Duo FAQs
General Information
Duo is a form of multifactor authentication that uses a mobile device, phone, passcode or token to verify that the person logging into your account is actually you. Duo adds a second layer of defense against unauthorized logins to your CampusID account.
Duo protects access to your campus accounts, even if your CampusID password is guessed or stolen. Duo complies with USG information security policy, and increases the security of university systems and resources, protecting important sensitive and confidential information and helping prevent identity theft and other cyber crimes.
Yes. Duo is mandatory for Duo multifactor authentication is required for login to university email and for applications that use CampusID single sign-on such as PAWS, iCollege, OneUSGConnect and many others.
No. Duo multifactor authentication is required for login to university email and for applications that use single CampusID single sign-on.
Duo multifactor authentication protects login to the PantherMail and Office 365 Faculty/Staff email systems and all applications that use CampusID single sign-on such as PAWS, iCollege, OneUSGConnect and many others.
Who uses Duo
Non-person accounts do not require Duo for login the way accounts associated with individuals do. Keep in mind that we suggest using delegate access for non-person accounts which means that you can reach the non-person accounts when you log in with your CampusID account, therefore protecting both accounts. Here’s how to set up delegate access. However you set up non-person account access, those accounts will not have separate Duo verification.
Duo for CampusID Single Sign-On
Single sign-on (SSO) is a login mechanism that allows you to login only once, with CampusID and password, to any of several online applications at the university and then bypass login to the other applications you visit during the same browser session. Once logged into one system, you will not be asked to logon again to other systems that use SSO.
No. For each browser session, all applications that use SSO share one login session. So, you will only have to login and verify with Duo once to access all applications that use SSO. If you chose the Remember Me for 30 Days, you will only be asked to verify once every 30 days and that verification will apply across all systems.
No. Duo will not be used to protect workstation login at this time.
Duo for CampusID Single Sign-On
The application at: https://webservices.gsu.edu/mfa walks you through the process of signing up for Duo.
Once you’ve set up one device, we recommend that you set up a second device in case you should ever have trouble locating your primary device for verification. This could be a landline phone number or other. Here are the instructions to do this.
https://gsutech.service-now.com/sp?id=kb_article&sys_id=ddeea884dbc9db40601b502bdc9619b8
You should also generate an emergency passcode to keep safe and use (up to 20 times) in the event you do not have your registered device available or need to reset your device.
Here are the instructions for changing your default Duo login method so that the system sends a push in the application rather than calling phone number.
https://gsutech.service-now.com/sp?id=kb_article&sys_id=d9e7b255db3fdb00b7bff46c0c961956
If you receive a Duo authorization request when you are not trying to log in, do not authorize login. If you receive an app push notification, click Deny. If you receive a phone call, do not press any buttons to authorize. Report suspicious Duo authorization requests to the IIT Service Desk at help.gsu.edu, help@gsu.edu or 404-413-HELP (404-413-4357).
Duo Log in issues
If you cannot complete login using your device: Generate Passcode Online and Use it to Reset Duo Device
It's also important to keep a generated passcode safe as a backup for access in the event of a device change or other logon issue.
Manage Duo Device Settings Here
Instructions to Add or Change Duo Settings
If you cannot complete login using your device: Generate Passcode Online and Use it to Reset Duo Device
It's also important to keep a generated passcode safe as a backup for access in the event of a device change or other logon issue.
Duo and Your Campus Email
Duo uses a standard called modern authentication. Some older email clients do not use this standard. You may need to upgrade your email client before you enable Office 365 email or if you are having trouble logging into Office 365 faculty and staff email after enabling Duo.
Computer: If you have Office 2013 or older installed, you’ll need to update to the latest version of Microsoft Office. To update on your work computer, download the latest version of Microsoft Office using your computer’s software center. To update on a personal computer, download the latest version of Microsoft Office from within Office 365 online.
Android Devices: Many native email clients on Android devices do not currently use a standard needed to work with Duo multifactor authentication. If you check your Office 365 staff email account using an Android device, you should install the Outlook mobile client to check your Office 365 email account. Installing the Outlook App on Android Devices
Apple iOS Devices: If you check your Office 365 staff email account using an Apple iOS device (iPhone or iPad) with iOS 10 or lower installed, you will either need to update your iOS operating system or install the Outlook mobile client to check your email. Installing Outlook App on Apple iOS Devices
Duo uses a standard called modern authentication. You should be able to use Duo with any email client that uses modern authentication. The below are the common, university-supported clients.
