Two different types of multi-factor authentication
Metropolia uses two different multi-factor authentication services:
- You will need a Microsoft authenticator key when logging into Microsoft 365 services and services where logging in is done via Microsoft Entra ID (e.g. GlobalProtect VPN). This applies to students and staff as well as other individuals who have a Microsoft account through Metropolia.
- To log in to Metropolia's internal services, you need a separate MetropoliaSSO key for your authenticator application . This currently only applies to Metropolia staff and staff of Metropolia's partner organizations, not students.
Before you enable the authenticator, read the instructions.
The table below helps you differentiate between Microsoft's multi-factor authentication and Metropolia's internal, MetropoliaSSO multi-factor authentication.
| MFA Service | Recommended authenticator app | Target groups | Logging in | Instructions | Management |
|---|---|---|---|---|---|
| Microsoft | Microsoft Authenticator | Metropolia students Metropolia staff | Microsoft 365 (e.g. Teams, SharePoint) Workseed Staff intranet GlobalProtect VPN Other logins via Entra ID | How do I enable Microsoft multi-factor authentication (MFA)? | Myaccount.microsoft.com |
| MetropoliaSSO (new) | Google Authenticator | Metropolia staff Staff of Metropolia's partner organizations | OMA Moodle Other internal Metropolia services HAKA login | The guide will be published in connection with its implementation in February 2026. | Password.metropolia.fi |
Instructions
- How do I enable multi-factor authentication (MFA) for Microsoft 365?
- Metropolia's multi-factor authentication (MetropoliaSSO)
- Multi-factor authentication prevents login to Microsoft 365. What should I do?