Reset Search
 

 

Article

How do I connect to VPN?

« Go Back

Information

 
Related ServiceNetwork Connectivity
Article SummaryThis article explains what you need to connect with VPN.
This article is intended for all staff and students at all campuses.
Instructions

Setting Up Your Computer to Get Access to the Algonquin College VPN

The ability for employees and students in VPN approved programs to access the Algonquin College network from off campus is provided through our Virtual Private Network (VPN).  Please note, employees do not require manager's approval. 
Only students who are registered in a Remote Access approved course/program will have access to our Remote Access Solutions (VPN).
Students in programs and courses which are not VPN approved, must have their professor or Chair contact ITS to request access.

Follow the instructions in this guide to: 

  • Choose your Multi-Factor Authentication (MFA) method, either
    • the Entrust IdentityGuard mobile phone app which generates a new security code every 30 seconds, or 
    • a password-protected PDF eGrid card.
  • Set up your MFA method of choice
  • Install Cisco AnyConnect (VPN Client)  Note: This step is only required if you have a non-College-issued computer.  College-issued computers already have Cisco AnyConnect installed.
  • Connect to the VPN successfully. 

If you have any problems setting up your VPN, call 1-866-921-5763 Monday to Friday within the hours of 8:00 a.m. – 12:00 p.m. and 1:00 p.m. – 4:00 p.m. or stop by the Service Desk inside Student Central at the Woodroffe campus.

Table of Contents:

What is VPN and Remote Access?

VPN (Virtual Private Network) and Remote Access are often used interchangeably. If you have VPN/Remote Access, that means you have the ability to connect your computer to the Algonquin College Network when you are off-campus (e.g. from home).

Multi-factor authentication is a best practice for ensuring electronic data is secure. When multi-factor authentication is used, users must enter a second set of credentials (often a security code sent to their mobile phone) in addition to their username and password. Consequently, more than one factor is used to authenticate your identity. Algonquin College uses multi-factor authentication for remote access. 

Do I always need VPN when I am off campus?

The college has several applications that you can access from any off-campus location as long as you have an internet connection. These applications include Algonquin Email, One Drive, Office 365 SharePoint, Brightspace and offsite use of Library databases.

Common applications that require VPN for remote access include Workday (unless you are using your pre-hire account), Sharepoint (pre-office 365 version), Genesis and other specialized applications.

Choose your MFA method: App on Your Mobile Phone or PDF eGrid Card

For ease of use and simplicity, it is recommended that you use the Entrust IdentityGuard mobile app as your method of establishing Multi-Factor Authentication. If a mobile device (iOS or Android) is not available for this purpose, the PDF eGrid method can be used instead. 

To help you decide, see below for additional information about each of these methods.

If you will be using the mobile app, go to The Entrust IdentityGuard Mobile App; otherwise, go to The eGrid Card.

The Entrust IdentityGuard Mobile App

The Entrust Mobile Application is an app on your mobile device that generates a new security code used for multi-factor authentication every 30 seconds. 

Screen capture of Entrust security code
An example of the security code displayed by the Entrust mobile phone app.

Advantages:

  • Quick and easy to open the application and generate the needed code.
  • Always with you on your phone. 

Disadvantages:

  • Requires a mobile device.
  • Requires a PIN number to unlock the application.
  • You have 30 seconds to input the code before it changes.  

Estimated time to set-up: 15 – 20 minutes

Estimated time to login after set-up: 30 seconds 

The eGrid Card 

The eGrid card MFA method is password protected PDF document that contains a picture of a grid with letters and numbers along the tops and sides. When logging into VPN, you will be asked to respond to a challenge that requires you to input the number found at certain coordinates.

For example, in the image below, a G2 coordinate is asking for the character at column G, row 2. The correct response is 7
Screen capture of eGrid Card security code

Advantages:

  • Extended time limit to enter responses in comparison to the Entrust mobile phone app.  

Disadvantages:

  • Requires a password to unlock the PDF.
  • Takes time to enter the correct responses. 
  • If you forget your eGrid card password, you must obtain a new eGrid card. 

Estimated time to sign-up: 5 – 10 minutes 

Estimated time to login after set-up: 1 – 2 minutes

Setting Up the Entrust IdentityGuard Mobile App

Note: We suggest you use both your computer and your mobile phone for this process so please have them ready. Soft Token refers to the MFA method used by the Entrust mobile app that generates a single-use login code or PIN.

