Multifactor Authentication: Difference between revisions

From William Paterson University - Information Technology's Wiki
Jump to navigation Jump to search
Line 113: Line 113:
This page will allow you to select the Device you would like to use for Authentication.  You can enroll multiple phone numbers or mobile device including tablets.  
This page will allow you to select the Device you would like to use for Authentication.  You can enroll multiple phone numbers or mobile device including tablets.  


   '''Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option if you do not want to be prompted everytime you log in to WPconnect'''
   '''Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option  
if you do not want to be prompted everytime you log in to WPconnect'''


[[File:DuoLoginWPconnect2.png|300px]][[File:DuoLoginWPconnect2-1.png|300px]]
[[File:DuoLoginWPconnect2.png|300px]][[File:DuoLoginWPconnect2-1.png|300px]]
Line 133: Line 134:
This page will allow you to select the Device you would like to use for Authentication.  You can enroll multiple phone numbers or mobile device including tablets.  
This page will allow you to select the Device you would like to use for Authentication.  You can enroll multiple phone numbers or mobile device including tablets.  


   '''Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option if you do not want to be prompted everytime you log in to WPconnect'''
   '''Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option
  if you do not want to be prompted everytime you log in to WPconnect'''


[[File:DuoLoginWPconnect2.png|300px]][[File:DuoLoginWPconnect2-1.png|300px]]
[[File:DuoLoginWPconnect2.png|300px]][[File:DuoLoginWPconnect2-1.png|300px]]

Revision as of 15:49, 27 November 2018

Duobanner.png

Multifactor Authentication

Multifactor Authentication is a second layer of security for your William Paterson account. After typing in your password, you will need a second form of authentication (a call, text, 6-digit code, or push notification) to log in and prove that it's really you logging into your account. Without two-factor, anyone with your username and password could log into your account. With two-factor, only you will be able to log in because you need to use your phone to approve logins.

Multifactor Authentication (MFA or Two Factor Authentication) is already required for William Paterson University VPN Access, and is now being implemented for WPconnect, email and additional WP services. WPUNJ’s Duo multifactor authentication application will provide an extra layer of security to ensure that only you login to your account.

What is Duo Multifactor Authentication?

Duo is a Multifactor Authentication product that the university is implementing to secure our WP accounts. William Paterson University started using Duo in 2016 for all VPN users. The Duo App is available for use on smartphones to authenticate using a Push notification or a Passcode. Duo also the product used to authenticate clients via phone call or text message passcodes.

Why is William Paterson requiring multifactor authentication?

Universities and other education institutions have encountered a significant increase in phishing and other online attacks in attempt to compromise accounts for financial gain. As passwords alone no longer ensure account security, the university will be implementing multifactor authentication to protect individual accounts and improve the university’s overall online security. Similar to forms of multifactor authentication in use by online banking, shopping, social media, and personal email account sites, WPUNJ’s Duo multifactor authentication application will provide an extra layer of security to ensure that only you login to your account.

How does Multifactor Authentication work?

Duo how-it-works.png

After your password is entered, the MFA logon procedure will prompt you to validate your login by choosing a notification through the Duo Mobile smartphone app, a phone call, or a text message in order to complete the login.

What Multifactor Authentication methods can I utilize?

You can choose to receive a Push notification on your iOS or Android device, a text message, or a phone call.

What services require Multifactor Authentication?

WPconnect, Office365, Email, and other WP online services will now require you to use Multifactor Authentication. You may be prompted to log in when setting up email thru Outlook on your computer, you may need to remove and add your email account on your mobile device or obtain the Outlook App for your device.

There is an optional check box on the login screen to remember your device for 4 hours. You can also set your account to automatically send your default device a Push notification.

How do I register my phone number?

Information Technology has prepopulated the Duo system with cell phone, office phone, or home phone information based on phone information available in the university’s Banner system. You can add, edit, and remove devices or phones through the Duo Device Management Portal available in WPconnect through Duo icon located in the Apps menu.

How do I download and associate the Duo App to my account?

Visit your App Store and download the Duo App. Once you have the App, visit the Duo Device Management Portal to

What happens if I get a new smartphone?

Not a problem! If you change mobile devices, or if your Duo App becomes disassociated with your account you will need to reactivate your App. Use the passcode authentication method, or use a secondary device, to authenticate to WPconnect and visit the Duo Device Management Portal to reactivate your Duo App on your new device.

What happens if I don't have access to my primary device or I forget or lose my mobile phone?

Information Technology has pre-populated several phone numbers into your Duo settings, and you should review and update them. Adding additional numbers provides you with the option to validate your login on multiple numbers. Additionally, the Helpdesk has the ability to provide a one-time bypass code over the phone (additional information will be required to verify your identity). Call our Helpdesk at 973-720-4357 for assistance.


Authentication and Software

Duo App for Mobile Devices

"Duo Mobile" can be downloaded from either the Apple App Store or the GooglePlay Store.

iPhone Duo Application

Duo iphoneApp.PNG

            Android Duo Application

Duo androidApp.PNG

            Download the Duo Mobile App

Duo Mobile for iPhone

Duo Mobile for Android

If you change mobile devices, or if your Duo App becomes disassociated with your account you will need to reactivate your App.

Duo Mobile App Support Documentation

For more information on the Duo Mobile Applications please see the Duo Support Documentation -

Duo Mobile App Push Troubleshooting

If you have authorized your Duo Application, but you are not recieveing a notification on your phone, you may have disabled notifications for the Duo App on your phone.

