Overview

What is multi-factor authentication?

Phishing and brute force attacks are increasing exponentially, and so are the risks that your credentials may be stolen. Multi-factor authentication, or MFA, provides added security control.

Multi-factor authentication requires users to provide multiple identifying factors before they will be allowed access to an application or device. We are using a third-party application called Duo to provide two-factor authentication (a subset of multi-factor authentication) for systems such as Remote Access, VPN and Outlook Web Access.

Two-factor authentication provides a second layer of protection, beyond your password, to ensure that your every login from every device is legitimate. This helps us protect you, your work, and the University.

How does Duo work with the systems I use that require multi-factor authentication?

The most common authentication method is Duo Push. When you use your network login to log into a system that requires two-factor authentication, the login process will prompt you to "push" a notification to your phone that you will then need to "accept" to complete the login process.

Systems that require multi-factor authentication:

Pulse Secure
MyAccess
Outlook Web Access (http://email.ucsf.edu) Access from mobile email clients is not affected)
UCPath
Keeper (Password Vault)
Apex for Electronic Prescriptions of Controlled Substances (ePCS)
Remote Control Connection

Additional support for multi-factor authentication:

Refer to the Multi-factor Authentication FAQ page or contact the UCSF IT Service Desk.

Enrolling your first device in DUO

The Duo service needs to learn about the device you will be using for multi-factor authentication. This process is called “enrollment”. Before starting the enrollment process, please ensure that the Duo app is installed. For information on how to do that see the “How to access” section above.

Incoming UCSF students and onboarding UCSF staff only: As part of your on-boarding process a UCSF email account has been created for you. Instructions for completing Duo enrollment have been sent to that address. This message will come from no-reply@duosecurity.com. If you have not received these instructions, install the Duo app as described above and then follow the steps below.

Open a web browser and go to https://myaccess.ucsf.edu. Use your UCSF username and password and click “LOGIN” to log in.
If you currently have no device enrolled in Duo, you will be presented with the following screen. Press the "Start setup" buttons. If you see a different screen skip to "Managing and enrolling additional devices" (below).
Select the type of device you will be using for multi-factor authentication. Most likely, this will be a mobile phone, although it is not uncommon to use a landline.
Then enter your device's phone number.
This step will cause the Duo service to attempt to contact your device. This is a critical step that establishes trust between you and Duo, ensuring that you possess the device with the number entered.
During this step you will choose the default multi-factor authentication method. This can be a push, a voice call or you can have it ask you each time you attempt to authenticate. A push is a small popup window sent to your phone with options for you to authorize or reject the connection attempt.
For mobile phones, it is recommended that you select “Automatically send this device a Duo Push”. For a landline, choose “Automatically call this device”. For more information on Duo authentication methods refer to Duo Authentication Methods.
You are now ready to perform your first Duo multi-factor authentication to the MyAccess website and enrollment of your device in Duo is now complete.

Managing, updating, and enrolling additional devices

Please refer to How does changing a phone, number, or SIM card affect Duo Mobile? from Duo for help with adding an additional phone or other device (such as an iPad). Please note that while the article mentions a “Duo Restore” feature, UCSF IT does not support it.

Using Duo at UCSF once you are enrolled

For more information, see our Multi-factor Login Experience page for examples of how Duo works with specific applications.

Multi-factor (Duo) FAQs

Content Restricted