Duo Multi-factor Authentication - How to use it

Tags Duo MFA

Overview

The college uses the Duo service for multi-factor authentication (MFA) for many college systems.  This provides a level of protection for users enrolled in Duo for these systems that goes beyond a simple user name and password.

With Duo enabled for a user and a service, you need both:

  • something you know (your user name & password)
  • and something you have (either your smart phone with the Duo Mobile application installed, or a small key chain token)

With this in place on your New Paltz account, even if someone were to have your password, they would not be able to access a Duo protected system.  This is a protection which we believe is one of the most effective protections that can be implemented on our systems to safeguard our systems, as well as our student, faculty, staff, and alumni data.

New Paltz ITS requires Duo for all faculty and staff.  Those not using it yet have until mid-October 2019 do start.  As of the start of the Fall 2019 semester, over 1,000 faculty and staff at New Paltz are already using it. 

Below is a brief guide on how the application is used.


Using Duo

To verify your identity with Duo - you need one of three things:

  • A smartphone or tablet (Android, iPhone, iPad) with the Duo Mobile app installed and activated.
  • A security key (image below as an example):
    Picture of a Yubikey security key
  • The Duo hardware token (a small keychain token (image below as an example):
    Image showing the Duo Hardware token - with a keyboard for scale

 

When a user that is enrolled in the Duo service logs into a Duo protected system, they will see a screen like the following:

Screenshot of Duo Authentication screen

  • The "Send me a Push" button should be used if you use the Duo Mobile app.
  • If you have the security key - then you just need to put it into the USB port of the computer you are logging in from, and press it, to login.
  • If you only have the Duo token (with a small screen and a green button, and not the smart phone app) then click Enter a Passcode.

 

Duo Mobile App

The Duo Mobile app is New Paltz's recommended option for Duo.  It can be used on your iPhone or Android smart phone or tablet.  The app is free, takes only a small amount of space to install, and uses virtually no data (per month it uses a minuscule fraction of the amount of data of loading a single website) so you don't have to worry about your data plan.  

It can be downloaded by searching for "Duo Mobile" in either the Google Play store (for Android devices) or Apple App store (for iPhones/iPads), or via the links below:

Setting up the Duo Mobile app is quick and easy.  If you opt for the Duo mobile app - you're account will be activated so next time you login to a Duo protected service (such as Office 365, Banner, Argos, or the SUNY employee portal) you'll be prompted to download, setup, and activate the app.

After your phone is activated, when you log with your username & password in to a Duo protected application, click the Send me a push button on the site you're accessing.  You'll get a push alert on your smart phone which you can click on to bring up the Duo approve/deny screen:

Duo Mobile Screenshot

If you were trying to log in to a Duo protected service, you would click Approve.
If you were NOT trying to log in to a Duo protected service, you can click Deny (and then report the attempt by clicking "It was fraudulent").  This will notify ITS staff at New Paltz.

App Permissions

When first using the Duo mobile app - it will ask for two permissions:

  • Permission to use the camera: this is only needed when setting up the device.  The app will use the camera to capture the QR code on the screen to activate your device.
  • Permission to send notifications: this is needed so you get a notification on your phone of a pending login (so you don't have to manually open the app to approve the login - you can just click on the notification).

Duo Token

The Duo hardware token is a small device with a ring to keep on your key chain.  It has a single button which, when pressed, has a six digit number come up on it.  After entering your user name & password to access a Duo protected service, click the Enter a Passcode button.  Then, press the green button on your Duo token and enter the six digit code from the token into the Duo page on your web browser.

You should keep this token secure such as on a keychain, or in a purse.  If you ONLY need to access New Paltz systems and services while in your office, you can keep it in a locked desk drawer.

 

Security Key

The security key is a small device with a ring to keep on your key chain.  It is placed into a USB port on your computer when you need to login.

See our Security Key page for more info on setting up and using the Security Key.

 

Details

Article ID: 59857
Created
Wed 8/8/18 12:58 PM
Modified
Wed 10/9/19 12:05 PM