Find out how to set up and use multifactor authentication (MFA) for logging into Mediaflux
All users will soon need to perform multifactor authentication (MFA) whenever they log into Mediaflux (with only a few exemptions).
Users will need a smartphone app called Mediaflux Pocket in order to receive MFA push notifications when they log in to Mediaflux.
Setting up your MFA
You will need to go through a one-time set up process to enrol your account for MFA.
You will need two devices to complete this process:
YOUR PHONE (for the Mediaflux Pocket app parts)
YOUR PC (for the Mediaflux Pocket Registration Portal parts)
STEP 1: Install the Mediaflux Pocket app on your smartphone
You will need to install the Mediaflux Pocket app on your smartphone. You can either click the relevant link below or search for Mediaflux Pocket in your app store.
Android devices
https://play.google.com/store/apps/details?id=com.arcitecta.mediafluxpocket&pcampaignid=web_shareApple devices
https://apps.apple.com/au/app/mediaflux-pocket/id1578392452
STEP 2: Enrol your account for MFA
Go to the Mediaflux Pocket Registration Portal on your PC (not the Mediaflux Pocket app on your smartphone).
Log in with the same domain and credentials that you usually use to log into Mediaflux.
If you are a University of Melbourne academic researcher (staff), you likely log into Mediaflux with the domain unimelb and your central UoM username and password.
If you are University of Melbourne graduate researcher (student), you likely log into Mediaflux with the domain student and your central UoM username and password.
If you are a researcher external to the University of Melbourne, you likely log into Mediaflux in one of two ways:
with the domain local and the username and password that you were sent when creating the account.
with the domain unimelb and the username and password for the Active Directory system account that you registered for.
Click the QR code in the resulting screen to unblur it.
Open the Mediaflux Pocket app on your phone, and click the orange plus button in the bottom right of the app.
Point your phone’s camera at the Mediaflux Pocket Registration Portal’s QR code to scan it.
Some smartphones may require you to actively allow Mediaflux Pocket access to your phone camera before you can scan.
Give your account and device a name, then click Enrol.
The Mediaflux Pocket Registration Portal will confirm your successful enrolment with the following screen, which also shows the account that you have enrolled in at the top right of the screen.
Using MFA to log in to Mediaflux
Once you are enrolled for MFA, you will receive MFA push notifications on your smartphone when you log in to Mediaflux.
You will only be prompted the first time you log in from a given computer on a given day:
subsequent logins from the same computer shouldn't require you to accept any MFA push notifications
but if you log in from another computer, you will be prompted again
The log in process will be slightly different per each different Mediaflux client:
Mediaflux Explorer
To log in with Mediaflux Explorer, enter your domain, username and password as usual. Once you click the Sign in button the login process will pause until you have accepted the MFA push notification in the Mediaflux Pocket app on your phone.
Network Share (SMB Protocol)
Map your Mediaflux project as a Network Drive on Windows, enter your domain\username and password as usual. Once you click the OK button the login process will pause until you have accepted the MFA push notification in the Mediaflux Pocket app on your phone.
The equivalent login step on each platform will cause a push notification to be sent. Additionally, if you keep the network share connected to your computer (see the Reconnect at sign-in checkbox above), you may be prompted again if the connection drops and reconnects. See the Network Share (SMB Protocol) page for more information on using SMB network shares on all platforms.
SFTP with Filezilla
To log in with Filezilla using sFTP (Secure File Transfer Protocol), enter your domain, username and password as usual. Once you click the OK button the login process will pause until you have accepted the MFA push notification in the Mediaflux Pocket app on your phone.
Web aterm
To log in with Mediaflux Web Aterm, enter your domain, username and password as usual.
Once you click the Log in button the login process will display the following screen informing you that an MFA push notification has been sent to the Mediaflux Pocket app on your phone:
More information is available for Mediaflux Aterm.
Mediaflux Unimelb Command-Line Clients
To log in with the Mediaflux Unimelb Command-Line Clients, enter your domain, username and password to the configuration file as usual. Once you enter your password, the login process will pause until you have accepted the MFA push notification in the Mediaflux Pocket app on your phone.
Mediaflux Desktop
To log in with Mediaflux Desktop, enter your domain, username and password as usual. Once you click the Login button the login process will pause until you have accepted the MFA push notification in the Mediaflux Pocket app on your phone.
Unenrolling from Mediaflux Pocket
While MFA will be mandatory (with certain use case exceptions detailed below), you may need to unenrol from it when:
as a piloting tester in the pre-mandatory phase, you’ve finished your testing and want to disable the MFA until it actually becomes mandatory for all users
changing/updating your mobile device (because swapping your MFA from one smartphone to another involves first unenrolling, then re-enrolling in MFA)
Important: Unenrolling from Mediaflux Pocket does NOT enable access to Mediaflux without MFA. Once MFA is mandatory, Mediaflux will be inaccessible without it, regardless of whether you’re enrolled in Mediaflux Pocket or not. Unenrolling merely dissociates your Mediaflux account from the Mediaflux Pocket app on a particular smartphone (usually so that you can reestablish it on a different smartphone).
Go to the Mediaflux Pocket Registration Portal on your PC (not the Mediaflux Pocket app on your smartphone)and log in.
Click the Disable MFA button.
You will see the following screen indicating that you have successfully unenrolled.
Exemptions
There are only three exemptions to having to perform MFA in order to log in to Mediaflux.
Data Mover
Data Mover allows you to share data with others. These users are not required to log in to access the data you have shared and so will not be required to use MFA.
Secure identity tokens
If you need to automate uploads in an unattended fashion from a server or instrument PC, you may apply for a secure identity token. The advantages of this approach are:
Uploads will not require an MFA push notification to be actioned
Your university credentials do not need to be stored on the source machine
If a token is compromised, this will not compromise your university credentials
See the unimelb-mf-upload page for more information.
Long-Lived SMB Mounts
This is a new feature. For SMB mounts on servers, expected to operate unattended for long periods of time.
MFA push notifications will not be sent when mounting the SMB share
Your university credentials do not need to be stored on the source machine
If a token is compromised, this will not compromise your university credentials
See Secure identity tokens for more information or to apply.
FAQs
Enrolment
Usage
Contact RCS (Research Computing Services)
UoM Staff: http://go.unimelb.edu.au/or96
UoM Students: http://go.unimelb.edu.au/4exr
External Users: http://go.unimelb.edu.au/75vr