Getting started with Duo - Enrolling in Duo Mobile & using Duo Push

1. When you are enrolling in Duo for the first time, sign into myMarist or the web version of O365 (myMail), the Duo Security welcome screen will display

2. Click Start setup

3. Choose which type of Duo you are adding as your second factor of authentication, then click Continue

4. Select your country and type your phone number, then click Continue

5. Choose your Duo's operating system and click Continue

6. Install the Duo Mobile application.  After installing the app, click I have Duo Mobile Installed

a. Launch the App store app and search for "Duo Mobile"

b. Tap "Get" and then "Install" to download the app

7. Activate Duo Mobile by scanning the barcode / QR code with the app's built-in barcode scanner, then click  Continue

8. Your Duo is now ready to approve Duo push authentication requests.  Click Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone.

Click here for more information about Duo enrollment: Guide to Two-Factor Authentication - Enrollment Guide

See below for Frequently Asked Questions (FAQ's) about Duo and Multi-Factor Authentication.

* Backing up your Duo mobile app is easy.

-- Android devices can set this up right from the Duo app.  Click here for more information on the Restore for an Android: Duo Restore for Android
-- Apple devices can use iCloud keychain or an encrypted iTunes backup.  Click here for more information on backing up your Apple device: How to back up your iPhone, iPad, and iPod touch

* You can easily restore the Duo Mobile App when you replace your smart device once you have backed up your Duo mobile app.  Click here for more information on the process to restore Duo on new or current mobile devices: Duo Restore

* Do you have a MAC?  You can set up Apple Touch ID as an additional Duo access option.  Click here for more information on using Apple Touch ID with Duo: Using Apple Touch ID with Duo

* Having an issue with your Duo push not allowing access?  Click here for more information on issues with push notifications: Common Issues - I have stopped recieving push notifications on Duo Mobile

* The Guide to Two-Factor Authentication - Duo Security is a great resource for many other features and questions you may have.

Welcome to Duo

MFA provides an additional layer of security to any type of login, requiring extra information or a physical Duo to log in, in addition to your password. By requiring multiple layers of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords. Verifying your identity using MFA prevents anyone but you for logging in, even if they know your password.

Two-Factor Authentication with Duo Push

When logging into an application that is protected by Duo (Marist public-facing websites – myMarist, O365) from on-campus, login experience will not change. When logging into an application that is protected by Duo from off-campus, you will need to complete a method of multi/two-factor authentication. You will still enter your Marist username and password, and then select a method for you to receive that second factor of authentication (i.e. Push Notification or Passcode). Once you approve the push notification or type in the passcode you can access the service. 

Duo Push Notification:

Hardware Token Passcode:

If you are off-campus and signing into the Marist VPN, you enter your Marist Account and password, use your Duo app for your second factor, and will then be single signed into the other public-facing systems you typically use at Marist.

1. Enter username and password as usual
2. Use your phone to verify your identity
3. Securely logged in

Once you've enrolled in Duo, you're ready to go.  You'll login as usual with your username and password, and then use your Duo to verify that it's you.

iOS, Android, Windows Phone, Hardware Token, and Touch ID

You can use a tablet, purchase a hardware token at the Computer Store, or use Touch ID on your MacBook.

Contact the Computer Store at compstore@marist.edu to purchase a hardware token.

Duo Mobile is Duo Security’s free app that allows you to quickly and easily approve a second-factor authentication request using Duo Push. With Duo Mobile and Duo Push, there is no need to carry a bulky token or waste time manually entering passcodes. Just tap to authenticate right on your smartphone.

Click here for more information about Duo Mobile: Duo Mobile App - Duo Security

Click here for more information about Duo Push: Duo Push Demonstration

When you authenticate using a hardware token, click the Enter a Passcode button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click Log In.  You can also watch this brief video on how to Authenticate with Hardware Tokens.

Click here for more information about how the Hardware Token works: Using Duo With a Hardware Token

Please contact the Marist Help Desk for any technical support needs:

845-575-4357

helpdesk@marist.edu

Yes, you can save your Duo authentication in a web browser. This will reduce the frequency of MFA for up to 7 days.  This option is selectable at the Duo prompt screen as remember me.

Please be aware of the following:

• The option relies on browser cookies -- if you are using private (incognito) mode on your browser, you cannot select remember me.
• It is browser specific -- the option is specific to each browser you use, not the entire computer.  If you use multiple browsers, you have to select it on each one.
• Auto-push -- the remember me option must be selected before the Duo Push to your smartphone.  If you are using auto-push, you will need to cancel the push and then select the option.  The checkbox will then stay selected for all future auto-pushes.
• VPN will always require MFA -- the VPN authentication pop-up browser cannot save cookies.  Each login to the VPN service will still require Duo MFA.
• Only choose this option in your own computer -- do not select remember me on any device that you do not personally control, such as a public computer.
• It is still safest to use MFA on every login -- we are changing this configuration to allow individuals to make a choice based on their preferences.  However, it is still more secure to use MFA on every login.