Lockdown Your Login With DUO
A A Email Print Share

Multi-Factor Authentication with Duo

What is Multi-Factor Authentication?

Multi-factor authentication (MFA) adds an additional layer of security to protect your identity and university data. When you are only required to enter your username and password, this is considered single-factor authentication. MFA requires users to provide two of the following three types of credentials before being granted access to an account. The three types are:

  1. Something you know (ex. account password, banking PIN).
  2. Something you have (ex. a mobile phone or ATM card).
  3. Something you are (ex. a fingerprint or voice print).

MFA Withdrawal from ATM Example

What is Duo?

Duquesne University uses Duo Security tools to manage the second step of the MFA process. With Duo Security, you can complete an MFA login process using any of the following methods:

  • Responding to a push notification sent to the Duo Mobile app on your mobile phone (CTS recommended method).
  • Entering a one-time passcode you generate in the Duo Mobile app or with a Duo hardware token device.
  • Answering a phone call to a mobile or landline phone and following prompts to verify your login.

You can choose which Duo authentication method you prefer each time you log in.

How Do I Use Duo?

You will be required to use Duo when logging in to any MFA-enabled applications and services. At this time, this includes:

  • Accessing VPN resources via Global Protect.
  • Signing in to any Shibboleth-supported web applications (Box, ChromeRiver, Slate, and others). For a complete list of 2FA-enabled web applications, please visit duq.edu/authentication.

When signing in to Shibboleth-supported web applications, you will only need to complete a MFA log in with Duo once every 12 hours.

Enrolling Devices in Duo

To get started with Duo, please visit DORI and sign in using your MultiPass credentials. Once you are signed in, perform the following steps to enroll your device(s) in Duo:

Note: If you are enrolling a mobile phone in Duo, please visit either the App Store (iPhone) or Google Play Store (Android) and download the Duo Mobile app before proceeding.

  1. Click the Duo Device Management tab.
  2. Click Start Setup to begin the enrollment process.
  3. Select the type of device you are enrolling (mobile phone, tablet, landline phone, or U2F token) and click Continue. CTS strongly encourages users to enroll their mobile phone with Duo.
  4. Enter your mobile phone number and click Continue.
  5. Select the appropriate make and model of your device and click Continue.
  6. A push notification will be sent to your newly-enrolled device. Click Approve to complete enrollment.

Below is an image of the Duo Device Management tab:

Duo Device Management Portal in DORI

Managing Your Enrolled Devices

To manage your Duo-enrolled devices, please visit DORI and sign in using your MultiPass credentials. Once you are signed in, perform the following steps to manage your devices:

  1. Click the Duo Device Management tab.
  2. Select your desired authentication method to proceed (CTS recommends selecting Send Me a Push).
  3. You can now manage your settings and devices. Device options include:
    • Reactivate Duo Mobile: Sends a new authentication push to the selected device.
    • Change Device Name: Allows you to modify the device name.
    • Delete Device: Un-enrolls the selected device with Duo (you will no longer receive push notifications to that device).

Duo Device Enrollment & Management Guide

For additional instructions on enrolling and managing devices with Duo Security, click here.


MFA with Duo Communications Toolkit

MFA with Duo Documentation

MFA with Duo Handout

Duo Security Guide