What is Multi-factor Authentication (MFA)?
Multi-factor Authentication, or “MFA” for short, is a process that protects an account by using different “factors” or types of authentication in an account login process. The common factors are “something you know” (i.e. an account password), “something you have” (i.e. a device like a cell phone), and “something you are” (i.e. a fingerprint).
Your NetID password is the first factor when logging into an application or service. However, passwords are often deficient for a variety of reasons. So by introducing a second authentication factor, we are able to help you protect your account and University resources at the same time. When logging into an MFA enabled service, you must have your additional factor available to you.
Many campus applications and services require MFA and more are added regularly, particularly those that house sensitive data.
What is Duo?
Duo is the cloud based service currently being used to facilitate the “something you have” factor in our MFA process.
Before you can use Duo you will need to register at least one device with the Duo service. The Duo enrollment process establishes an account with Duo and links your NetID to one or more physical devices that you will use as your additional factor of authentication.
Duo Authentication Methods
Duo supports a number of methods for an additional factor of authentication:
- Smartphone or tablet [1] running the Duo Mobile app. If you have a smartphone or tablet, it is highly recommended you enroll the device and install the Duo Mobile app. This is the most common and convenient way to validate your additional factor. The app allows you to receive a “push” notification to your device and does not incur any text messaging charges. Alternatively, you can obtain a 6-digit passcode from the Duo Mobile app to enter.
- A “non-smart” cellular phone. A cellular phone that cannot run the Duo Mobile app but is able to receive SMS text messages may be used. Duo will send a 6-digit passcode. (Text messaging fees may apply depending on your service contract.)
- A landline telephone. Duo can call a landline to provide a 6-digit passcode.
Note: Montclair State University will never share the information entered in the device enrollment process, including cell phone and landline number(s), with other internal or external services.
Enrollment is performed through a self-service web portal and typically takes a few minutes.
Note: You must be pre-approved to use the self-service portal at this time. If you are attempting to access a service requiring Duo MFA, and cannot enroll using the self-service portal, please contact the IT Service Desk, x7971, opt.1 or itservicedesk@montclair.edu for assistance.
Through the self-service web portal you can set up multiple smartphones and landline numbers and then choose which one to use by default.
Note: It is strongly recommended that after enrolling a primary device, such as your smartphone, that you also enroll a secondary device such as your work desk phone or home phone. This will provide you with an alternative method for validation and access to your Duo settings in the event your primary device is lost, damaged, or replaced. See APPENDIX A for more information.
Important: If you will be using a smartphone or tablet, it is recommended that you install the Duo Mobile app prior to enrolling the device(s) with the Duo self-service web portal. This will make the enrollment process easier.
The Duo app can be installed from the App Store for Apple iOS devices or the Google Play Store for Android devices. Search for “Duo Mobile” in the store. The vendor is Duo Security, Inc. and the app logo is green with white letters. Below is what the app looks like in each store.
After installing the Duo mobile app on your smartphone, access any Montclair State University service, for example NEST or Workday to start the setup process.
You will be presented with the single-sign on login page and asked to enter your MSU NetID and password and press “Login”.
You will be logged into the Duo cloud service and shown a welcome screen before proceeding:
The first step is to select the type of device you want to add to your Duo profile. You can add multiple devices, including more than one of the same type, but you have to add them one at a time. We recommend starting with your primary mobile phone. It is recommended that you select Duo Mobile for multifactor authentication. The following screens illustrate this:
Note: that MSU currently does not support the “U2F” or “Yubikey” options, so they can be ignored.
Enter your mobile phone number, area code included (ex: 202-555-5555) – you do not need to include parentheses or dashes. Select Continue.
Confirm that the entered phone number is correct.
*At this point, if you are using a smartphone or tablet and have NOT already installed the Duo Mobile app, please see the APPENDIX B for instructions on how to download the app during the registration process.
Next, you will be asked to confirm ownership of your mobile device. Select Send me a passcode.
After receiving the passcode to your mobile device, enter the 6 digit code and select Verify.
You will then be prompted to download the Duo Mobile app if you have not yet already done so. Download the app and select Next.
On the Duo Mobile app, select Use QR code and scan the QR code on the screen. You can, instead, chose to receive an activation link.
After scanning the QR code, you will now be able to use Duo to complete multifactor authentication. Select Continue.
You can now, optionally, add additional devices for multifactor authentication. It is recommended to add an additional device in case your primary device becomes unavailable.
Once you have enrolled one or more devices, you may login to any MSU application or service requiring Duo MFA. The login screens will vary by service, however, during the login process you will usually be directed to a page that requires you to select one of your enrolled devices to complete the authentication process:
Successfully completing one of the authentication methods will allow you to login to the application or service.
It is strongly recommended that after enrolling a primary device, such as your smartphone, that you also enroll a secondary device such as your work desk phone or home phone. This will provide you with an alternative method for validation and access to your Duo settings in the event your primary devices is lost, damaged, or replaced.
Important: Since you have already registered one device in Duo, you will need to use that device to verify your identity with Duo before you can modify that device’s settings or add/remove any other devices.
First, access any Montclair State University service, for example NEST or Workday to start the process. You will be presented with the Duo multifactor authentication screen. Select Other Options.
On the next screen, select Manage Devices.
Complete the identification verification process.
You will next be presented with the DUO device management screen. On this screen select Add a device.
Select a login option. It is recommended that you select Duo Mobile for multifactor authentication.
Enter your phone number.
Confirm that the entered phone number is correct.
Next, you will be asked to confirm ownership of your mobile device. Select Send me a passcode.
After receiving the passcode to your mobile device, enter the 6 digit code and select Verify.
You will then be prompted to download the Duo Mobile app if you have not yet already done so. Download the app and select Next.
On the Duo Mobile app, select Use QR code and scan the QR code on the screen. You can, instead, chose to receive an activation link.
After scanning the QR code, you will now be able to use Duo to complete multifactor authentication with your additional device. Select Continue.
* Repeat these steps to add additional devices to your Duo account.
These instructions are for installing the Duo Mobile app for your particular brand of device during the initial enrollment process. (It is recommended that you install the Duo Mobile app on your phone prior to enrolling your first device since it makes the enrollment process a bit easier.)
iPhone/iOS
Launch the App Store, search for “Duo Mobile”. Select GET.
Android
Launch the Google Play Store, search for “Duo Mobile”. Select Install.
These instructions are for reactivating Duo Mobile on a new device with the same phone number. (It is recommended that you install the Duo Mobile app on your new phone prior to re-activating your device since it makes the activation process a bit easier.)
First, access any Montclair State University service, for example NEST or Workday to start the process. You will be presented with the Duo multifactor authentication screen. Select Other Options.
On the next screen, select Manage Devices.
Complete the identification verification process.
You will next be presented with the DUO device management screen. Select I have a new phone on the previously registered device.
The phone setup screen will appear. Select Get Started.
Next, you will be asked to confirm ownership of your mobile device. Select Send me a passcode.
After receiving the passcode to your mobile device, enter the 6 digit code and select Verify.
You will then be prompted to download the Duo Mobile app if you have not yet already done so. Download the app and select Next.
On the Duo Mobile app, select Use QR code and scan the QR code on the screen. You can, instead, chose to receive an activation link.
After scanning the QR code, you will now be able to use Duo to complete multifactor authentication with your new device. Select Continue.
When traveling internationally you can still connect to Montclair State University applications or vpn using DUO as long as you ensure the following:
- You are in possession of the DUO registered device.
- You have access to the local WiFi.
- Your DUO Mobile app on your device is up to date.
- You use DUO Push notifications. They do not require an international calling plan.