Emerson IT Help Desk

Duo, Single Sign-On, & Two Factor Authentication

What is Duo?

Duo is a Single Sign-On (SSO) service that secures most campus resources, including Gmail, Box, Canvas, and Panopto. It also prevents users from having to log in to multiple applications. If a user logs into one Duo application and opens another tab in the same browser for an application that also uses Duo, they will not have to enter their credentials again.

Duo Login Screen:

duo1.png

What is Two Factor Authentication?

Duo allows us to implement a feature called “Two Factor Authentication” (2FA), a method of confirming a user’s claimed identity by utilizing a combination of two different factors. Enabling 2FA helps ensure that if a malicious actor manages to steal our password, they are still unable to log in without something physical (a phone, for example).

How To Use Two Factor Authentication

A second authentication factor could be a text message/phone call that provides you a code to enter, a push notification sent your smartphone that needs to be approved, a physical device that provides a code that changes every X amount of time or needs to be tapped, and many other forms. Duo allows users to receive a text or phone call with a code, select “Accept” on a push notification from the Duo smartphone app, or use a U2F Hardware Token, available at the Help Desk (Walker, 404).

Duo push notification:

duo18.png 

Frequently Asked Questions:

  • What if I don't have a cell phone or cell phone reception?

We highly recommend users setup using a push notification on their cell phone instead of a text message. Push notifications can be sent via the Internet rather than via cell phone networks. If you are in an area that has internet access but not cell signal, and the only second factor you have configured is a text message or phone call, you may be unable to receive a text or phone call to authenticate.  However, you can also request a U2F Hardware Token from the Help Desk (Walker, 404).

  • Can I register multiple devices?

Yes! In fact, we recommend that users add multiple devices when they are first setting up two factor authentication. For example, if you setup your cellphone as well as your office phone, if your cellphone gets lost, broken, or runs out of battery, you can still authenticate by using your secondary device. If you have selected "Remember me for 30 days", but want to add another device, simply try logging into a service like Box or Gmail in an inPrivate or incognito browser window.

duo3.png

  • What applications use two factor authentication?

Currently, Gmail, Box, Banner SSB, K2, and the VPN are the only services that use two factor authentication.


Please visit our article on logging into Box with Duo here: Logging Into Box

Was this article helpful?
0 out of 3 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk