Duo Multifactor Authentication
FAQ and Recommendations
What Authentication options are there?
There are 4 options for using Duo MFA:
Smart Phone Mobile App (Recommended).
SMS Text
Phone Call
Hardware Token
What does CCCS IT recommend?
We highly recommend the Duo smart phone mobile app, which is available for download via the Apple App Store and the Google Play store respectively. This application provides the best user experience and is easy to use.
Where can I find more information about Duo?
More information about Duo can be found here: https://guide.duo.com/
Getting Started
Before you can enroll your device you will need to receive the Duo enrollment email from your IT department.
What will the Duo enrollment email look like?
Your email will arrive from Colorado Community College System and will contain an invitation to complete the enrollment process. A sample of the email is shown below:
Where do I get the Duo Mobile app?
Depending on the type of phone you have the app can be downloaded from either the Apple App store for Apple iOS or the Google Play store for Android phones.
Search for Duo and make sure you download the “Duo Security App” and NOT the Google Duo app. To be sure Duo Security app is GREEN as seen below:
Enrolling a Mobile Device
Look for an email from duo with enrolling a device
Click on the URL in the email it should be similar to this
Follow the steps to enroll your device
Click Start setup
Select the type of device you are enrolling.
Enter the phone number of the device you want to enroll
Click the checkbox to confirm your device’s number
Select the type of phone you are enrolling
Follow the instructions on the screen to download the Duo app from the respective app store i.e. Apple App Store or Google Play
Once installed click “I have Duo Mobile Installed” and open the App on the device you are enrolling.
Activating the app links it to your account so you can use it for authentication. On iPhone, Android, and Windows Phone activate Duo Mobile by scanning the barcode with the Duo app's built-in barcode scanner. Follow the platform specific instructions for your device:
The "Continue" button is clickable after you scan the barcode successfully.
You can choose how to authenticate by selecting from the “When I log in” drop down menu.
If this is the device you'll use most often with Duo then you may want to enable automatic push requests by changing the When I log in: option and changing the setting from "Ask me to choose an authentication method" to "Automatically send this device a Duo Push" or "Automatically call this device" and click Save. With one of the automatic options enabled Duo automatically sends an authentication request via push notification to the Duo Mobile app on your smartphone or a phone call to your device (depending on your selection).
Once enrolled there will be an enrollment successful notification.
Congratulations! Your device is ready to approve Duo push authentication requests.
Enrolling a Landline Device
Look for an email from duo with enrolling a device
Click on the URL in the email it should similar to this
Follow the steps to enroll your device
Click Start setup.
Select Landline from the list.
Enter the number you want to enroll
Click the check box to confirm the number.
Choose whether to prompt or call you automatically from the drop down menu
Once enrolled there will be an enrollment successful notification.
Congratulations! Your device is ready to approve Duo push authentication requests.
Duo Central
What is Duo Central?
Duo Central is a place to manage your DUO account and registered devices.
How do I Access Duo Central?
You can access Duo Central by visiting: https://cccs.login.duosecurity.com
For more information visit: https://duo.com/docs/duo-central
How to Manage Your Account.
Log into https://cccs.login.duosecurity.com using your work email and password
Once successfully logged in select from the following options on the left-hand menu (highlighted in yellow). ** do not use the buttons on the right these will not take you to the proper screens. Only use the links highlighted on the left-hand menu.
Add a new device.
My Settings and Devices.
After making your selection Duo will request that you authenticate with either a Push, Call, or Passcode.
After authenticating follow the instructions to manage your devices
Authenticating with Duo
There are 3 ways to authenticate with Duo.
Use a push notification through the mobile app.
Onetime passcode
Receive a phone call
Push notifications
Users may opt to receive a push notification which will send your phone a notification. The notification will open the Duo app on your mobile device to accept or deny a Duo request.
Onetime Passcodes
Alternatively users may want or need to authenticate using a onetime passcode which can be found in the Duo mobile app, sent via SMS text message, or through a hardware token.
Receive a Phone Call
If this option was selected as a default users will receive a phone call when trying to authenticate. Depending on the application users may have the option to choose to receive a phone call when authenticating.
Using Different Methods of MFA with DUO and Cisco AnyConnect VPN
AnyConnect VPN does not allow users to select how they would like to authenticate. If you wish to receive an alternative authentication method, you will have to provide the information in the password field of that application like the examples below.
If AnyConnect only prompts for a password, like so:
After you submit your login information, an authentication request is automatically sent to you via push to the Duo Mobile app or as a phone call.
Alternatively, you can add a comma (“,”) to the end of your password, followed by a Duo passcode or the name of a Duo factor. Here's how:
For more information visit: https://guide.duo.com/anyconnect
0 Comments