Search Google Appliance

Information Technology

Duo Multi-Factor Authentication Enrollment and Use

Multi-Factor Authentication

UMass selected Duo as a multi-factor authentication service vendor and is implementing it on select IT services to increase security.

For a general overview of the Multi-Factor Authentication Service, see: https://www.umass.edu/it/authentication

For an overview of the Duo product, see: https://guide.duo.com/

 


Supported Browsers:

Chrome, Firefox, Safari, Internet Explorer 8 or later, and Opera


Enroll in Duo

Duo prompts you for a second factor when you authenticate into a Duo enabled service. The following steps detail the process of enrolling a device (phone, tablet or landline) to serve as the second factor.

Step 1:

Navigate to https://multifactor.umass.edu

Step 2:

Login with you NetID and password.

Step 3:

You should be redirected to a page titled "Multi-Factor Account Management." Click "Continue" to begin the process of enrolling a device with Duo.

Step 4:

At the "Protect your University of Massachusetts Amherst Account" page, click "Start Setup."

Step 5:

Select the type of device you would like to use with Duo and click "Continue." 

Step 5a:

For mobile phones:

  1. Enter the device's phone number.
  2. Check the checkbox to confirm your device's phone number, and click "Continue."
  3. Click the type of phone you are enrolling (iPhone, Android, Windows Phone, Other), and click "Continue."
  4. Install the Duo Mobile application for the type of device you are enrolling, see the Specific Devices section or follow the on-screen instructions.
  5. Proceed to Step 6.

Step 5b:

For tablets:

  1. Select the type of tablet you are adding (Android or iOS), and click "Continue."
  2. Install the Duo Mobile application for the type of device you are enrolling, see the Specific Devices section or follow the on-screen instructions.
  3. Proceed to Step 6.

    Step 5c:

    For landlines:

    1. Enter the landline's phone number (the full number with area code).
    2. Check the checkbox to confirm the phone number you just entered.
    3. Click "Continue."
    4. Proceed to Step 8.

      Step 6:

      After you have installed the app, return to the enrollment dialog on your computer screen and click "I have Duo Mobile."

      Step 7a:

      Activate Duo Mobile with a QR code:

      For an iPhone, Android, and Windows Phone activate Duo Mobile by scanning the QR code with the Duo Mobile app’s built-in scanner:

      1. Open the Duo Mobile application on your device.
      2. In the Duo Mobile application, tap the "+" icon.
      3. Capture the QR code displayed on the "Activate Duo Mobile" dialog box on your computer screen with your device.
      4. Once you capture the QR code, the “Continue” button on the “Activate Duo Mobile” dialog box on your computer screen should be highlighted.
      5. Click “Continue.”
      6. Your University of Massachusetts Amherst account should now be listed in the Duo Mobile application.
      7. Proceed to Step 8.

      Step 7b:

      ​​​​​Activate Duo Mobile via email:

      If you cannot capture the QR code you can activate the Duo Mobile application via email.

      1. Click “Or, have an activation link emailed to you instead.”
      2. Enter an email address that you can check on your device.
      3. Click "Send email."
      4. Log into your UMass email and locate the email sent to you from Duo Security. (Note you will need to perform the following steps on the device you are trying to enroll and that you just installed the Duo Mobile application on).
      5. Tap the link in the email from from your device.
      6. Tap "Open" to open the page in Duo Mobile. Note this step may vary depending on the device you are using.
      7. The Duo Mobile application should automatically open, your University of Massachusetts Amherst should now be listed in the Duo Mobile application.
      8. Return to the "Activate Duo Mobile by Email" dialog on your computer screen and the "Continue" button should now be highlighted in green.
      9. Click "Continue."
      10. Proceed to Step 8.

      Step 8:

      You should be redirected to a page titled "My Settings & Devices." On this page you can:

      • Change the device name under "Device Options."
      • Reactivate Duo Mobile if you delete your account from the Duo Mobile application under "Device Options."
      • Change the preferred default device for authentication.
      • Set the default authentication method.

      Make sure to click "Save" if you make any changes.

      When you are finished editing the settings click "Continue to Login."

      You should see the following message: "Enrollment successful!"

      Step 9:

      You are now set up to authenticate with Duo on your mobile device to a UMass Amherst service using any of the following authentication methods:

      • Push notifications
      • Phone call
      • Passcode

      See the following section for directions on how to authenticate to UMass Amherst Duo-enabled services with Duo.

      Authenticate with Duo

      Step 1:

      Open a web browser and navigate to the service you would like to access.

      Step 2:

      Enter your NetID and password into the appropriate fields and click “Sign In."

