Multi-Factor Authentication: Difference between revisions

From William Paterson University - Information Technology's Wiki
Jump to navigation Jump to search
(Redirected page to Multifactor Authentication)
 
(31 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
#REDIRECT [[Multifactor_Authentication]]
==Multi-Factor Authentication==
 
Multi-Factor (Two Factor) Authentication is required for William Paterson University VPN Access.  If you have not signed up for Multi-Factor Authentication, [http://www.wpunj.edu/help please request access using the ticket type Account -> VPN Access].
{{#ev:youtube|pgrzRIQ9874|400}}
 
===Using VPN with Multi-Factor Authentication===
 
#After you have set up your account, you will continue to use the [[#Client VPN Application|Cisco AnyConnect client]] as you have in the past.      <!-- <p>[[File:2FA.gif]]</p> -->
#When you provide your login credentials you will now be provided with a [[#Second Password Field|secondary authentication]] box.  You can then either use an [[#Duo App for Mobile Devices|app]] on your android (or iphone) to generate a key OR type "push" in the [[#Second Password Field|secondary authentication]] box.  Using "push" will send a notification to the app on your phone.  (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
 
==Authentication and Software==
<!--  ***************VPN Original Information********************
===One time setup===
{| style="text-align: center;"
|{{#ev:youtube|9BItIGPfU2A|400}}
|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
|{{#ev:youtube|WUQtKokU3BI|400}}
|}
 
#To use two factor authentication you must first configure your account access.  Visit [https://vpn.wpunj.edu https://vpn.wpunj.edu], from an off campus connection, to set up your secondary method of authentication. 
#Select and configure your preferred method for secondary authentication.  Options include the use of a mobile [[#Duo App for Mobile Devices|app]], receiving a text message or a phone call with an authorization key. (This link is also available within WPConnect on the Employee Page Tab Under Information Technology/Resources or enter "two" in the WPConnect search box to locate the link.)
 
<gallery>
File:1-Login.png|Login Page
File:2-Info.png|Multi-Factor Info
File:3-Device.png|Select Device Type
File:4-Phone.png|Input Phone Number
File:5-Phone.png|Select Phone Type
File:6-Android.png|Phone App Information
File:6-iphone.png|Phone App Information
File:6-Blackberry.png|Phone App Information
File:6-WindowsPhone.png|Phone App Information
File:8-ActivateIphone.png|Scan QR Code during registration
File:9-iphone.png|Duo App has been associated with your account
File:9-MySettings.png|Settings and Device Management Page
File:10-ChooseAuth.png|Authentication options if using WebVPN
</gallery>  -->
 
 
===Second Password Field=== 
 
The following is utilized when using the Cisco Any Connect Client for VPN.  The second password field is where you define the method of multi-factor authentication you will be utilizing.
 
{|
! style="text-align:left;"|Authentication Method
!  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
! style="text-align:left;"|Passcode
|-
|Duo App Push Verification
|push
|(See image 1. below)
|-
|Duo App to Generate Authentication Code
|     
|Enter Code displayed in App
|(See image 2. below)
|-
|Text Message
|sms &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
|(You will receive a text message with a key that will expire after one hour)
|-
|Phone Call
|phone &nbsp; &nbsp; &nbsp; &nbsp;
|(If you have registered multiple phone numbers, enter phone1, phone2, as needed)
|}
 
<br><br>
{|  style="text-align: center;"
| 1. Authorizing access through the Duo App
<p>[[File:duo_iphone2.PNG|200px]]</p>
| &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
| 2. Generating a Key in the Duo App 
<p>[[File:duo_iphone1.PNG|200px]]</p>
|}
 
===Duo App for Mobile Devices===
"Duo Mobile" can be downloaded from either the Apple App Store or the GooglePlay Store.
 
{| style="text-align: center;"
|'''iPhone Duo Application''' <p>[[File:duo_iphoneApp.PNG|200px]]</p>
|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
|'''Android Duo Application''' <p>[[File:duo_androidApp.PNG|200px]]</p>
|}
 
 
===Reauthorizing the Duo App===
 
If you change mobile devices, or if your Duo App becomes disassociated with your account you will need to reactivate your App.  You will need to login to VPN through a browser at https://vpn.wpunj.edu
 
 
{| style="text-align: center;"
|'''1. Login Page''' <p>[[File:VPN-Reauth1.png|300px]]</p><br>'''3. Select Device To Authenticate''' <p>[[File:VPN-Reauth2-2.png|300px]]</p><br>'''5. Select Activate Duo Mobile''' <p>[[File:VPN-Reauth4.png|300px]]</p><br>'''7. Phone App Information''' <p>[[File:VPN-Reauth6.png|300px]]</p>
|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
|'''2. Multi Factor Info *Select "My Settings & Devices"*''' <p>[[File:VPN-Reauth2.png|300px]]</p><br>'''4. Select Device Options''' <p>[[File:VPN-Reauth3.png|300px]]</p><br>'''6. Select Phone Type''' <p>[[File:VPN-Reauth5.png|300px]]</p><br>'''8. Scan QR Code during registration''' <p>[[File:VPN-Reauth7.png|300px]]</p>
|}
 
<!-- <gallery>
File:VPN-Reauth1.png|Login Page
File:VPN-Reauth2.png|Multi Factor Info *Select "My Settings & Devices*
File:VPN-Reauth2-2.png|Select Device To Authenticate
File:VPN-Reauth3.png|Select Device Options
File:VPN-Reauth4.png|Select Activate Duo Mobile
File:VPN-Reauth5.png|Select Phone Type
File:VPN-Reauth6.png|Phone App Information
File:VPN-Reauth7.png|Scan QR Code during registration
</gallery>-->
 
==DUO Device Management Portal on WPconnect==
Thru the Duo
 
[[File:DuoManagementWPconnect1.png|300px]]
 
[[File:DuoManagementWPconnect2.png|300px]]
 
[[File:DuoManagementWPconnect3.png|300px]]
 
[[File:DuoManagementWPconnect4.png|300px]]
 
==Logging in to WPconnect==
 
After you have logged in to the "Shibboleth" login page, you will be redirected to the Multifactor Authentication page for Duo.
 
[[File:DuoLoginWPconnect1.png|300px]]
 
This page will allow you to select the Device you would like to use for Authentication.  You can enroll multiple phone numbers or mobile device including tablets.
 
[[File:DuoLoginWPconnect2.png|300px]]
 
The suggested method of Multifactor authentication is to use Duo Push which utilizes the [[Multi-Factor_Authentication#Duo_App_for_Mobile_Devices|Duo Mobile Application]] on your mobile phone or tablet.
 
[[File:DuoLoginWPconnect3.png|500px]]
 
Additionally, you can select to receive a phone call and acknowledge you login by pressing any key, or by using a Passcode that you generate using the [[Multi-Factor_Authentication#Duo_App_for_Mobile_Devices|Duo Mobile Application]] or by receiving a text message.
 
[[File:DuoLoginWPconnect4.png|500px]]
 
'''Please note that your account will be locked out after a number of authentication failures.'''  Please [https://www.wpunj.edu/helpdesk submit a ticket], or calling 973-720-4357 to have your account unlocked.
 
[[File:DuoLoginWPconnect5.png|300px]]

Latest revision as of 14:04, 11 October 2018