Multifactor Authentication: Difference between revisions
No edit summary |
|||
Line 107: | Line 107: | ||
iOS users, using the Apple Mail App, will need to remove the email account and re-add the account to their devices. Instructions on adding Email to iOS devices can be found [[IOS_Email_Settings|here]]. | iOS users, using the Apple Mail App, will need to remove the email account and re-add the account to their devices. Instructions on adding Email to iOS devices can be found [[IOS_Email_Settings|here]]. | ||
Android users | [[Android_Email_Settings|Android]] users, please note that the native android mail client is not compatible with Microsoft Modern Authentication. | ||
==Additional VPN Authentication for Cisco Any Connect Client== | ==Additional VPN Authentication for Cisco Any Connect Client== |
Revision as of 09:26, 9 November 2018
Multifactor Authentication
Multifactor Authentication is required for William Paterson University VPN Access, and will be implemented Fall of 2018 for WPconnect, email and additional WP services. If you are trying to use VPN and do not currently have access, please request access using the ticket type Account -> VPN Access.
What is Duo?
Duo is a Multifactor Authentication Product that the university is implementing to secure our WP accounts. William Paterson University started using Duo in 2016 for all VPN users. The Duo App is available for use on smartphones to authenticate using a Push notification or a Passcode. Duo also the product used to authenticate clients via phone call or text message passcodes.
How do I register my phone number?
Information Technology has prepopulated the Duo system with cell phone, office extension, or home phone information based on phone information available in the university’s Banner system. You can add, edit, and remove devices or phones through the Duo Device Management Portal available in WPconnect through Duo icon located in the Apps menu.
Authentication and Software
Duo App for Mobile Devices
"Duo Mobile" can be downloaded from either the Apple App Store or the GooglePlay Store.
iPhone Duo Application | Android Duo Application | Download the Duo Mobile App |
If you change mobile devices, or if your Duo App becomes disassociated with your account you will need to reactivate your App.
Duo Mobile App Support Documentation
For more information on the Duo Mobile Applications please see the Duo Support Documentation -
- iOS devices (iPhone and iPad)
- Android devices
- Windows Phone **Please note that as of January 1, 2019, Duo will no longer support the Duo App on Windows Phones.**
Duo Mobile App Push Troubleshooting
If you have authorized your Duo Application, but you are not recieveing a notification on your phone, you may have disabled notifications for the Duo App.
Duo Multifactor for Landline and other Mobile Devices
If you are unable to utilize the Mobile App, you will still be able to register a Generic Mobile phone number to receive text message passcodes or phone calls, or a Landline to receive calls. These devices are registered and managed thru WPconnect.
DUO Device Management Portal on WPconnect
To manage your multi function authentication devices you will need to visit the DUO Device Management Portal thru WPconnect. The DUO Device Management Portal is listed as Duo under Applications. You can Add or Remove devices from this portal. Mobile devices, both cellphones and tablets, as well as Landline phone numbers can be added for Authentication.
Manage Devices
To manage your devices you must first authenticate against one of you existing devices.
From My Settings & Devices you can add a device or remove an old device, or select a device to automatically send a push notification to upon login.
Reactivating the Duo App
From Device Options you can Reactivate your Duo Application (if you have a new mobile device), or change the description of you device.
Add a new a device
Logging in to WPconnect
After you have logged in to the "Shibboleth" login page, you will be redirected to the Multifactor Authentication page for Duo.
This page will allow you to select the Device you would like to use for Authentication. You can enroll multiple phone numbers or mobile device including tablets. Note: There is an option to remember your device by using the "Remember me for 4 hours" option if you do not want to be prompted everytime you log in to WPconnect
The suggested method of Multifactor authentication is to use Duo Push which utilizes the Duo Mobile Application on your mobile phone or tablet.
Additionally, you can select to receive a phone call and acknowledge you login by pressing any key, or by using a Passcode that you generate using the Duo Mobile Application or by receiving a text message.
Account Lockout
Please note that your account will be locked out after a number of authentication failures. Please submit a ticket, or calling 973-720-4357 to have your account unlocked.
Email and Multifactor Authentication
Please note you may need to reconfigure email on mobile devices once you have moved to using Multifactor Authentication
Office 365 Login
Outlook Application on Computers
Email on Smartphones
The Outlook App for both iOS and Android devices allows access to your Email, Calendars and Contacts in one convient App.
iOS users, using the Apple Mail App, will need to remove the email account and re-add the account to their devices. Instructions on adding Email to iOS devices can be found here.
Android users, please note that the native android mail client is not compatible with Microsoft Modern Authentication.
Additional VPN Authentication for Cisco Any Connect Client
Multifactor (Two Factor) Authentication is required for William Paterson University VPN Access. If you have not signed up for Multifactor Authentication, please request access using the ticket type Account -> VPN Access.
Using VPN with Multifactor Authentication
- After you have set up your account, you will continue to use the Cisco AnyConnect client as you have in the past.
- When you provide your login credentials you will now be provided with a secondary authentication box. You can then either use an app on your android (or iphone) to generate a key OR type "push" in the secondary authentication box. Using "push" will send a notification to the app on your phone. (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
Second Password Field
The following is utilized when using the Cisco Any Connect Client for VPN. The second password field is where you define the method of multifactor authentication you will be utilizing.
Authentication Method | Second Password | ||
---|---|---|---|
Duo App Push Verification | push | (See image 1. below) | |
Duo App to Generate Authentication Code | Enter Code displayed in App | (See image 2. below) | |
Text Message | sms | (You will receive a text message with a key that will expire after one hour) | |
Phone Call | phone | (If you have registered multiple phone numbers, enter phone1, phone2, as needed) |
1. Authorizing access through the Duo App | 2. Generating a Key in the Duo App |