DUO Multi-Factor Authentication

DUO Multi-Factor Authentication

As part of the Teams implementation, CBC IS will be implementing a new security protocol for MS Office products known as Multi-Factor Authentication.  DUO is the leader in enterprise multi-factor authentication and has been successfully adopted at many colleges and universities across the country.  

In simple terms, we are adding another layer of security in addition to your user name and password, when logging into Microsoft Office applications (Email/Teams/OneDrive). 

 

Why do I need MFA? 

The implementation of multi-factor authentication is one of the best recommended practices, an organization can take, to reduce phishing incidents and account compromises. Though not 100% perfect, implementing MFA significantly reduce the ability for malicious actors to utilize your account, even if they know your username and password.  It accomplishes this by relying on something you have with you physically that would be difficult for an attacker, but easy for you, to control; in this case, it will most likely be your smart-phone. 

 

What do I need to do to get ready?

  • Enrollment – On <Some Date> you will receive an email, similar to the one below, from “no-reply@duosecurity.com” with the title “Duo Security Enrollment”.  This will allow you to pre-enroll your second factor authentication device. It is recommended you do this before you have access to Teams, as password prompts on iPhones have created difficulties for people, after their MFA in Office 365 has been enabled. Follow the instructions provided, our knowledge base article found here, or DUOs enrollment guide https://guide.duo.com/enrollment to enroll in MFA.  You should now be pre-enrolled, and your multi-factor authentication will be ready when CBC IS activates it for Office and Teams.  Please be aware that Duo will require some basic security settings on your phone, including screen lock.

 

What type of behavior should I expect?

  • Authentication -  If you have pre-enrolled, you will not see any change in behavior to your experience until, CBC IS activates your MFA in Office and Teams, this will occur on <some date>.  On this day, you will start seeing an Authentication window prompt, similar to the one below; use your preferred method for your second factor authentication.  If you have not pre-enrolled you will be taken through the enrollment process (See Above).

 

There are three options to authenticate discussed below: 

 

Send Me a Push - When you click the “Send Me a Push” button, you will see a prompt on your phone.  On your phone click the top portion of the request, to see the details.  Review the details and click approve to complete your second factor authentication. 

Duo Mobile Notification

Duo Push Request on Android

Call Me – When you click on Call Me, your phone will ring and you will be provided a code to enter into your authentication window. 

 

Enter a Passcode – this option requires you to start your Duo App on your phone and ask for a passcode.  After the Passcode is generated, enter it into your Authentication Window. 

When you click on the Log In button on the authentication screen you will see that it opens up a field where you can enter a Passcode. 

At that point, open the DUO app on your phone which should look like the image below. 

 

Tap on down arrow to the right of the words Columbia Basin College and your screen should look as it is shown below. 

The number shown is the Passcode which you can enter into the field to the left of the log in Screen. 

 

 

Your authentication should be complete at this time. 

  • Multiple Prompts Microsoft application such as Outlook and Teams – Due to the way Microsoft applications such as Outlook and Teams work, you will get a prompt for each of the applications.  However once authenticated with the application, it will not prompt again until you change your password, or you try to login from a different device. You only need to perform this login process once for each application until you change your password in a year. 

  • Web and Browser Based Login – If you utilize web browsers for Email or Teams you will be prompted for MFA each time you login.  The way your browser cache is configured may not require you to login each time you use your browser for as long as 12 hours. If you tend to leave your browser open, all day, you should not see much of an impact.  

 

What if I don’t have a Smart Phone? – If you do not have a Smart Phone, you can utilize a landline phone number, though this method is less secure and is the less preferred option. 

 

What do I do if I forgot my Smart Phone? – If you forgot or lost your Smart-Phone, please contact the IS Helpdesk, they can create a One-Time-Passcode, and/or modify your authentication method until you can get back to normal. 

 

Is there any training or Resources Available? – This document serves as your training.  It and any other documents regarding MFA can be found on our knowledge base https://cbc.teamdynamix.com/TDClient/1860/Portal/KB/?CategoryID=18194 or DUO has also provided training guides https://guide.duo.com/.  

 

 

Also, please see the new password policy here: https://cbc.teamdynamix.com/TDClient/1860/Portal/KB/ArticleDet?ID=109024

Details

Article ID: 108725
Created
Fri 5/29/20 7:21 AM
Modified
Mon 7/27/20 8:48 AM