DUO: Frequently Asked Questions [FAQ]
DUO: Frequently Asked Questions [FAQ]
Table of Contents
What is Multi-Factor Authentication and Why is RWU Implementing it?
Multi-Factor Authentication (MFA), sometimes known as Two Factor Authentication, 2FA, 2SA or TFA, is a security enhancement that allows users to present two pieces of evidence when logging in to an account - making it more difficult for unauthorized people to access your restricted RWU accounts. Traditionally, users relied on an authentication systems that requires a unique identifier, such as a username, and a password to gain access. Multi-Factor authentication is an extra layer of security that requires a second one-time passcode randomly generated from an alternative source such as an application loaded on the user’s personal cell phone.
RWU-IT is committed to a broad roll out of MFA to reduce risks associate with unauthorized account access. Technically there are many solutions and methods to implement MFA. After conducting a pilot, RWU-IT selected a universal MFA solution called DUO. The extension of DUO MFA will support a broad range of services and applications used at the University. The initial roll-out of DUO will focus on users with University owned computers. For these PC users, DUO will enforce MFA during the initial logon process, and by association software applications access by the device (e.g. O365). Users with Apple devices will not initially use DUO during the computer login process; rather, when authenticating to federated services such as O365 email. Apple devices will be upgraded at a later date for MFA at login.
Who Does DUO MFA Affect?
Any faculty or staff member who has an RWU issue computer.
Is There Any Action Required by a DUO User?
Yes, users are required to load the DUO application on their mobile device or tablet that will be used to authorize push notifications or issue offline passcodes. Users of DUO service will receive an onboarding email that includes a link to enroll there device. Use this knowledge base for details on installation process. Please note: if you have multiple mobile device, it’s acceptable to install DUO mobile on each of them.
I am an Adjunct Faculty member and only utilize cloud based services such as O365 email, Google apps, and Bridges. Do I need DUO MFA?
No, DUO applies to faculty with University issued computers. Adjunct faculty typically bring their own device (BYOD) and fall outside of this use case. However; adjuncts are advised to enable MFA for O365 access. Please see BYOD knowledge base for assistance setting up MFA exclusively for O365.
What if I do not own a smart phone are there other options?
In this instance, DUO can push the 2nd factor code to your desk phone. If you have the Avaya softphone loaded on your computer, you will need to request a dedicated desk phone.
Can I access my computer while offline?
Yes, DUO provides an “off-line” passcode that can be used complete the second factor authorization code.
I am having issues logging in with the offline passcode
This issue is commonly associated with time sync differences between the computer’s local time and DUO. In some instances, the time-sync is only a few minutes off and re-entering the offline passcode may eventually work. If you encounter this issue, please contact Mediatech to re-establish a time-sync between your computer and RWU’s time servers.
What if my personal phone is temporarily unavailable?
Duo supports alternative methods that can be accommodated. Please contact Mediatech for assistance on a temporary bypass code.
Does DUO have access to personal data stored on my mobile device - What resources on my mobile phone does the DUO Application have access to?
In general, DUO Mobile cannot access things like your contacts, photos, text messages, and emails. However, they do have a few device data permissions that help make multi-factor authentication easier for you. This includes access to the devices camera for processing QR codes during account setup and permissions to “push” MFA login codes. Please visit DUO’s privacy page for details.
Can I use another authentication App to get the MFA passcode?
No, for support and continuity purposes RWU-IT is standardizing DUO for University owned devices. Users that bring their own devices should refer to the BYOD Knowledge Base to setup MFA for O365.
Are students required to use DUO MFA?
No, students are provided with Google accounts that use a separate multifactor authentication system. Please visit this Knowledge Base for information on setting up MFA for Google.
My Phone is unable to install DUO; what should I do?
Please check with Mediatech on mobile device compatibility. Depending on the situation, alternate MFA options can be accommodated.
I travel frequently, will this cause any issues using DUO for MFA?
No, however, some phone plans do not support international dialing or SMS messaging. If you are traveling out of country and need access to services protected with DUO, please ensure your mobile plan works in the area you plan on visiting. In, addition offline access is available.
I have a University issued computer and historically used Microsoft Authenticator App for MFA to access O365. Do I need to make any changes to that service?
No, user with DUO accounts will automatically be federated with O365 and not required to take any additional actions. Prior to DUO, Microsoft’s “Authenticator” app was used to facilitate MFA in O365. The addition of DUO, regardless of the type of computer you’re issued, automatically overrides legacy MFA configurations. You are welcome to remove the Microsoft Authenticator app if its only purpose is work related. NOTE: This situation only applies to University issued computers that use DUO. Users with their own device (BYOD) will continue to use the Microsoft Authenticator app for O365 services.
What if I enter the wrong MFA authentication code?
If you enter a wrong MFA code, you will be prompted to re-enter.
What if I use multiple computers/devices, is DUO needed on each of them?
RWU-IT will remotely install the DUO agent on University owned devices. In the event any of your assigned devices does not perform the MFA process at login or when accessing O365, please contact Mediatech for assistance.
You may install the DUO Mobile application on multiple personal devices to assist with accepting the “push” notification or entering offline passcode. For details on this process, please visit the knowledge base for installing the DUO Mobile application for a second device.
What if I share a workstation with others? At this time, DUO MFA does not apply to shared workstations.
Do I have to authenticate every time I log in – How long does DUO remember me?
You will need to complete the MFA process upon initial login. If you wish, there is a “Remember Me” option on the DUO Push notification window to automatically evoke MFA push notification for 14 days after the initial login. Choosing this options is helpful to streamline unlocking a device that’s in sleep or hibernation mode.
Is DUO MFA used for other 3rd party applications that require SSO?
Initially DUO is rolled out to protect O365 and local logins. In the near future all RWU federated services will be protected with MFA.