In December 2023, NHMRC implemented mandatory Multi-Factor Authentication (MFA) in Sapphire to meet Australian cyber security standards. Sapphire cannot be accessed unless MFA has been set-up.
The following is a guide to setup and use MFA in Sapphire.
On this page:
- Register for Sapphire MFA
- Installing and using an Authenticator App
- Logging into Sapphire with MFA
- Troubleshooting MFA
1. Register for Sapphire MFA
- Download compatible Authenticator app. Refer to 'Installing and using an Authenticator app’ section.
- From a desktop computer or laptop web browser visit the Sapphire login page and enter your username and password in the fields provided and click 'Log in'.
- Open the compatible Authenticator App downloaded in Step 1 (follow the instructions provided on the screen) and scan the QR code through your free Authenticator app (do not use your mobile camera app).
For information on installing an Authenticator app see section 'Installing and using an Authenticator app'. - Find the one-time password for your account and enter in the text field below.
- Once you have entered your code, click 'Submit'.
A Licence agreement notice will appear on your screen.
- Please read the Licence agreement and click 'Agree' to continue. This will log you into your account.
2. Installing and using an Authenticator App
Sapphire MFA is only compatible with the:
- Google Authenticator
- Microsoft Authenticator.
Both of these apps are free of application fees and can be downloaded through the Android Play or iPhone Apple app stores.
Sapphire is not compatible with the Chrome web browser extension Authenticator or any other Authenticator.
- Install Google Authenticator
- Download and install the free Google Authenticator app onto your smartphone or tablet through the Android Play store or Apple app store.
- Open Google Authenticator and click on the + sign on the bottom right of the app screen to add a new account.
- Select the option to ‘Scan a QR code’.
- Scan the Sapphire QR code (see the section ‘How to setup MFA in Sapphire’, step 2) to add Sapphire+Prod to Google Authenticator.
- Install Microsoft Authenticator
- Download and install the free Microsoft Authenticator app onto your smartphone or tablet through the Android Play store or Apple app store.
- Open Microsoft Authenticator and click on the + sign on the top right of the app screen and select a type of account (personal, work, or other).
- Select the option to ‘Scan a QR code’.
- Scan the Sapphire QR code (see the section ‘How to setup MFA in Sapphire’, step 2) to add Sapphire+Prod to Microsoft Authenticator.
Below is an example of a one-time password for the Microsoft Authenticator and Google Authenticator app.
Non-compatible examples of Authenticator applications
These authenticators are not compatible with Sapphire MFA: (Please note that these are only some examples and not a complete list.)
- SafeAuth Authenticator
- Authenticator App, Aonomy Bird
- Authenticator App, Pixster Studio
- Chrome web browser extension Authenticator.
3. Logging into Sapphire with MFA
From a desktop computer or laptop web browser visit the Sapphire login page and enter your username and password in the fields provided and click 'Log in'.
The QR code will not appear again if you have already registered for MFA.
Provide a one-time password.
- Open your Google/Microsoft Authenticator app installed on your device.
- Find the one-time password for your account and enter it in the text field.
- Once you have entered your code, click 'Submit'.
A Licence agreement notice will appear on your screen.
- Please read the Licence agreement and click 'Agree' to continue. This will log you into your account.
4. Troubleshooting MFA
- Why is MFA mandatory?
MFA meets Australian government security requirements by providing an extra layer of security. Otherwise known as two-step verification, MFA uses a second step like a one-time password on your phone or tablet to make it harder for others to break into your account. MFA is a mandatory requirement for all Sapphire accounts.
- Can I use any Authenticator to scan the QR code?
Sapphire MFA will only work with the:
- Microsoft Authenticator
- Google Authenticator
Both these apps are free of application fees and you can download them from the Android Play or iPhone Apple App store.
- I’m scanning the Sapphire MFA QR code but it’s not working.
When scanning the QR code make sure you do this from within the Microsoft Authenticator or Google Authenticator app and not straight from your camera. To scan the QR code:
- Open the Microsoft or Google Authenticator app.
- Click on the ‘+’ sign to add a new account.
- Scan the QR.
- Where is my one-time password?
If this is the first time you are setting up MFA for your Sapphire account, you will need to download and install an Authenticator app (Microsoft Authenticator or Google Authenticator) on your phone or tablet through the Android Play or Apple app store.
