This content is viewable by Everyone

Multi-factor Authentication (Duo)

Audience: Affiliate, Faculty, Staff, Technical Partner
Service URL:

More Info
Service Support Team: Identity and Access Management

Service Category: Access & Identity
Day-to-day Contact: Jason Gabler
Service Manager: Jason Gabler
Service Support Team: Identity and Access Management
Service Owner Team: Identity and Access Management

How to Request Access

The Duo phone application can be downloaded from the Apple Store or Google Play. If you are UCSF staff or student, please download and install the Duo app on your device before continuing. If you already use Duo to access another system you can use the existing DUO application on your phone and proceed to the instructions for Enrolling your first device in Duo.

Description

What is multi-factor authentication?

Phishing and brute force attacks are increasing exponentially, and so are the risks that your credentials may be stolen. Multi-factor authentication, or MFA, provides added security control.

Multi-factor authentication requires users to provide multiple identifying factors before they will be allowed access to an application or device. We are using a third-party application called Duo to provide two-factor authentication (a subset of multi-factor authentication) for systems such as Remote Access, VPN and Outlook Web Access.

Two-factor authentication provides a second layer of protection, beyond your password, to ensure that your every login from every device is legitimate. This helps us protect you, your work, and the University.

How does Duo work with the systems I use that require multi-factor authentication?

The most common authentication method is Duo Push. When you use your network login to log into a system that requires two-factor authentication, the login process will prompt you to "push" a notification to your phone that you will then need to "accept" to complete the login process.

Systems that require multi-factor authentication:

Pulse Secure
MyAccess
Outlook Web Access (http://email.ucsf.edu) Access from mobile email clients is not affected)
UCPath
Keeper (Password Vault)
Apex for Electronic Prescriptions of Controlled Substances (ePCS)
Remote Control Connection

For more information, see our Multi-factor Login Experience page for examples of how Duo works with specific applications.

Support

Refer to the Multi-factor Authentication FAQ page or submit a support request via the UCSF IT Service Desk.

Training

To learn more about using Duo, visit one of the following Duo training pages: