REDCap: How to Enrol for Multi-Factor Authentication

How to Enrol for Multi-Factor Authentication

As of October 2023, the University of Melbourne REDCap instance requires two-factor authentication to access. In addition to entering your password, every seven days you will need to enter a 6-digit verification code generated by either the Google or Microsoft Authenticator apps. This guide will instruct you on how to register your REDCap account in one of these authenticator apps.

Step 1

Ensure you have either the Google or Microsoft Authenticator apps installed on your personal mobile device. You can install either or both of these apps via the relevant app store:

Google Authenticator
Google store (Android) and Apple store (iPhone)
Microsoft Authenticator
Google store (Android) and Apple store (iPhone)

Step 2

On your computer, log in to the University REDCap (https://redcap.unimelb.edu.au/) using your regular REDCap username and password:

Screenshot of REDCap login screen

Step 3

You will be prompted to choose a method for two-step verification.

Tick the Don't prompt me with two-step login on this computer for 7 days checkbox, and then select the Google Authenticator or Microsoft Authenticator option:
Screenshot of REDCap's two-factor login dialog

Step 4

A second dialog will pop up asking you to input a verification code:
Screenshot of REDCap verification code dialog
Click on the "How do I set up Google Authenticator or Microsoft Authenticator?" link and a further set of instructions will appear:

Screenshot of the REDCap authenticator registration dialog

(An example of the dialog that will appear. Don't try and scan this QR code! You need
to scan the one that REDCap displays when you click on the setup link.)

Step 5

On your mobile, open either:

Google Authenticator, and then pick Add a code > Scan a QR code; or
Microsoft Authenticator, and then click the plus (+) icon in the top right corner and then Select Other (Google, Facebook, etc.)

Note: You may be required to grant permission for Google Authenticator or Microsoft Authenticator to access the mobile devices camera. This is necessary so that the apps can scan the QR code.

Scan the QR code with your mobile. If the scan is successful, your REDCap account will be registered in the app and you will see an entry titled e.g. "REDCap: example.user@redcap.unimelb.edu.au" with a 6-digit code underneath; this is the verification code that you need to supply.

Note that the code will refresh every 30 seconds, and your app will give you a graphical indication of the time remaining until the next refresh occurs. If a refresh occurs while you are part-way through typing in your code, you will need to delete the existing digits and type in the new code instead.

Step 6

Hit Submit and you should be successfully authenticated!

Screenshot of successful entry of REDCap verification code

You are now logged in and REDCap will open as normal.

Troubleshooting

If for whatever reason your mobile device can't scan the QR code, in the authenticator app, instead of picking Scan a QR code, instead select Enter a setup key, and then manually input the Account and Key/secret values displayed directly underneath the QR code.

For Google Authenticator, please also ensure your authentication is set to 'Time-based'.

If you are still having difficulties, please consult our Frequently Asked Questions resource.