      Step 3:

      You should be redirected to a dialog prompt that will let you choose how you want to verify your identity. This is called the Duo authentication prompt:

      Step 4:

      Select the device you want to authenticate with.

      Note: If you have more than one device enrolled in Duo, there will be a drop-down menu for you to select the device you want to use for authentication.

      Step 5:

      You will be prompted to “Choose an authentication method” from the following:

      • Duo Push
      • Call Me
      • Passcode

      Step 5a:

      Duo Push via mobile device

      Select “Send Me a Push”

      You will receive a Duo Mobile login request with the service name that you are trying to access on the mobile device you have enrolled in Duo.

      On your mobile device, select the notification and you will be prompted to approve or deny the request. You can complete this step through the notification on your lock screen or in the Duo Mobile application:

      1. Select “Approve” to authenticate from your device’s lock screen.
        OR
      2. Open the Duo Mobile application on your enrolled device.
      3. Tap on the “1 Request waiting. Tap to Respond…” text.
      4. Tap “Approve.”
      5. Then return to the web browser you opened in step 1, and you should be logged into the service.

      If you receive a Duo Mobile login request that you have not initiated, select “Deny.” If you are in the Duo mobile application, you can select a reason for denying the request.

      Step 5b:

      Call Me via mobile device or landline

      1. Select “Call Me.”
      2. You will receive a phone call on the device enrolled in Duo.
      3. You will hear an automated message that says “Welcome to Duo. If you are not expecting this call please hang up. Otherwise press any key to login.”
      4. Press any key on your mobile device.
      5. Then return to the web browser you opened in step 1, and you should be logged into the service.

      If you hang up without pressing a key on your phone the login request will be denied.

      Step 5c:

      Passcode via Duo application on mobile device

      1. Select “Enter a Passcode.”
      2. Go to the Duo application on your mobile device.
      3. Tap the green key icon next to the service name.
      4. You should see a six-digit pin number.
      5. Return to the web browser and enter the pin number at the authentication prompt.
      6. You should now be logged into the service.

      NOTE: Pass codes can be used to authenticate to a service even if you do not have Internet access.

      Specific Devices

      Android

      You can get the Duo Mobile application from Google Play: https://play.google.com/store/apps/details?id=com.duosecurity.duomobile&hl=en

      The current version of Duo Mobile supports Android 4.0 and greater.

      For more information on using Duo with your Android device, click here: https://guide.duo.com/android

      iOS

      You can get the Duo Mobile application from the App Store: https://itunes.apple.com/us/app/duo-mobile/id422663827?mt=8

      The current version of Duo Mobile supports iOS 7 and greater.

      For more information on using Duo with your iPhone, click here: https://guide.duo.com/iphone

      Windows Phone

      You can get the Duo Mobile application from the Microsoft Store: https://www.microsoft.com/en-us/store/p/duo-mobile/9nblggh08m1g

      The current version of Duo supports Windows Phone 8 and greater. See the legacy application documentation for Windows 7 phones: https://guide.duo.com/windows7-phone

      For more information on using Duo with your Windows phone, click here: https://guide.duo.com/windows-phone

      Landline

      If you cannot download the Duo Mobile application or would like to authenticate via a landline you can receive a phone call:

      • At the authentication prompt, from the “Device” drop-down menu select or verify the device you wish to receive a call from.
      • Click the “Call Me” button and Duo will call you.
      • You can press any key on your phone after listening to the prompt to log into the service on the web browser.

      Text Message via Passcodes:

      • You can also receive a text from Duo by selecting the device you wish to receive a text on (this should be the device enrolled with Duo).
      • On a web browser, at the authentication prompt, select the device you would like to receive a text on.
      • Select “Enter a Passcode.”
      • A blue dialog should pop up that says “Enter a passcode from Duo Mobile or a text.” And click “Text me new codes.”
      • On your phone, you should receive a text with several passcodes.
      • On the web browser, above the “Log in” button, enter one of the passcodes and click “Log in.”
      • You should now be logged into the service.

      For more information on using a cell phone or landline with Duo, click here: https://guide.duo.com/other-phones

      Managing Devices

      If you would like to change the options for the devices you have enrolled in Duo you can:

      Authenticate via Duo by selecting an authentication device and then an authentication method. (See Authentication).

      After you authenticate, you can now change a variety of options for any of the devices you have enrolled with Duo. You can:

      • Reactivate Duo Mobile if you delete your University of Massachusetts Amherst account from the Duo Mobile application.
      • Change the device's name.
      • Delete the device.
      • Add another device.
      • Select a default device that Duo will automatically prefer for authentication.
      • Chose your preferred authentication method.

      Make sure to save any changes you make by clicking on the "Save" button.

      For more information on managing devices with Duo, click here: https://guide.duo.com/manage-devices