New Multifactor Authentication Requirement for VPN Access – ITS has partnered with Duo Security (www.duo.com) to implement Multifactor Authentication (MFA) for access to Pace University’s Virtual Private Network (VPN) and for other high value services as they become available. After September 30th, 2018, all users will be required to utilize MFA for access to the VPN.
- What is Multifactor Authentication (MFA)?
- Why is this occurring?
- What are the ways to verify your Identity using the Duo MFA?
- Can I enroll multiple devices?
- How to enroll another device?
- How do I manage my device settings?
- What if I am traveling overseas?
- Do I need an Internet connection or cellular service in order to authenticate using Duo MFA?
- What if I lose my phone or tablet?
- What do I do if I get an invalid passcode error when using a passcode that was generated using the Duo MFA application?
- What do I do if I continue to get an invalid passcode error when using a passcode that was generated using the Duo MFA application?
What is multifactor authentication (MFA)?
MFA, also known as 2-Factor Authentication, adds a second verification step (or 2nd factor) by utilizing a mobile device in your possession, such as a cell phone or tablet, to complete authentication to a website or system.
For example, when you authenticate to the Pace VPN using Duo MFA, you will first enter your username and password (something you know). Next, you will generate a separate passcode using the Duo MFA application that is on your phone or tablet (something you have).
Why is this occurring?
Implementing Duo MFA will allow us to better protect your Pace account from potential unauthorized intrusions by adding a 2nd step for verification, which uses a physical device in your possession. This additional step will reduce system access vulnerabilities and help to strengthen our overall security. Multifactor will also be required to authenticate to other high value Pace services as they become available.
Users will generate a six-digit passcode using the Duo mobile application (installed on their phone or tablet) that will be entered as part of authentication to access services protected by MFA.
In rare cases, users may be provisioned with a supported hardware token to generate a six-digit code. A hardware token is only provisioned if a user does not have a smartphone, tablet, or if there is an extenuating circumstance. Hardware token requests are reviewed by ITS on a case-by-case basis. An initial hardware token may be provisioned without charge when approved. However, bulk requests or replacement tokens will require a $20 fee for each device. Upon separation, all tokens will need to be returned to the University.
- Smartphones (Android, iOS, and Windows)
- Tablets (Android and iOS)
- Hardware tokens (only provisioned if a user does not have a smartphone, tablet, or if there is an extenuating circumstance)
How to enroll another device?
Please use the instructions found on the following article to enroll additional devices: Duo (MFA): Manage Your Devices
How do i manage my device settings?
Please use the instructions found on the following article to manage your devices: Duo (MFA): Manage Your Devices
What if i am traveling overseas?
If you are traveling overseas, it is strongly recommended that you enroll more than one device for Duo MFA before you leave for your trip. In addition, it is essential that you verify and test that all enrolled devices are working properly before you depart. This will help to ensure that you will still be able to access critical services, such as the Pace University VPN, even if one of your devices is lost/stolen or isn’t working properly.
Do i need an internet connection or cellular service in order to authenticate using duo mfa?
No, generating a passcode using the Duo application for MFA on your phone or tablet does not require an Internet connection or cellular service.
What if i lose my phone or tablet?
Please contact the Pace ITS Helpdesk immediately. The ITS Helpdesk will validate your identity and then remove your device from being able to being used to complete multifactor authentication with your account.
What do i do if i get an invalid passcode error when using a passcode that was generated using the duo MFA application?
The passcode generated using the Duo mobile application is only valid for a short period of time after it is generated (before becoming invalid). Please make sure to generate a new code by clicking the refresh icon and try again. It is important to note that the passcode generated by the Duo mobile application should immediately be entered into the appropriate login prompt to reduce the chances of an invalid passcode error.
What do i do if i continue to get an invalid passcode error when using a passcode that was generated using the duo mfa application?
If you have a second device enrolled, please use this device to generate a new passcode and try again. If you still continue to have problems, please contact the ITS Helpdesk.