Open the Authenticator app on your device and add a new account by scanning the QR code provided on the Sapphire login page (see section ‘Registering for Sapphire MFA’). This will add the account 'Sapphire+Prod' to your Authenticator app.
Once you have added ‘Sapphire+Prod’ to your Authenticator app your one-time password will appear there (see section ‘Installing and using an Authenticator app’ for an example of what a one-time password looks like).
For security reasons the one-time password has a time limit before it expires and another code is immediately generated. You will need to submit your one-time password in the Sapphire login page before it expires in the app.
- Why is my one-time password not working?
The most common reasons why a one-time password may not work are:
- The one-time password has timed out. Make sure that you are entering and submitting the one-time password in Sapphire before it times out (approximately 30 seconds) or you will need to enter the new one that the Authenticator app generates.
- Sapphire login session in the web browser is timing out.
- The Sapphire login page has about a 20-minute time-out session from when the username and password has been entered before it times-out and the password/username needs to be re-entered.
- If you are attempting to setup MFA for the first time in Sapphire and the Sapphire login session in your web browser has timed-out before you submitted the one-time password you will need to remove the Sapphire+Prod account from your Authenticator app and re-scan the QR code to re-add it.
- The time may not be correctly synced to your Authentication app.
- For Android devices using Google Authenticator: To set the correct time:
- On your Android device, open the Google Authentication app.
- Select the menu icon (three dots) then Settings> Time correction for codes >Synch now.
- The app will confirm the time has been synched. This will only affect the internal time of your Google Authenticator app and will not change your device’s Date and Time settings.
- For Android devices using Microsoft Authenticator:
- Make sure the date and time on your device are correct and are being automatically synced. If the date and time is wrong, or out of sync, the code will not work. You can set your device to automatically sync the date and time through your device’s settings.
- For Android devices using Google Authenticator: To set the correct time:
- Make sure that your device supports the Microsoft and Google Authenticator apps (Android 8.0+ and IOS 15+). For the best MFA experience it is recommended that users have the most updated Android/IOS version installed on their devices and that the device has enough memory space available to run the MFA Authenticator app.
- The QR code has disappeared.
The QR code will only be present the first time you register for MFA. The purpose of the QR code is to set up MFA on your device by scanning the code through your Microsoft or Google Authenticator app. Once this process has finished the QR code will not be present the next time you log into Sapphire. See the section ‘Logging into Sapphire with MFA’ for more information.
- What if I accidentally uninstall my Authenticator app or delete my Sapphire MFA instance from the app?
Contact the Research Help Centre on help@nhmrc.gov.au who will be able to reset MFA for your account. Once your account’s MFA has been reset, you will need to set up MFA again by scanning the QR code on the login page through an Authenticator app on your phone or tablet.
Alternatively, if you are still logged into Sapphire you can disable/enable this yourself through your ‘Account settings’. See the troubleshooting question ‘How do I re-register for MFA’.
- How do I re-register for MFA (for example, on a new device?)
If you want to un-register MFA from your old device and re-register it on a new one you can do one of the following:
- While logged into Sapphire, click on your avatar icon on the top-right corner.
- Select ‘Account settings’.
- From there you will be able to ‘Disable’ MFA in the ‘Manage two factor authentication’ section.
- Sapphire will prompt you for a one-time password before disabling MFA for your account.
Once MFA is disabled you can click on ‘Enable’ in the Account settings ‘Manage two factor authentication’ section and scan the new QR code on your new device, or alternatively a new QR code will pop-up upon your next log-in and prompt you to re-register.
- Alternatively, you may contact the Research Help Centre (RHC) on help@nhmrc.gov.au who will be able to reset MFA for your account. Once reset, the next time you log into your Sapphire account it will prompt you with a new QR code to scan through an Authenticator app on your phone or tablet.
- Can I setup MFA for Sapphire on more than one device?
You can only scan the QR code once to setup Sapphire MFA and therefore it will be installed on the device you scan the QR code on. Whether you can use the same instance of ‘Sapphire+Prod’ MFA on another device will depend on your phone or tablet. For instance, Google Authenticator may let you import your already existing MFA instances from one device to another within your Google account. The best way to use Sapphire MFA is to have it installed on your phone which you are more likely to carry on you.
- Are there other ways to authenticate my Sapphire account?
The only way to obtain a one-time-password for your Sapphire account is through the Microsoft Authenticator or Google Authenticator app. Sapphire will not work with the Chrome web browser extension Authenticator app or any other Authenticator app.