Overview
How to start using multi-factor authentication with Duo at UCSF
Your on-boarding process will generate a message from no-reply@duosecurity.com to your "first.lastname@ucsf.edu" provisioned email account. Follow the instructions in this email to complete Duo enrollment.
Note to incoming students and staff:
If you are a student or faculty member and are attempting to access this email remotely using Outlook Web Access (OWA), which requires Duo enrollment, you will be prompted to enroll in Duo when you log in remotely at https://email.ucsf.edu.
Follow the on-screen prompts to enroll. If you need assistance, contact the UCSF IT Service Desk.
Note to Zuckerberg San Francisco General staff:
If you’re using ZSFG's WebConnect, the Duo app is already installed on your phone. You can use the same app for UCSF systems such as VPN and Web.
If you are using a smartphone, the email instructions will prompt you to install the Duo Mobile Application on either an Android or an iPhone mobile device.
Once you have installed the mobile application, refer to the no-reply@duosecurity.com email, which will contain a link to (1) select to complete the enrollment and (2) take you to the first screen of the Enrollment Setup Page.
Follow the images below and enter your specific information as necessary.
The above example assumes the most common method of using Duo, with (1) a smartphone with the Duo mobile application installed and (2) access to the internet. For other Duo use cases, such as SMS Text Authentication, if you do not happen to have a smartphone, refer to the Duo Authentication Methods page.
How do I update the devices I currently use with Duo?
Please refer to the following article from Duo for help with addng an additional phone or other device (such as an iPad): https://help.duo.com/s/article/3516?language=en_US. Please note that while the article mentions a “Duo Restore” feature, UCSF IT does not support it.
How do I use multi-factor authentication with Duo once I'm enrolled?
For more information, see our Multi-factor Login Experience page for examples of how Duo works with specific applications.
What is multi-factor authentication?
Phishing and brute force attacks are increasing exponentially, and so are the risks that your credentials may be stolen. Multi-factor authentication, or MFA, provides added security control.
Multi-factor authentication requires users to provide multiple identifying factors before they will be allowed access to an application or device. We are using a third-party application called Duo to provide two-factor authentication (a subset of multi-factor authentication) for systems such as Remote Access, VPN and Outlook Web Access.
Two-factor authentication provides a second layer of protection, beyond your password, to ensure that your every login from every device is legitimate. This helps us protect you, your work, and the University.
How does Duo work with the systems I use that require multi-factor authentication?
The most common authentication method is Duo Push. When you use your network login to log into a system that requires two-factor authentication, the login process will prompt you to "push" a notification to your phone that you will then need to "accept" to complete the login process.
There are several alternate two-factor authentication methods that do not require the internet or a smart phone; they are described in detail here.
Systems that require multi-factor authentication
- Pulse Secure
- MyAccess
- Outlook Web Access (https://email.ucsf.edu). Access from mobile email clients is not affected.
- UCPath
- Keeper (Password Vault)
- Apex for Electronic Prescriptions of Controlled Substances (ePCS)
- Remote Desktop Connection
Support for multi-factor authentication
Refer to the Multi-factor Authentication FAQs page or contact the UCSF IT Service Desk.