Multi-Factor Authentication with Duo
What is Multi-Factor Authentication?
Multi-factor authentication (MFA) adds an additional layer of security to protect your identity and university data. When you are only required to enter your username and password, this is considered single-factor authentication. MFA requires users to provide two of the following three types of credentials before being granted access to an account. The three types are:
- Something you know (ex. an account password or banking PIN).
- Something you have (ex. a mobile phone or ATM card).
- Something you are (ex. a fingerprint or voice print).
What is Duo?
Duquesne University uses Duo Security tools to manage the second step of the MFA process. With Duo Security, you can complete an MFA login process using any of the following methods:
- Responding to a push notification sent to the Duo Mobile app on your mobile phone (CTS recommended method).
- Entering a one-time passcode you generate in the Duo Mobile app or with a Duo hardware token device.
- Answering a phone call to a mobile or landline phone and following prompts to verify your login.
You can choose which Duo authentication method you prefer each time you log in.
How Do I Use Duo?
You will be required to use Duo when logging in to any MFA-enabled applications and services. At this time, this includes:
- Accessing VPN resources via GlobalProtect.
- Signing in to any Shibboleth-supported web applications (Box, ChromeRiver, Slate, and others). For a complete list of MFA-enabled web applications, please visit duq.edu/authentication.
When signing in to Shibboleth-supported web applications, you will only need to complete an MFA login process with Duo once every 12 hours.
Enrolling Devices in Duo
To enroll a new device in Duo, visit MultiPass and perform the following steps:
- Visit duq.edu/multipass.
- Enter your MultiPass username in the User ID field.
- Click Change MultiPass.
- Enter your current MultiPass password and click Continue.
- Navigate to the Duo Multi-Factor Authentication Setup section.
- Click Start Setup.
- Select the type of device you are enrolling and click Continue. CTS recommends all users enroll a mobile device.
- Enter your mobile phone number and click Continue.
- Select the appropriate make and model of your mobile device and click Continue.
- Confirm you have the Duo Mobile app installed on your mobile device.
- Open the Duo Mobile app and scan the QR code on your computer screen.
- Click Continue to complete enrollment in Duo.
Managing Your Enrolled Devices
- Navigate to the Duo Multi-Factor Authentication Setup section (MultiPass) or click the Duo Device Management tab (DORI)
- Complete an MFA login process* with your preferred device.
- Click Device Options to manage the settings for the selected device. Options include:
- Reactivate Duo Mobile: sends a new Duo Push to the selected mobile device.
- Change Device Name: allows you to modify the device name.
- Delete Device: unenrolls the selected device with Duo.
*If you are activating the Duo Mobile app on a new mobile device with the same phone number, you will need to select the Call Me option to access the Duo Device Management portal.
Below is an image of the Duo Device Management portal that is available in both MultiPass and DORI: