Identity and Access Management
With an alarming increase in the instances of Internet crimes and digital frauds, gaining access to users personal and financial details has become increasingly easy for cyber-criminals. Two-Factor Authentication, also known as 2FA, is an extra layer of security that not only requires a username and password but also an additional security measure such as
- Code delivered via text or mobile app
- USB security key
- Push (or pop-up) notification on your Smartphone
- Phone Callbacks
2FA protects against phishing, social engineering, and password brute force attacks and secures the login from attackers exploiting weak or stolen credentials. Without any access to the physical device, remote attacks can be rendered unsuccessful, with attackers unable to gain unauthorized access to the users accounts.
Duo's 2FA solution only requires users to carry one device; their Smartphone with Duo Mobile app installed on it or a U2F key to approve authentication requests.
- Software Token: Installed in the Duo Mobile App on your phone
- Hardware Token:
- U2F token may be ordered by filling out this form <form request coming soon>
First Time Setup for Duo
Step 1: To get started, you will login to your SDSU Duo Account using your SDSUid credentials.
Step 2: On the welcome screen, click on Start setup to begin enrolling your device.
Step 3: Select the type of device you would like to enroll and click Continue. Although, using a Smartphone is recommended, you can also enroll a landline telephone, a U2F token, or iOS/Android tablets.
Step 4: Select your Country from the drop-down list and type in your phone number. Use the number of the device that you'll have with you when you're logging in to a Duo-protected service.
Step 5: Choose your device's operating system and click Continue.
Step 6: Install the Duo Mobile App to help you authenticate quickly and easily. Without it, you'll still be able to log in using a phone call or text message, but for the best experience we recommend that you use Duo Mobile.
After the installation is complete, return to the enrollment window and click I have Duo Mobile installed.
Step 7: Activate Duo Mobile by scanning the barcode with the app's built in barcode scanner. The Continue button is clickable after you scan the barcode successfully.
Step 8: You can use Device Options to give your phone a more descriptive name or you can click Add another device to start the enrollment process again and add a second phone or another authenticator.
If this is the device you'll use most often with Duo then you may want to enable automatic push requests by changing the setting from Ask me to choose an authentication method to Automatically send this device a Duo Push or Automatically call this device and click Save.
Your device is now ready to approve Duo authentication requests.
Adding a New Device with the Same Number
Step 1: Add a new device by selecting Add another device button on your home page.
Step 2: For example, add a landline
Step 3: Enter the phone number of the landline to be added.
Step 4: The new device should now appear in the home page.
After your first device has been enrolled, you may add more devices and manage existing devices.
- To add/manage devices visit the Duo Enrollment Page.
- For information on adding devices, visit the "Setup Duo for the First Time" guide.
- For information about managing devices, visit Duo's Managing Your Devices guide.
- Note: A new device cannot be added if you do not have access to any of your previously enrolled authentication devices. Please call ETS help desk at 619-594-0497.
For more information, visit the Duo Documentation page
Authentication is the act of an identity verifying that they are who they say they are. A "factor" is a type of authentication method. It is commonly something that a user knows, possesses, or is as in biometrics or location. Multi-Factor authentication will utilize a combination of factors to verify the identity of a user. SDSU is using Duo Security as a multi-factor authentication solution.
For setting up your Duo Account, please refer to the section First Time Setup for Duo above.
After logging into an SDSU computing service, Duo will ask you to choose an additional authentication method that will require you to take an action on the mobile device you enrolled in Duo. After finishing this, you will be logged in.
Your Duo Token/Account will be disabled automatically when you have five consecutive authentication failures in a row. If you have successful authentication before five failures, the failure count rests to zero. for other reasons that you are not able to login, troubleshooting details are shown below.
- If you are using "Push" and your phone turns off WiFi when it is locked, unlock your phone and let it connect to the WiFi network before trying to login. The Duo application may get the push request from the cell network, the phone connects to the wireless network and tries to reply over the wireless network and your login may time out.
- If you are using "push" in an area where there is "free" WiFi where you must click through an agreement to use the network, do that to get full connection or turn off WiFi before you try to log in. Most phones prefer WiFi over the cell network for data. If you are not completely connected to the internet, the Duo application will not be able to talk to the Duo infrastructure to authenticate you.
- If you are in an area with poor or no cell and WiFi coverage, use a token code instead of typing "push". Start the Duo application and press the key to get the token code. If the service you are connecting to uses "auto push", this won't work for you and you won't be able to log in until you can get a cell or WiFi network. If the service uses auto-push and you will need to use a token to get to it, talk to the administrator of the service to see if push can be turned off.