This content is viewable by Everyone
Multi-Factor (Duo) Authentication Methods
Save
- Audience: Affiliate, Faculty, Staff, Technical Partner -
- Service Category: Access & Identity
- Owner Team: Identity and Access Management
- Service:Multi-Factor Authentication (Duo)
Overview
Note: If your view initially differs from any of below options, you may be encountering one of two scenarios:
- Your device may still be on the traditional view for Duo. You can find documentation on how to navigate the traditional Duo experience on Duo's how-to website.
- Your device may first require a sign-in through a platform other than MyAccess, such as Okta (shown in below screenshot). Enter your respective username and password as normal and you will be rerouted back to the Duo experience.
Duo offers the following methods of authentication:
- Duo Push: Default verification method for Duo users with a smart device, and UCSF IT’s recommended method for two-factor authentication. This requires a smartphone or tablet (running Android or iOS) with the Duo Mobile application installed and enrolled to your Active Directory account, and an internet connection.
- Duo Passcode: Alternate option for verification; this also requires the Duo Mobile application installed to a smart device, but does not require an internet connection.
- SMS Text: Alternate option for verification that does not require a smart device. Instead, it uses SMS text messaging in the authentication process.
- Phone Call: Alternate option for verification that does not require a smart device. Warning: This is a less-secure option, as most phones by default allow anyone to answer calls without unlocking the device.
- YubiKey: Physical USB key that you plug into a computer to provide secondary authentication.
- Bypass Code: This is a temporary passcode you can use to bypass Duo, only to be used if you do not have access to any of the above verification methods. Bypass codes must be requested in advance and only by the person who will use them. They expire after 30 days.
Duo Push
- Enter your UCSF network login username and password in a Duo-enabled application (e.g., MyAccess, Outlook Web Access).
- Duo will default to automatically send you a push notification to your registered device.
- A Duo push notification will appear on your device. Tap on the notification to open the Duo Mobile app.
- Tap the Approve button to complete your login.
- Select whether to remember the device you are using. You can select “Yes, this is my device” for any device that you use regularly and that you trust. If you are using a public or shared device, be sure to select “No, other people use this device.”
Other Options
If you are unable or prefer not to use the recommended Duo Push verification, you may select one of the other available verification methods.
Note: Duo will always default to a Push, so you will have to follow this process every time you wish to use an alternate verification method.
Duo Mobile Passcode
- When you receive the screen to “Check for a Duo Push,” select “Other Options.
- Select “Duo Mobile passcode” from the options.
- Launch the Duo Mobile app on your smartphone and expand the UCSF entry. A six-digit passcode will appear. Note: You will have to “refresh passcode” after every use, as it is only valid one time.