Guest Accounts
Overview
As a member of the Tufts community, you can invite people from outside of the University to collaborate on content in Microsoft 365 services. Note that as of June 1, 2024, guests will be required to complete multifactor authentication (MFA) via the Microsoft Authenticator app (or another method) for added security when logging in. New guests will be asked to set up MFA during the initial setup of their accounts. Existing guests will be asked to set up MFA when they log in for the first time after June 1, 2024.
Guest account creation in the Tufts M365 environment is initiated by sending an invitation to a non-Tufts email address (e.g., Gmail). Two examples are demonstrated below – Microsoft Teams and Microsoft Office (Word).
Inviting a New Guest via Microsoft Teams
You can invite non-Tufts email addresses to one of your teams. (Reminder: Inviting someone to join a team will give them access to all of the team’s content – posts, shared files, etc.)
- Open the Microsoft Teams desktop application or log in to the Teams website.
- Navigate to the team you want to invite the guest to.
- Click the options button next to the team’s name and select Add member.
- In the window that appears, type the guest’s non-Tufts email address (e.g., a Gmail address). After providing the address, you may need to hit ENTER on your keyboard.
- Once the guest is listed, click Add.
- Microsoft will send an email notification to the non-Tufts address.
Inviting a New Guest via Microsoft Office (e.g., Word)
You can invite non-Tufts email addresses to collaborate on Office files. Microsoft Word is used as an example here. (Note: These steps only work if the file is stored in a Microsoft cloud location – OneDrive or SharePoint. This will not work if the file is stored somewhere else, like Box.)
- Open the file in Word (either the desktop or online client).
- Click the Share button in the top right corner and select Share.
- In the window that appears, type the guest’s non-Tufts email address (e.g., a Gmail address). After providing the address, you may need to hit ENTER on your keyboard.
- Once the guest is listed, click Send.
- Microsoft will send an email notification to the non-Tufts address.
The invited collaborator will receive an email notification. The email will include a link to visit the content you invited them to (team, file, etc.) and they will be prompted to sign in to their guest account. If they haven’t done so already, they can create a guest account and set up multifactor authentication at this time.
- When you receive the invitation notification, open it and click on the link to access the shared content (e.g., view the team, Word document, etc.).
- A Microsoft login window will appear. Enter your non-Tufts email address and click Next.
- In the next screen, click “sign in with a one-time code sent to your email.”
- Click Send code.
- An email will be sent to your non-Tufts address with an account verification code. Open the email to retrieve the code.
- Back on the Microsoft login screen, enter the verification code and click Sign in.
- Click Accept to grant the necessary permissions for account setup.
- For added security, Microsoft will ask you to set up multifactor authentication for your guest account. Click Next.
- A prompt will appear to get the Microsoft Authenticator application for your smartphone...
- If you do NOT have a smartphone and cannot set up the Microsoft Authenticator app, please skip to the FAQ section below titled "What if I don't have a smartphone and I can't set up the MS Authenticator app?"
- If you DO have a smartphone, download and install the Microsoft Authenticator application from your mobile device’s app store. When you’re ready, click Next. (There is also the option to use another authentication service, like Duo or Google Authenticator, if you already have one.)
- A QR code will appear on the screen. Open the Microsoft Authenticator app on your phone and scan the code.
- After you scan the code with your mobile device, click Next on the setup screen.
- A number code will appear on the setup screen.
- You should receive a push notification from the Microsoft Authenticator app on your mobile device. Enter the code and tap Yes.
- Click Done. You should now be able to log in to your Tufts Microsoft guest account as needed using your non-Tufts email address and the Microsoft Authenticator application on your mobile device.
- (Optional) Once your account is set up, you should consider following the guidance in the following FAQ sections below:
- "How can I back up my account so that I can recover it later?" - Back up your MS Authenticator account on your smartphone so you can recover it more easily in the future.
- "After setting up Microsoft Authenticator, how can I set up additional verification methods?" - Set up the ability to authenticate via phone call or text.
After June 1, 2024, users with EXISTING guest accounts will be prompted to set up MFA, if they have not already done so. The steps below describe what existing guest users will experience the first time they try logging in to the Tufts Microsoft environment after MFA is enabled.
- Visit the shared Tufts content (e.g., Team, Word doc, etc.) and log in to your guest account like you normally would.
- You’ll see a prompt to start the MFA setup process. Click Next.
- A prompt will appear to get the Microsoft Authenticator application for your smartphone...
- If you do NOT have a smartphone and cannot set up the Microsoft Authenticator app, please skip to the FAQ section below titled "What if I don't have a smartphone and I can't set up the MS Authenticator app?"
- If you DO have a smartphone, download and install the Microsoft Authenticator application from your mobile device’s app store. When you’re ready, click Next. (There is also the option to use another authentication service, like Duo or Google Authenticator, if you already have one.)
- On the setup screen, click Next.
- A QR code will appear on the setup screen. Scan the QR code using the Microsoft Authenticator app on your mobile device, then click Next on the setup screen.
- For verification, a numerical code will appear on the setup screen. A push notification will also be sent to your mobile device. Enter the number in the field and tap Yes.
- On the setup screen, you should see a confirmation that the verification was approved. Click Next.
- On the setup screen, you should see confirmation that the Microsoft Authenticator app was successfully registered for the guest account. Click Done.
