Difference between revisions of "Multi Factor Authentication"

From William Paterson University - Information Technology's Wiki
Jump to navigation Jump to search
(Redirected page to Multi-Factor Authentication)
Line 1: Line 1:
 
+
#REDIRECT [[Multi-Factor_Authentication]]
==Multi Factor Authentication==
 
 
 
Multi Factor (Two Factor) Authentication is required for William Paterson University VPN Access.  If you have not signed up for Multi Factor Authentication, [http://www.wpunj.edu/help please request access using the ticket type Account -> VPN Access].
 
{{#ev:youtube|pgrzRIQ9874|400}}
 
 
 
===Using VPN with Multi Factor Authentication===
 
 
 
#After you have set up your account, you will continue to use the [[#Client VPN Application|Cisco AnyConnect client]] as you have in the past.      <!-- <p>[[File:2FA.gif]]</p> -->
 
#When you provide your login credentials you will now be provided with a [[#Second Password Field|secondary authentication]] box.  You can then either use an [[#Duo App for Mobile Devices|app]] on your android (or iphone) to generate a key OR type "push" in the [[#Second Password Field|secondary authentication]] box.  Using "push" will send a notification to the app on your phone.  (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
 
 
 
==Authentication and Software==
 
<!--  ***************VPN Original Information********************
 
===One time setup===
 
{| style="text-align: center;"
 
|{{#ev:youtube|9BItIGPfU2A|400}}
 
|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 
|{{#ev:youtube|WUQtKokU3BI|400}}
 
|}
 
 
 
#To use two factor authentication you must first configure your account access.  Visit [https://vpn.wpunj.edu https://vpn.wpunj.edu], from an off campus connection, to set up your secondary method of authentication. 
 
#Select and configure your preferred method for secondary authentication.  Options include the use of a mobile [[#Duo App for Mobile Devices|app]], receiving a text message or a phone call with an authorization key. (This link is also available within WPConnect on the Employee Page Tab Under Information Technology/Resources or enter "two" in the WPConnect search box to locate the link.)
 
 
 
<gallery>
 
File:1-Login.png|Login Page
 
File:2-Info.png|Multi Factor Info
 
File:3-Device.png|Select Device Type
 
File:4-Phone.png|Input Phone Number
 
File:5-Phone.png|Select Phone Type
 
File:6-Android.png|Phone App Information
 
File:6-iphone.png|Phone App Information
 
File:6-Blackberry.png|Phone App Information
 
File:6-WindowsPhone.png|Phone App Information
 
File:8-ActivateIphone.png|Scan QR Code during registration
 
File:9-iphone.png|Duo App has been associated with your account
 
File:9-MySettings.png|Settings and Device Management Page
 
File:10-ChooseAuth.png|Authentication options if using WebVPN
 
</gallery>  -->
 
 
 
 
 
===Second Password Field=== 
 
 
 
The following is utilized when using the Cisco Any Connect Client for VPN.  The second password field is where you define the method of multi factor authentication you will be utilizing.
 
 
 
{|
 
! style="text-align:left;"|Authentication Method
 
!  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 
! style="text-align:left;"|Passcode
 
|-
 
|Duo App Push Verification
 
 
|push
 
|(See image 1. below)
 
|-
 
|Duo App to Generate Authentication Code
 
|     
 
|Enter Code displayed in App
 
|(See image 2. below)
 
|-
 
|Text Message
 
 
|sms &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 
|(You will receive a text message with a key that will expire after one hour)
 
|-
 
|Phone Call
 
 
|phone &nbsp; &nbsp; &nbsp; &nbsp;
 
|(If you have registered multiple phone numbers, enter phone1, phone2, as needed)
 
|}
 
 
 
<br><br>
 
{|  style="text-align: center;"
 
| 1. Authorizing access through the Duo App
 
<p>[[File:duo_iphone2.PNG|200px]]</p>
 
| &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 
| 2. Generating a Key in the Duo App 
 
<p>[[File:duo_iphone1.PNG|200px]]</p>
 
|}
 
 
 
===Duo App for Mobile Devices===
 
"Duo Mobile" can be downloaded from either the Apple App Store or the GooglePlay Store.
 
