Setup Procedures for HKUVPN with Multi-Factor Authentication (MFA) for Android Devices

1. Prerequisite

  1. MFA authentication (MFA) is required for accessing the HKUVPN service.
  2. Only the Microsoft Authenticator App or SMS (Phone Text) are supported as sign-in methods for logging into the HKUVPN service. The phone call method is NOT compatible with HKU VPN. Please refer to the appendix for instructions on changing your default sign-in method to a supported option.
  3. Cisco Secure Client (Formerly AnyConnect Secure Mobility Client) is required to run on Android devices with Android 4 or above. Please uninstall any earlier version of Cisco Anyconnect VPN client from your device before you start the following installation.

2. Configuration Procedures (to be done once only)

  1. Go to Play Store.

    download the app at play store

  2. In the search box, type “cisco secure client” and tap Install.

    In the search box, type “cisco secure client” and tap Install.

  3. After installation, tap Open to launch the application.

    After installation, tap Open to launch the application.

  4. When you open the application for the first time, you will be prompted to read the license agreement. Tap OK to accept.

    When you open the application for the first time, you will be prompted to read the license agreement. Tap OK to accept.

  5. Tap Connections to add a VPN profile.

    Tap Connections to add a VPN profile.

  6. Tap the button with + icon

    Tap the button with + icon

  7. Under Connection Editor
    1. Type “HKU VPN” in the Description field.
    2. Type “vpn2fa.hku.hk” in the Server Address field.
    3. Tap Done to complete.

      Tap Done to complete.

3. Connection Procedures

  1. Tap AnyConnect on your device to open the VPN client.

    Tap AnyConnect on your device to open the VPN client.

  2. Tap AnyConnect VPN to start the connection.

    Tap AnyConnect VPN to start the connection.

  3. Enter your HKU email address (UID@hku.hk or UID@connect.hku.hk) and PIN in the Username and Password fields respectively and tap Connect.

    Enter your HKU email address (UID@hku.hk or UID@connect.hku.hk) and PIN in the Username and Password fields respectively and tap Connect.

  4. (i) For users who choose Microsoft Authenticator App as the default sign-in method (The most common method):
    • Open the Microsoft Authenticator app on your mobile device.
    • Retrieve the One-time password (OTP).

      Retrieve the One-time password (OTP).

    (ii) For users who choose SMS (Phone Text) as the default sign-in method:

    • You will receive an SMS containing the One-time password (OTP) on your registered phone number.
    • The OTP is valid for 3 minutes from the time it is sent. Retrieve the OTP from the SMS.

      The OTP is valid for 3 minutes from the time it is sent. Retrieve the OTP from the SMS.

  5. Enter the 6-digit One Time Password (OTP) in the Answer box and click Continue.

    Enter the 6-digit One Time Password (OTP) in the Answer box and click Continue.

  6. Tap OK to accept the Connection Request.

    
Tap OK to accept the Connection Request.

  7. You are now connected to HKU VPN.

    You are now connected to HKU VPN.

  8. To disconnect from HKU VPN server, tap AnyConnect VPN.

    To disconnect from HKU VPN server, tap AnyConnect VPN.

  9. You are now disconnected from HKUVPN.

    You are now disconnected from HKUVPN.

Appendix: (Optional Step) Updating the Default Sign-in Method in MFA

  1. Visit your Microsoft 365 account settings at https://myaccount.microsoft.com/
  2. Sign in using your HKU credentials.
  3. Go to the “Security info” section.
  4. Set “App-based authentication – Notification” as your default sign-in method under the section titled “You’re using the most advisable sign-in method where it applies.”
0
0