1.    Go to the App Store or Google Play on your mobile phone (iOS/Android) and install the free Entrust Identity Guard Mobile App or Entrust Identity Guard Mobile ST App.

Entrust IdentityGuard Mobile App

2.    Go to our VPN self-service portal at https://selfservice.algonquincollege.com. Login using your Algonquin College username (don’t enter your full email address, e.g @algonquincollege.com).
 
3.    If it is your first time logging in to the self-service portal, you will be asked to setup security questions in the event you lose access to your MFA method.
4.    After setting up your security questions you will be presented with several options. Select "I’d like to request a soft token for my mobile phone." 
 
Note: If you have already been provided with an eGrid card or Soft Token you may see other options available to you.
 
5.    You will be presented with the screen below. Click Yes.
Self-service soft token set up screen 1
6.  You will then be presented with the following screen. Select the option "I want to activate a soft token identity on a mobile phone." as per the screenshot below and click Next.

soft-token setup screen 2

7.    You will be presented with the QR Code Activation screen below. On your mobile device, open the Entrust app and look for an icon of a QR code, located in the bottom left hand corner of the screen. Once selected, the Entrust app will open the QR scanner and access your device’s camera. If prompted, allow the Entrust app to access your device’s camera. Center the QR code displayed on your screen in the box within the application.

qr code activation screen (SSP)

The Entrust mobile app, showing QR code icon in the bottom left corner.

8.    Your mobile phone will display a message indicating Password Required similar to the screen below. Refer back to the QR Code Activation screen on your PC, and input the number displayed in red beneath the QR Code. In this example, it is 79154127 (your number will differ). Select OK.

soft-token setup screen 3

9.    On your mobile phone, you will then be presented with the screen below. In the name field, enter any identifying name of your choice (ex. 18347-14766  or Algonquin College VPN). Press Activate.

soft-token setup screen 4

10.    You are prompted to create a four-digit PIN. This PIN will be required every time you open the app.

11.    Your mobile phone will then present you with the screen below. Keep this screen open as you will need to enter this registration code in step 13.

soft-token setup screen 5

12.    On your computer, your browser should still be left on the QR Code Activation screen from Step 7. Click Next.

13.    You will now be prompted to enter the Registration Code from step 11 (shown on the mobile app). Input your Registration Code in the associated field within the self-service portal (as shown in the example below) and click Next.
soft-token setup screen 6
14.    You will be presented with the screen below notifying you of the successful activation of your soft token/Entrust mobile app. Click OK.
soft-token setup screen 7
15.    You will be returned to the main page of the self-service portal. You have now completed the process of activating the Entrust app on your mobile phone as your MFA method. 

If you connect to the VPN with THEN
A College issued computerGo to "Login to the VPN using the Cisco AnyConnect Secure Mobility Client"
A personal (Non-college issued) computerGo to the next section, “Downloading and Installing the Cisco AnyConnect Secure Mobility Client on a non-College-issued computer

 

Downloading and Installing the CISCO AnyConnect Secure Mobility Client

1.    While connected to the internet go to the secure sharepoint site.

2.    Log in with your college email and password. 

Select the version of Cisco VPN client appropriate for your operating system and proceed to download and install the software.
Be sure to click the "download" arrow in the top left corner of the page:

downloading cisco client from sharepoint
When the download is completed, click "open" to start the install process:
cisco install

Once the installation process is complete, you will be ready to connect remotely.

Login to the Algonquin College network using the CISCO AnyConnect Secure Client using the Soft Token MFA 

1.    Launch the Cisco AnyConnect Secure Mobility Client and click Connect.

Note: The first time you connect, you will need to enter secure.algonquincollege.com in the text field before selecting Connect.

cisco connection screen

2.    Log in with your username and password. Leave the Second Password box blank.
 
Note: Your college username does not include @algonquincollege.com or @algonquinlive.com.

cisco login

3.  Click OK. A second window will now appear and prompt you to input a response from your soft token (Entrust mobile app).
 
4.   Open up your Entrust mobile app, enter your PIN number, and input the generated code in the answer field. Select Continue

Note: The code will change every 30 seconds. 


soft-token authentication

establishing connection

5.    If connection to the VPN is successful, there will be the following icon in the bottom right hand corner with a lock connection icon

Note: For each subsequent connection, you will be prompted to enter a new response from your Entrust Mobile App.
 

Setting up the eGrid Card

1.    Go to our VPN self-service portal at https://selfservice.algonquincollege.com. Login using your Algonquin College username and password 

Note: Don’t enter your full email address, leave out @algonquincollege.com.

