on the new cloud-based SSO platform.

Part 1: Access your account security dashboard

Use the account security dashboard to add this extra layer of security to your account today! If you have already set up MFA methods on your account, you may use the dashboard to manage your existing MFA configuration, reset your password, and review your recent account activity.

  1. On your computer, access your account security dashboard at
    If you are already logged in, skip to step 4.
  2. Enter your NetID 2.0 username (your university email address).
    You will be switched to a log-in screen with UA Little Rock branding.
  3. Enter your password to log in.
    You will be asked to provide more information if you haven't set up an MFA method on your account yet.
    Forgot your password? Reset the Active Directory password inside BOSS and try to log in again.
  4. Select Next to continue to the MFA method registration screens.
    You must register at least two MFA methods on your account (see Part 2). For example, the Authenticator app and a Phone (for text messages).

If you are instead taken directly to the Security Info page on the account security dashboard, review your current MFA methods. If you need to add an additional method, select Add method to begin Part 2 of the process.

Part 1 is complete. Time for Part 2!

Part 2: Register two authentication methods

You'll need to select at least two of these methods to secure your account. It's possible some of these methods have already been assigned to your account.

There are four authentication methods to choose from. Each method uses a device or contact other than your university account and password to provide verification for your account.

Step-by-step instructions

We encourage you to use the Microsoft Authenticator app (or another authenticator app of your choice) for your first method as it provides the most security and ease-of-use. 

After you have configured two methods, select Done. You will be taken to the account security dashboard.

If you do not have a mobile phone or device capable of installing an app, receiving a voice call, or receiving a text message, please contact IT Services for assistance.

Most employees have an Office Phone method already that cannot be modified or removed. This record is listed by default as part of our integration with the Active Directory service.

If the number is outdated, please correct your Business or work phone entry in BOSS (under Personal Information). It may take up to 1 hour for the update to process.

The Office Phone is not considered one of your two required methods, but can be used as a fallback.