 
 
{| style="text-align: center;"
 
|'''iPhone Duo Application''' <p>[[File:duo_iphoneApp.PNG|200px]]</p>
 
|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 
|'''Android Duo Application''' <p>[[File:duo_androidApp.PNG|200px]]</p>
 
|}
 
 
 
 
 
===Reauthorizing the Duo App===
 
 
 
If you change mobile devices, or if your Duo App becomes disassociated with your account you will need to reactivate your App.  You will need to login to VPN through a browser at https://vpn.wpunj.edu
 
 
 
 
 
{| style="text-align: center;"
 
|'''1. Login Page''' <p>[[File:VPN-Reauth1.png|300px]]</p><br>'''3. Select Device To Authenticate''' <p>[[File:VPN-Reauth2-2.png|300px]]</p><br>'''5. Select Activate Duo Mobile''' <p>[[File:VPN-Reauth4.png|300px]]</p><br>'''7. Phone App Information''' <p>[[File:VPN-Reauth6.png|300px]]</p>
 
|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 
|'''2. Multi Factor Info *Select "My Settings & Devices"*''' <p>[[File:VPN-Reauth2.png|300px]]</p><br>'''4. Select Device Options''' <p>[[File:VPN-Reauth3.png|300px]]</p><br>'''6. Select Phone Type''' <p>[[File:VPN-Reauth5.png|300px]]</p><br>'''8. Scan QR Code during registration''' <p>[[File:VPN-Reauth7.png|300px]]</p>
 
|}
 
 
 
<!-- <gallery>
 
File:VPN-Reauth1.png|Login Page
 
File:VPN-Reauth2.png|Multi Factor Info *Select "My Settings & Devices*
 
File:VPN-Reauth2-2.png|Select Device To Authenticate
 
File:VPN-Reauth3.png|Select Device Options
 
File:VPN-Reauth4.png|Select Activate Duo Mobile
 
File:VPN-Reauth5.png|Select Phone Type
 
File:VPN-Reauth6.png|Phone App Information
 
File:VPN-Reauth7.png|Scan QR Code during registration
 
</gallery>-->
 
 
 
==DUO Device Management Portal on WPconnect==
 
 
 
To manage your multi function authentication devices you will need to visit the DUO Device Management Portal thru WPconnect.  The DUO Device Management Portal is listed as Duo under Applications.  You can Add or Remove devices from this portal.  Mobile devices, both cellphones and tablets, as well as Landline phone numbers can be added for Authentication.
 
 
 
 
 
To manage your devices you must first authenticate against one of you existing devices.
 
 
 
[[File:DuoManagementWPconnect1.png|300px]]
 
 
 
From '''My Settings & Devices''' you can add a device or remove an old device
 
 
 
[[File:DuoManagementWPconnect2.png|300px]]
 
 
 
You can select to automatically send a push notification to your default device at login thru this portal.
 
 
 
[[File:DuoManagementWPconnect3.png|300px]]
 
 
 
From '''Device Options''' you can Reactivate your Duo Application if you get a new mobile device, or change the description of you device.
 
 
 
[[File:DuoManagementWPconnect4.png|300px]]
 
 
 
==Logging in to WPconnect==
 
 
 
After you have logged in to the "Shibboleth" login page, you will be redirected to the Multifactor Authentication page for Duo.
 
 
 
[[File:DuoLoginWPconnect1.png|300px]]
 
 
 
This page will allow you to select the Device you would like to use for Authentication.  You can enroll multiple phone numbers or mobile device including tablets.
 
 
 
[[File:DuoLoginWPconnect2.png|300px]]
 
 
 
The suggested method of multi factor authentication is to use Duo Push which utilizes the [[Multi_Factor_Authentication#Duo_App_for_Mobile_Devices|Duo Mobile Application]] on your mobile phone or tablet.
 
 
 
[[File:DuoLoginWPconnect3.png|500px]]
 
 
 
Additionally, you can select to receive a phone call and acknowledge you login by pressing any key, or by using a Passcode that you generate using the [[Multi_Factor_Authentication#Duo_App_for_Mobile_Devices|Duo Mobile Application]] or by receiving a text message.
 
 
 
[[File:DuoLoginWPconnect4.png|500px]]
 
 
 
'''Please note that your account will be locked out after a number of authentication failures.'''  Please [https://www.wpunj.edu/helpdesk submit a ticket], or calling 973-720-4357 to have your account unlocked.
 
 
 
[[File:DuoLoginWPconnect5.png|300px]]
 

Revision as of 15:23, 4 October 2018