- (Optional) Once your account is set up, you should consider following the guidance in the following FAQ sections below:
- "How can I back up my account so that I can recover it later?" - Back up your MS Authenticator account on your smartphone so you can recover it more easily in the future.
- "After setting up Microsoft Authenticator, how can I set up additional verification methods?" - Set up the ability to authenticate via phone call or text.
With MFA enabled, logging in to a guest account will require the following:
- The non-Tufts email address associated with the guest account
- The guest account password (older guest accounts) or an emailed one-time code
- Verification through the Microsoft Authenticator app or another registered method
See steps below for a demonstration.
- Navigate to the shared Tufts resource (Team, Word doc, etc.) you want to access.
- Enter the non-Tufts email address associated with your guest account.
- Depending on when your guest account was created, you will be asked to do one of the following:
- Older guest accounts - Enter the password you used to set up the guest account.
- Newer accounts - A one-time verification code will be emailed to your non-Tufts email address. Retrieve the code, enter it in the field, and click Sign in.
- You will be asked to verify your identity.
- If you have set up MFA through the Microsoft Authenticator app, a numerical code will appear on the login screen. At the same time, a push notification will be sent to the Microsoft Authenticator app on your mobile device. Enter the code and tap Yes.
- If you have not set up the Microsoft Authenticator app, you will be asked to verify your identity through a phone call or texted verification code sent to the phone number you registered during MFA setup.
- The login process is complete and the resource you are trying to access should load.
Frequently Asked Questions (FAQ)
See sections below for answers to common questions about Tufts M365 guest accounts and multifactor authentication.
Note: These directions are a continuation of the MFA setup directions above and are intended for people who do NOT have smartphones and cannot set up the Microsoft Authenticator application. Once you set up your phone, you can verify your identity via call or text.
- When you see the prompt below to get the MS Authenticator app, click I want to set up a different method.
- In the popup window that appears, select Phone and click Confirm.
- In the window that appears…
- Enter your phone number
- Select Receive a code
- Click Next
- A verification code will be texted to the number you provided. Enter the texted verification code and click Next.
- A confirmation will appear that setup of this method has been complete.
- A success message will appear. You will now be able to use the provided phone number for verification when signing in to your Tufts M365 guest account.
In the future, you will be able to use these additional verification methods when you are logging in to your Tufts M365 guest account. When you get to the verification step, choose if you want to verify your identity via a texted verification code or a phone call to the number you provided.
- Text – A verification code will be texted to the phone number. Retrieve the code and enter it when prompted.
- Call – A call will be made to the phone number. Answer the call and press pound (#) to confirm.
It is recommended that you set up additional methods of verifying your identity, in addition to the Microsoft Authenticator app. This will allow you to access your account even when you are unable to use the Authenticator app for some reason (e.g., the battery is dead on your mobile device).
- Follow this link to Additional security verification page.
- Do NOT enter your email address yet. Instead, click on Sign-in options.
- Select Sign in to an organization. (Note: If you don’t see the Sign in to an organization option, clear your browser history and try again.)
- In the domain name field, enter “TuftsCloud.onmicrosoft.com” and click Next.
- Enter the email address associated with your guest account and click Next.
- When prompted, log in and complete multifactor authentication via the Microsoft Authenticator mobile application.
- You should land on the Security info page.
- Click Add sign-in method.
- In the “Add a method” window that appears, select Phone and click Add.
- In the window that appears,
- Enter your phone number
- Select Receive a code
- And click Next.
- A verification code will be texted to the number you provided. Enter the texted verification code and click Next.
- A confirmation will appear that setup of this method has been complete.
- Your phone number will now be listed on the Security info page.
In the future, you will be able to use these additional verification methods when you are logging in to your Tufts M365 Guest account. When you get to the verification step, you can select “I can’t use my Microsoft Authenticator app right now”, then choose if you want to verify your identity via a texted verification code or a phone call to the number you provided.
- Text – A verification code will be texted to the phone number. Retrieve the code and enter it when prompted.
- Call – A call will be made to the phone number. Answer the call and press pound (#) to confirm.
Follow the directions below to sign out of your Tufts guest account everywhere that it is signed in AND contact it@tufts.edu to let them know.
- Follow this link to Additional security verification page.
- Do NOT enter your email address yet. Instead, click on Sign-in options.
- Select Sign in to an organization. (Note: If you don’t see the Sign in to an organization option, clear your browser history and try again.)
- In the domain name field, enter “TuftsCloud.onmicrosoft.com” and click Next.
- Enter the email address associated with your guest account and click Next.
- When prompted, log in and complete multifactor authentication via the Microsoft Authenticator mobile application.
- You should land on the Security info page.
- Click Sign out everywhere and confirm that you want to do so.
- Email it@tufts.edu to let them know!
No. By default, verification via push notifications to the MS Authenticator app will occur. However, if you set up additional verification methods, those can be selected instead during login. See the section above on Additional Verification Methods.
Note: These directions require you to have MFA set up through the Microsoft Authenticator app on your smartphone.
Once you set up multifactor authentication for your guest account, you may want to consider backing up your account credentials. Doing so will allow you to recover your account more easily in the future, for example after getting a new mobile device and reinstalling the MS Authenticator app.
For detailed information on how to do this with iOS and Android devices, visit the Microsoft page about account backup and recovery.
For assistance, please contact the TTS Service Desk by phone (617-627-3376) or email (it@tufts.edu).