2.    If it is your first time logging in to the self-service portal, you will be asked to setup five security questions in the event you lose access to your MFA method. 

Note: Once you’ve setup your security questions, you will be asked to verify three of the five questions to complete the login process. 

3.    After setting up your security questions and verifying them you will be presented with several options. Select I’d like to request an eGrid Card

Note: If you have already been provided with an eGrid card or Soft Token, you may see other options available to you.

4.    You will be asked to confirm the following, Do you want to get an E-Grid card for second factor authentication? Click Yes

e-grid setup screen 1

5.    You will be presented with the screen below. By creating a password, you will ensure that only you will be able to open your eGrid card. If you forget your eGrid card password, you will need to complete this process again to obtain a new eGrid card. 

e-grid setup screen 2

6.    Once you have successfully created a password, you will be presented with the options to get your eGrid card. You can select Download eGrid card to download it directly onto your desktop. You will be also emailed a copy of the eGrid card after selecting “OK“. 

e-grid setup screen 3

7.    You have now returned to the main page of the self-service portal. You have successfully completed the process of activating your eGrid Card as your MFA method. 

If you connect to the VPN with THEN
A College issued computerGo to "Login to the VPN using the Cisco AnyConnect Secure Mobility Client"
A personal (Non-college issued) computerGo to the next section, “Downloading and Installing the Cisco AnyConnect Secure Mobility Client on a non-College-issued computer


Downloading and Installing the Cisco AnyConnect Secure Mobility Client on a non-College-issued computer

1.    While connected to the internet (neither ACGuest nor ACSecure will work). Go to the secure sharepoint site.

2.    Log in with your college email and password. 

Select the version of Cisco VPN client appropriate for your operating system and proceed to download and install the software.
Be sure to click the "download" arrow in the top left corner of the page:

downloading cisco client from sharepoint
When the download is completed, click "open" to start the install process:
cisco install

Once the installation process is complete, you will be ready to connect remotely.
 

Login to the VPN using the Cisco AnyConnect Secure Mobility Client

1.    Launch the Cisco AnyConnect Secure Mobility Client and click Connect.

Note: The first time you connect, you will need to enter secure.algonquincollege.com in the text field before selecting Connect.

cisco connection screen

2.    Log in with your username and password. Leave the Second Password box blank.
 
Note: Your college username does not include @algonquincollege.com or @algonquinlive.com.

cisco login

3.  Click OK. A second window will now appear and prompt you to respond to a Grid Card Challenge.

4.  Open up your password protected eGrid card PDF and input the password you created earlier to unlock and view your eGrid card. 
 
5.  Type out the correct response in the Answer box using the coordinates provided. In this example, the Grid card challenge presents the user with the coordinates E1, G3, and H5.

Note: For each subsequent connection, you will be prompted to enter a new response from your eGrid card.

secure login eGrid authorization screen1

6.    Find the corresponding letter (column) and number (row) combination on the eGrid Card to successfully answer the eGrid challenge into the Answer box.
secure login eGrid authorization screen2

7.    The user must enter the required coordinates (in this example, the response required would be D6H) and click Continue to initiate the VPN connection.

secure login eGrid authorization screen3

establishing connection

5.    If connection to the VPN is successful, there will be the following icon in the bottom right hand corner with a lock connection icon

Troubleshooting

Why do I only get prompted to use a soft token when connecting to VPN when I also have an eGrid card?

If you have both an eGrid card as well as a soft token (Entrust mobile app), the soft token takes priority by default. If you want to switch to using your eGrid card, you will need to delete your soft token.

  1. Login to the self-service portal at https://selfservice.algonquincollege.com using your Algonquin College username and password.
  2. Answer a grid card, soft token, or question and answer challenge to finish logging in.
  3. Select the option indicating “I’d like to reinstall the soft token application on my current or new mobile phone”.
  4. Select Yes.
  5. A message should be displayed at the top of the screen in green indicating “Your old soft token has been deleted. Please reinstall the soft token application and add a new Identity.”
  6. You have now successfully removed your soft token, leaving only your eGrid card associated with your account. You can now close the browser window.

How do I solve issues I am having with the soft token or the eGrid card?

Go to the self-service website (https://selfservice.algonquincollege.com) to change or fix the following issues:

  • Change security questions and answers.
  • Replace a lost or compromised PDF eGrid Card.
  • Obtain an unlock code if the Entrust Mobile application is locked.
  • Reset your Mobile Phone’s MFA to a new or existing device.
Attachment 
URL 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255