Academy SSO – Two Factor Authentication (2FA/MFA) rollout

From 28th April 2025 logins to the NHS Leadership Academy’s Single Sign On (SSO) system will require users to enrol in multi factor authentication (MFA/2FA). This process will be driven by our authentication provider during user sign on, with users manually targeted in batches.

Why are we changing?

In recent years it has become clear that securing access with a single factor of authentication (i.e. passwords) is no longer enough to keep data safe. Various security teams within the NHS, UK Government and the technology/healthcare industries are beginning to mandate two factor authentication as a method of securing access to services.

You may already be using multi factor authentication for services such as your bank, self assessment taxes, or email. The idea is that a second factor of authentication, on top of your password, is provided as “something you have”. This would mean an SMS message to your phone containing a 6 digit PIN, or an app or physical token that can generate these PINs for you.

Our teams internally have been trialling and testing our multi factor implementation for several months now with success.

What will happen?

During sign on to one of our SSO enabled services you may find that you are directed to enrol in multi factor authentication after typing in your password. When this happens you will by default be asked for your mobile phone number, which we will use to send you a PIN code for future logins.

You may prefer to use an application such as Google Authenticator, Microsoft Authenticator, or Authy. You may select this as an alternative option during enrolment, at which point you will be provided a QR code to scan with your chosen app.

You will then need to confirm enrolment by providing the current PIN. Once accepted, the process will direct you back to the website you were originally trying to access.

You should never share the generated PIN with anyone.

What if I lose my phone or authenticator app?

Our support team are able to assist in these instances. Once your identification has been verified we are able to reset your two factor authentication enrolment. Once this is done, you will need to enrol once again using a new device or app.

Further Information

If you have any questions or concerns, please contact us via normal support channels.

For further information on the Profile system, please visit our Profile System support page.