Additionally if you have changed mobile devices, or if your Duo App is still not working, please use the Passcode option to send a text message and visit the Duo Device Management Portal on WPconnect to reactivate your App.

Duo Multifactor for Landline and other Mobile Devices

If you are unable to utilize the Mobile App, you will still be able to register a Generic Mobile phone number to receive text message passcodes or phone calls, or a Landline to receive calls. These devices are registered and managed through WPconnect.

==Duo Device Management Portal on WPconnect==

To manage your multifactor authentication devices you will need to visit the Duo Device Management Portal through WPconnect. The Duo Device Management Portal is listed as Duo under Applications. You can Add or Remove devices from this portal. Mobile devices, both cellphones and tablets, as well as Landline phone numbers can be added for Authentication. Additional documentation can be found on the Duo guide as well.

Manage Devices

To manage your devices you must first authenticate against one of you existing devices. Click one of the green icons to start the process and follow the on-screen prompts.

DuoManagementWPconnect1.png

From My Settings & Devices you can add a device or remove an old device, or select a device to automatically send a push notification to upon login.

DuoManagementWPconnect2.pngDuoManagementWPconnect4.png

Reactivating the Duo App

From Device Options you can Reactivate your Duo Application (if you have a new mobile device), or change the description of you device.

DuoManagementWPconnect3.png


Add a new a device

When adding a new device, you will be asked for the device type, Mobile Phone, Tablet, or Landline. Please provide the phone number and device type for mobile devices. Download the Duo App for your smart phone, and scan the QR code provided on the screen to associate the App to your account.

==Logging in to WPconnect==

After you have logged in to the "Shibboleth" login page, you will be redirected to the Multifactor Authentication page for Duo.

DuoLoginWPconnect1.png

This page will allow you to select the Device you would like to use for Authentication. You can enroll multiple phone numbers or mobile device including tablets.

 Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option 

if you do not want to be prompted everytime you log in to WPconnect

DuoLoginWPconnect2.pngDuoLoginWPconnect2-1.png

The suggested method of Multifactor authentication is to use Duo Push which utilizes the Duo Mobile Application on your mobile phone or tablet.

DuoLoginWPconnect3.png

Additionally, you can select to receive a phone call and acknowledge you login by pressing any key, or by using a Passcode that you generate using the Duo Mobile Application or by receiving a text message.

DuoLoginWPconnect4.pngDuoLoginWPconnect4-2.png

==Logging in to WPconnect==

After you have logged in to the "Shibboleth" login page, you will be redirected to the Multifactor Authentication page for Duo.

DuoLoginWPconnect1.png

This page will allow you to select the Device you would like to use for Authentication. You can enroll multiple phone numbers or mobile device including tablets.

 Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option
 if you do not want to be prompted everytime you log in to WPconnect

DuoLoginWPconnect2.pngDuoLoginWPconnect2-1.png

The suggested method of Multifactor authentication is to use Duo Push which utilizes the Duo Mobile Application on your mobile phone or tablet.

DuoLoginWPconnect3.png

Additionally, you can select to receive a phone call and acknowledge you login by pressing any key, or by using a Passcode that you generate using the Duo Mobile Application or by receiving a text message.

DuoLoginWPconnect4.pngDuoLoginWPconnect4-2.png

==Logging in to WPconnect==

After you have logged in to the "Shibboleth" login page, you will be redirected to the Multifactor Authentication page for Duo.

DuoLoginWPconnect1.png

This page will allow you to select the Device you would like to use for Authentication. You can enroll multiple phone numbers or mobile device including tablets.

 Note: There is an option on the login screen to remember your device by using the "Remember me for 4 hours" option
 if you do not want to be prompted everytime you log in to WPconnect

DuoLoginWPconnect2.pngDuoLoginWPconnect2-1.png

The suggested method of Multifactor authentication is to use Duo Push which utilizes the Duo Mobile Application on your mobile phone or tablet.

DuoLoginWPconnect3.png

Additionally, you can select to receive a phone call and acknowledge you login by pressing any key, or by using a Passcode that you generate using the Duo Mobile Application or by receiving a text message.

DuoLoginWPconnect4.pngDuoLoginWPconnect4-2.png

Additional VPN Authentication for Cisco Any Connect Client

Multifactor Authentication is required for William Paterson University VPN Access. If you require access to VPN, please request access using the ticket type Account -> VPN Access.

Using VPN with Multifactor Authentication

  1. After you have set up your account, you will continue to use the Cisco AnyConnect client as you have in the past.
  2. When you provide your login credentials you will now be provided with a secondary authentication box. You can then either use an app on your android (or iphone) to generate a key OR type "push" in the secondary authentication box. Using "push" will send a notification to the app on your phone. (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)

Second Password Field

The second password field appears in the Cisco Anyconnect tool.
The second password field appears in the Cisco Anyconnect tool.

The following is utilized when using the Cisco Any Connect Client for VPN. The second password field is where you define the method of multifactor authentication you will be utilizing.

Authentication Method             Second Password
Duo App Push Verification push (See image 1. below)
Duo App to Generate Authentication Code Enter Code displayed in App (See image 2. below)
Text Message sms             (You will receive a text message with a key that will expire after one hour)
Phone Call phone         (If you have registered multiple phone numbers, enter phone1, phone2, as needed)



1. Authorizing access through the Duo App

Duo iphone2.PNG

            2. Generating a Key in the Duo App

Duo iphone1.PNG