Skip to main content

Identity Account Self-Service Portal

Welcome to your web-based identity self-service portal used to manage your St. Jude password and other related information. Select an icon below to access the options or view the frequently asked questions for more information.

 
 
 
 
 
 
 

Multi-factor authentication: Frequently asked questions

  1. Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process.

    MFA relies on two forms of authentication: something you know and something you have. The something you know is your password. The something you have with you can be a code from a mobile app or SMS text, or a phone call.  This means that even if your password is stolen, your account will remain secure because an attacker will not have the secondary authentication method.

    Self-Service Password Reset (SSPR) provides users with verification methods that allow them to manage forgotten or nearly expired passwords on their own. Since the person may not know their password, another authentication method can be setup/used in place of the password.

    Microsoft allows everyone to enroll their authentication methods (also known as factors) simultaneously for both MFA and SSPR so they can be used as required and needed

  2. You will still be able to use the https://myid.stjude.org site for managing your account and authentication options.

    . We are moving to Microsoft as it has some distinct advantages over our current system.

    1. Allows you to register authentication methods of your choosing - today we populate this data based on the phone numbers provided to HR during onboarding. We know this information can change or may not be the method you want to use. With Microsoft you choose your methods.
    2. Few links  With our current portal there are many links; Forgot Password, Expired Password, Password Reset. When do I use each? With Microsoft, you use change password if you know your password and it hasn't expired yet (Recommended to change before it expires) and Forgot/Expired link for either of those situations.
    3. Future improvements - In the next phase of our Microsoft roll-out we'll look into password strength, if your password has been compromised, and how often your have to reset your password. More to come on that soon...
  3. Yes – our goal is to continue to provide our end users with self-service options. Please be mindful of any notices that your password will expire. While using Microsoft SSPR, it will be important for you to change your password BEFORE it expires.

  4. It is recommended to change your password BEFORE it expires to limit interruption to your day.

    The ideal process is to ensure you're logged off of all computers and applications before doing so to ensure nothing is holding on to your old password. This can cause your account to go into a "locked" state.

    Use one of the methods below to reset your password

    • For Mac users - use JAMF connect (see button at the top for instructions)
    • Use the "Change Password" link at the top of this page or on your St. Jude computer

    Log into your devices on the St. Jude network with your new password.

    * If your device is currently on the St. Jude network you will need to log in with your old password, connect to VPN for your computer to sync the new password

  5. Please use the Mac User button at the top of the screen to see instructions for resetting your password.

  6. MFA is required for all employees that access company resources outside of the company or on non-company devices. Things like checking your email from home or another device, logging in to other systems remotely. 

  7. Passwords are becoming increasingly easy to compromise. They can be stolen, guessed, and hacked, and new technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable.

    In addition, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of our employee community fall prey to these kinds of scams. We have to take steps to ensure that we are more than just a single click away from identity theft and devastating ransomware attacks.

  8. You may need to re-authenticate on each device and each browser you use every 7 days. Some applications may have a higher re-authentication period based on the risk associated to compromise. 

  9. On a St. Jude computer or network, go to aka.ms/mfasetup to begin your self-enrollment. 

  10. You will be able to choose a primary authentication method when you register, which you can change or update at any time. IT recommends the use of the Microsoft Authenticator mobile app.

    • Mobile Notification (Microsoft Authenticator Application Required): A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in. (This option is recommended for international users)
    • Verification Code (Microsoft Authenticator Application Required): The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code in the sign-in screen.
    • Text Messages: A text message with a 6-digit code is sent to your mobile device that you will input to complete the authentication process
    • Phone Calls: A call is placed to your mobile phone asking you to verify you are signing in. Press the # key to complete the authentication process.

    You will also be asked to set up a backup authentication method to help you access your account in case you forget or lose your mobile device. 

  11. You can make changes to your authentication settings by visiting Microsoft's Security Verification page at https://mysignins.microsoft.com/security-info.

  12. Yes, IT encourages the use of a personal device for MFA because it is something you likely always have with you.

  13. If you forget your mobile device at home, you can use your backup authentication method. If that doesn't solve the problem, please contact the ServiceDesk at 901-595-2000.

  14. You can contact the ServiceDesk at 901-595-2000 or review help documents below.

  15. When not connected to Wi-Fi, The Microsoft Authenticator app uses a very small amount of data to send push notifications.

  16. Standard text (SMS) message rates apply, for those who do not have a mobile plan with unlimited texts. Similarly, it will use minutes from your cellular plan (if applicable) to have Microsoft call you for verification. 

  17. For the best experience, we do recommend allowing the Microsoft Authenticator app to send push notifications on your smartphone. Without push notifications, you would need to open the Microsoft Authenticator app in advance of your login attempt in order to confirm your login. With notifications on, you can approve valid login attempts by simply tapping the notification on your device.

  18. No, registering your device gives you a convenient way access to company services; it does not give the company access to your location or device contents in any way. 

  19. You might see a 30-second timer counting down next to your active verification code. This timer is so that you never sign in using the same code twice. Unlike a password, we don't want you to remember this number. The idea is that only someone with access to your phone knows your code.

  20. You will need to deactivate your old device by visiting Microsoft's Security Verification page at https://mysignins.microsoft.com/security-info and enroll your new device. This is commonly encountered around holidays when many people receive new smartphones as gifts!

 
 

Modifying Your MFA Authentication Methods – New Phone

This guide is to help users view or modify their authentication methods in the event they get a new phone or lose access to a previous method.

screenshot of signin window
  • Once logged in at mysignins, under Security Info, you will see your current sign-in methods.
  • Click Add Sign-in Method.
screenshot of add signin method
  • Select a new method and follow the enrollment steps.
  • If this is your new default method, CHANGE your default method and delete any unusable method on previous devices or accounts.
screenshot of choosing default method
 
 
Close