Additional login security for certain digital services
Multifactor Authentication is a way to add additional security when accessing sites with critical data. It is a similar system to logging on to many other secure websites, such as online banking.
You will be challenged via a different device than your computer - such as your mobile phone - to confirm it is really you that is logging in before being granted access.
SCU has teamed up with Duo Security to provide the secondary authentication challenge. When enabled on a particular digital service, you will log in as usual with your SCU Username and password, but then will need to respond to a challenge. In just about every case, this will be to click a "Yes" button on your personal mobile phone, which has the Duo Mobile app installed on it.
Before you can access any digital service protected with Multifactor Authentication, you will need to register a device or two with Duo.
Note that not everyone at SCU will have access to multifactor authentication just yet. If you are configured to access one of the protected applications, only then will you will also be configured to have access to Duo.
We’ve made it easy to set yourself up in Duo, by providing a Tile in the MySCU portal.
1. Log into the MySCU Portal and click on the tile Setup Multifactor Authentication.
Not everyone is licensed for Multifactor Authentication. If you do not see this Tile in your MySCU Portal, you may not have any applications that require Multifactor Authentication yet. If you believe this to be an error, contact the Technology Help Desk for assistance.
2. If you have not yet registered for Multifactor Authentication, you will be prompted to do so with the following screen. (If you are already set up, see the next section on Duo Device Management)
3. Install the Duo Security app on your device. Mobile phones are the recommended device, but tablets and Apple Watches are also supported. Links are provided for the App Store (for iOS) and Google Play (for Android).
4. Click "Set yourself up in Duo" to register yourself with Duo. This link is uniquely generated for you and has a time limit. If you click and it has expired, no problem - just go back to the MySCU Portal and click on the Setup Multifactor Authentication tile to generate a new one.
5. When asked what device to set up, the best option is to go with the recommended option of a Mobile Phone.
Mobile phones are the most versatile device. They can be used with most of the different types of challenges Duo can use to confirm your identity, such as Duo Push (via the Duo Mobile app), passcodes, and callbacks. When selecting a Mobile phone, Duo will send you a text or call the phone to confirm it is yours during the setup process.
Duo will display a barcode on the screen that you scan using the Duo Mobile app on your phone, which will connect the app and your account. For this reason, it is best to use a PC to set up Duo, to allow you to scan the screen with your app.
When you try to access a secure SCU digital service, you will be prompted to enter your SCU Username and password into MySCU as normal. Before you can proceed further, a Challenge Screen will appear.
You can choose to be challenged by any of the options you have previously configured. If you have more than one device configured, select it in the top dropdown bar before selecting an authentication method.
For just about every situation, the best challenge choice is a Duo Push. Select “Send Me a Push”, and the Duo Security app on your phone will open and ask if you should allow this logon.
Click APPROVE on your phone, and the login will proceed automatically.
If you ever receive this screen unexpectedly, click DENY. Unless you click APPROVE, whoever is trying to log in as you will not be able to. This may indicate a security issue, and you should change your SCU Username password as soon as possible!
If your device has been configured with a phone number, you can elect to receive a call. You will confirm the logon via the phone’s keypad in response to the voice prompt.
This option is not recommended as a primary challenge due to the cost it will incur SCU.
There are several types of passcodes that can be entered to gain access. They are listed below.
- The Technology Help Desk may issue you a Bypass Code. This is a one-use only code that will get you passed Duo in an emergency, such as if you have lost your phone. You will need to prove your identity to the Help Desk in the same way as requesting a forgotten password change. Call the Technology Help Desk on 408 554 5700.
- From inside the Duo Mobile app, you can generate a single-use passcode by tapping on the Key icon. This code is useful for times when your phone might not have an Internet connection.
- You can have 10 single-use passcodes sent to you over SMS. The codes must be used in the order sent - Duo will give you a hint by providing the first digit of the the code it expects you to use next. You can have 10 new codes sent to you from the Challenge Screen when you select the Passcode option.
When you click on the Setup Multifactor Authentication in the MySCU Portal after you have registered, the system will give you the option to configure your devices.
Tap on Configure your multifactor devices button. You will be challenged to prove who you are, using a multifactor device. Once logged in, you will be in Duo’s Device Manager, where you can change your device settings, delete old devices, and add new ones.
Device Options will allow you to rename, modify or delete devices. You can choose the default behavior when you log in if you have more than one device selected. And you can add more devices by clicking Add another device.
Device options are:
- Mobile phone
Mobile phones are the most versatile device. They are able to be used with Duo Push (via the Duo Mobile app), passcodes, and callbacks. Duo will send you a text or call the phone to confirm it is yours during the setup process. Duo will then display a barcode on the screen that you can scan using the Duo Mobile app to connect the app and your account.
A Tablet can be selected. It will not be able to receive calls or SMS passcodes, but will be able to use the Duo Mobile app.
Duo will display a barcode on the screen that you can scan using the Duo Mobile app.
Pro Tip: if you want to use your phone but only want to use the Duo Mobile app - and do not want to supply your phone number - just set it up as a Tablet. This is fully supported.
An option that will only be able to authenticate by receiving a confirmation phone call.
You will receive a call during setup to confirm it is your device. This option is not recommended due to the cost it will incur SCU every time you log in, but is suitable for a backup authentication method in case you cannot access your mobile phone.
- U2F Token
A U2F (Universal Two Factor) Token is a hardware token that can be inserted into a USB port. These tokens are for special use cases only at this time.
You can give each of your devices a short, memorable name when configuring it, by clicking the Device Options button.