Skip to main content
University of California San Francisco Give to UCSF

UCSF IT Technology

Main navigation

  • Status
    • Security Announcements
  • Services
  • How To
  • News & Events
  • About Us
  • Log In
Open Close Search
Open menu
Give to UCSF

Breadcrumb

  1. Home
  2. How To
  3. Multi-factor (Duo) Authentication Methods

This content is viewable by Everyone

Multi-factor (Duo) Authentication Methods

Save

Log in via MyAccess to save.

  • Audience: Affiliate, Faculty, Staff, Technical Partner
  • Service Category: Access & Identity
  • Owner Team: Identity and Access Management
  • Service:
    Multi-factor Authentication (Duo)

Overview

Duo offers the following methods of authentication:

  • Duo Push: The most common and recommended way users utilize two-factor authentication. This requires (1) either an Android or an Apple smartphone with the application installed and enrolled to your Active Directory account, and (2) an internet connection.
  • Duo Passcode: This also requires the Duo Mobile application installed to a smartphone but does not require an internet connection.
  • SMS Text: This does not require a smartphone; instead, it uses SMS text messaging in the authentication process.
  • Voice: This is most commonly used in a situation where there is no cell service but a LAN line is available to receive a phone call. This is a less secure option, since anyone can answer the phone. To use this option, you must register your landline's phone number on remote.ucsf.edu.
  • YubiKey: This is a physical USB key that you plug into a computer to provide secondary authentication. For more detail on this option, see the YubiKey section below.
  • Bypass code: This is a temporary passcode that you can use as your secondary authentication method. Bypass codes must be requested in advance and only by the person who will use them. They expire after 30 days.

Duo Push

  1. After entering your network login username and password in a Duo Enabled application (e.g., Pulse Secure VPN client, remote.ucsf.edu, Outlook Web Access), you will be prompted for a secondary password.
  2. In the secondary password field, type push and click Connect.
    screenshot of login dialogue box with "secondary password" field highlighted
     
  3. Some applications may offer a Send Me a Push button for you to click instead.
    Screenshot of Duo "choose an authentication method" diaglogue box, with "Send Me a Push" button circled in red
     
  4. A Duo notification will appear on your smartphone.
  5. Tap on the notification to open the Duo Mobile app.
    screen capture of iPhone home screen with Duo "Login request" notification alert
     
  6. Tap the Approve button to complete your login.
    screen capture of Iphone Duo Mobile Application Login Request "Approve Screen" with options to either approve (greend) or deny (red)

 Duo Passcode

  1. After entering your network login username and password in a Duo-enabled application (e.g., desktop or mobile Pulse Secure VPN client, remote.ucsf.edu, Outlook Web Access), you will be prompted for a secondary password.
     
    screenshot of login dialogue box with "secondary password" field highlighted
     
  2. Launch the Duo Mobile app on your smartphone and click on the green key on the right side of the UCSF entry. A 6-digit passcode will appear. 

    Screen apture of Iphone Duo mobile application with green key button circled and a six digit pass code circled
  3. Enter this 6-digit passcode in the secondary password field, then click submit/connect.

SMS Text Message

  1. After entering your network login username and password in a Duo-enabled application (e.g., desktop or mobile Pulse Secure VPN client, remote.ucsf.edu, Outlook Web Access), you will be prompted for a secondary password.
     
    screenshot of login dialogue box with "secondary password" field highlighted
  2. In the secondary password field, type sms1, then click Connect. This sends a text message to the first device in your account capable of receiving text messages. To send to the second, type sms2; to the third, type sms3, and so on.
  3. An invalid credentials error will be displayed. Click OK.
  4. 10 passcodes will be delivered to your phone as a text message.
  5. Type any of the passcodes in the secondary password field, then click Connect.
    screen capture of Iphone home screen with text message notification containing ten 7 digit passcodes
     

Voice Phone Call

  1. After entering your network login username and password in a Duo-enabled application (e.g., desktop or mobile Pulse Secure VPN client, remote.ucsf.edu, Outlook Web Access), you will be prompted for a secondary password.
    screenshot of login dialogue box with "secondary password" field highlighted
  2. In the secondary password field, type phone1, then submit/connect. This calls the first device in your account capable of receiving phone calls. To call the second, type phone2; the third, phone3, etc.
  3. Duo will call your registered landline.
  4. Answer the phone, and the automated voice will prompt you to press any number.
  5. Once you’ve pressed any number, you will be authenticated.

YubiKey

A YubiKey is a USB key that you plug into your computer's USB port to provide secondary authentication. YubiKeys are the keys to all of your accounts, so do not keep them with your computer in case it is ever lost or stolen.

YubiKeys have specific system requirements, so before submitting your request, refer to https://www.yubico.com/support/knowledge-base/categories/downloads/ and make sure your device is supported.

Replacement YubiKeys cost $30 each, so safeguard your YubiKey and file a report immediately if it is lost or stolen. 

View YubiKey videos, with step-by-step instructions, here.

Requesting a YubiKey

  1. Go to http://help.ucsf.edu and click on Accounts, Access & Email.
  2. Log into MyAccess with your network login username and password.
  3. Click on Duo YubiKey (Two Factor USB Device) Request Form.
  4. Fill out the form and click Submit. Your YubiKey should be delivered to us in 2 days.
  5. You will receive a notification to pick up your YubiKey from an IT Health Desk location.
  6. Locate the closest IT Health Desk and bring your photo ID so we can verify your identity.

Using a YubiKey

  1. Insert the YubiKey into your computer’s USB port.
  2. After entering your network login username and password in a Duo-enabled application (e.g., the desktop or mobile Pulse Secure VPN client, remote.ucsf.edu or Outlook Web Access), you will be prompted for a secondary password.
  3. Click in the secondary password field, then press the button on your YubiKey.

Bypass code

A bypass code is a temporary passcode that you can use as your secondary authentication method. Bypass codes must be requested in advance and only by the person who will use them. They expire after 30 days.

Requesting a bypass code

  1. Call the UCSF IT Service Desk (415-514-4100) and ask for a Duo bypass code.
  2. The Service Desk agent will ask you questions to verify your identity.
  3. Once you verify your identity, the Service Desk agent will create a bypass code unique to your network login username.

Using a bypass code

  1. After entering your network login username and password in a Duo-enabled application (e.g., the desktop or mobile Pulse Secure VPN client, remote.ucsf.edu or Outlook Web Access), you will be prompted for a secondary password.
  2. Enter your bypass code in the secondary password field, then click Connect.

Related Information

  • Multi-factor (Duo) FAQs
  • Multi-factor (Duo) Authentication Methods
  • Multi-factor (Duo) Login Experience
  • Multi-factor (Duo) aPeX Manual Enrollment
Section Menu
Multi-factor Authentication (Duo)
  • Enrolling your first device in Duo
  • Managing, Updating, and Enrolling Additional Devices in Duo
  • Multi-factor (Duo) FAQs
  • Multi-factor (Duo) Authentication Methods
  • Multi-factor (Duo) Login Experience
  • Multi-factor (Duo) aPeX Manual Enrollment
Home

Footer Col 1

  • Status
  • Services
  • How To
  • News & Events

Footer Col 2

  • About
  • IT Directory
  • Standards & Guidelines

Footer Col 3

  • Get Help
  • Recognize IT Staff
  • Submit a Support Inquiry

    For emergencies and high priority issues please call the IT Service Desk (415) 514-4100

    • Facebook
    • Twitter
    • YouTube
    • Instagram

    © 2023 The Regents of the University of California