What to Expect with Duo Two Factor Authentication
Duo Standard Prompt
When logging into a website that utilizes Two Factor Authentication, users will first login using their CSU credentials.
Upon logging in, the Duo prompt will populate allowing users to choose how to verify their identity.
If more than one device was registered, make sure to select the one you want to use for this session from the Device dropdown menu.
Duo Universal Prompt
The Duo Universal Prompt is being rolled out to Duo-protected applications in phases, the first implementation is with the GlobalProtect VPN.
When accessing the GlobalProtect VPN, the user will first enter their NetID (netid@colostate.edu) and password.
Duo will then automatically select their default authentication method. The image below shows a user who has Duo Push as their default method.
To use a different authentication method, click “Other options”, which will display all other devices you have set up.
Once you have authenticated with your selected method, you will be logged in to the application.
Options for Duo Authentication:
- Send Me a Push – Using the Duo Mobile App
- Easiest, fastest method
- Enter a Passcode – Using the Duo Mobile App or Hardware Token
- Great when you’re outside of cellular reception
- Hardware Tokens (currently only supported for CSU Fort Collins users)
- Call Me – Using any Registered Phone Number
- Least reliable option, use only when necessary
Expand the sections below for details on what to expect when you authenticate with each method.
-
Send me a push
Click on the Send Me a Push button to receive a login request using the Duo Mobile App on a smartphone or tablet.
Important: If a notification is ever received when you are not trying to log in, click the Deny button.
To approve the login request from the push notification, select “Tap to View Actions” then tap “Approve”.
To approve the login request in the Duo Mobile App, open the app and tap the Approve button at the bottom of the screen.
Once the notification has been approved, you will be logged into the requested website.
-
Enter passcode with Duo Mobile App
Click on the Enter a Passcode button to authenticate using a passcode generated from the Duo Mobile App.
Open the Duo Mobile App on your device, then tap “Show” next to the Passcode section.
The Duo Mobile App will populate a 6-digit code under the Colorado State University account.
Enter the 6-digit passcode from the Duo Mobile App into the passcode textbox and then click on the Log In button.
-
Enter a passcode with a Hardware Token
Hardware tokens are available for CSU Fort Collins students, faculty, and staff to purchase for Duo authentication. They are not currently supported at CSU Pueblo.
To authenticate using a hardware token, click the ‘Enter a Passcode’ button. Note: Using the Device dropdown menu to select your token is not necessary before entering the passcode.
Press the button on your hardware token to generate a new passcode, type it into the space provided, and click on the Log In button.
Tokens can get “out of sync” if the button is pressed too many times in a row and the generated passcodes aren’t used for login. Contact the IT Support Helpdesk if your token stops working.
If you need a hardware token, one can be purchased and configured at RamTech in the Lory Student Center.
-
Call Me
Click on the Call Me button to receive a phone call from Duo to your registered device.
The status bar at the bottom of the Duo prompt will update at each step of the process.
Answer the call and listen to the instructions to authenticate. The Duo Prompt status bar will also display how to approve the request over the phone.
-
Duo Universal Prompt
Duo Two-Factor Authentication is required when accessing CSU’s VPN, the GlobalProtect secure gateway; whether accessed via the desktop agent/client or the web interface (gateway.colostate.edu).
GlobalProtect is the first application to use the Duo Universal Prompt. The process for authenticating is different than the standard Duo Prompt:
After you have logged in with your NetID and password, Duo will automatically select your default authentication method. The screenshots below show one user with the security key as their default and another user with the Duo Push as the default.
To use a different authentication method, click “Other options”.
Once you have authenticated with your selected method, you will be logged in to the application.