Windows computers |
|
||||||||
Mac Computers |
|
||||||||
Android Mobile Devices |
|
||||||||
iOS Mobile Devices |
|
The Outlook app will typically only prompt you with Duo for verification on initial setup and at some other instances like when your CampusID password is changed.
Generally, it is web access where you will see the prompt more often. With web access, when you are prompted by Duo to log in, there is an checkbox option to “Remember me for 7 days” to reduce how often Duo prompts for verification.
You may need to update or download a new email client to ensure you have an email client that allows for a standard that Duo uses.
Desktop
If you have Office 2013 or older installed, you’ll need to update to the latest version of Microsoft Office. To update on your work computer, download the latest version of Microsoft Office using your computer’s software center. To update on a personal computer, download the latest version of Microsoft Office from within Office 365 online.
Android Devices
Many native email clients on Android devices do not currently use a standard needed to work with Duo multifactor authentication. If you check your Office 365 staff email account using an Android device, you should install the Outlook mobile client to check your Office 365 email account. Installing the Outlook App on Android Devices
If you are already using Outlook on your Android and have trouble signing in, you may need to reset up your account.
Installing the Outlook App on Android Devices
Apple iOS Devices
If you check your Office 365 staff email account using an Apple iOS device (iPhone or iPad) with iOS 10 or lower installed, you will either need to update your iOS operating system or install the Outlook mobile client to check your email.
Installing Outlook App on Apple iOS Devices
Additionally, if you have a device with iOS 10 or newer installed and are using the native email client and are having trouble signing in, you may need to delete and reset up your GSU faculty or staff email account on the device.
Configure Your iOS Device for Campus Email Service
Sometimes when Duo is first activated or after a password change, the mail client on a device may exhibit a behavior where users are prompted to log on and then to verify multiple times. To address this issue, delete the campus email account profile in the email client and then re-add it to the email client. See the following for re-setting up your campus email account.
Configure your iOS device
Configure your iOS Device with Outlook
Configure your Android device
Configure your Android Device with Outlook
Configure your Windows Phones
The Gmail web and mobile apps do not use modern authentication and therefore do not work with Duo for checking your Office 365 email. To check your Office 365 faculty and staff email account, the recommended solution is to use the Microsoft Outlook app, which is can be set up to check multiple email accounts if needed.
Duo and Your Device or Phone
The Duo app uses the device’s camera to take a photo of a QR code in order to quickly personalize your access for security purposes. You can deny this permission, but without this access you will have to type a long, alphanumeric “2FA secret” key to get your account working.
This article describes how to turn off permissions you may have granted the Duo Mobile application:
https://help.duo.com/s/article/3464?language=en_US
You can do a few things to prepare in case your device is lost, stolen or forgotten. You may want to set up multiple devices or phone numbers to work with Duo so you are prepared in case your primary device can’t be used. The Device menu lets you switch between phones or devices.
When you replace a device or phone, if your phone number remains the same, you can choose to receive a phone call instead of a app notification until you re-setup a preferred method of notification (Instructions).
If your phone number changes after losing a device and a secondary phone or device option is not available, you can generate a passcode to access Duo and add a device.
If none of the options above are available to you, contact the IIT Service Desk for assistance accessing your account and getting a link to re-set up Duo if needed.
- Use the DUO App on a smartphone or tablet.
- Send a “Push” Notification. (A notification sent within the Duo app that you can use to either accept or deny a login attempt. These “pushes” are not text messages so they do not count toward text message charges.)
- Receive a Phone Call.
- Enter a Passcode. You can generate a passcode:
- From within the Duo App. (This option works even if you are not connected to cell or Internet service, such as when you are on an airplane. This type of passcode will allow login once for each code generated in the app.)
- Using the online passcode generator. (This type of passcode will allow login up to 20 times.)
- Phone call to a landline or cell phone number. (No app required – you press a button when you receive the call to verify.)
- DUO or Yubikey Token. These can either be purchased by your department or by an individual.
- Duo tokens, which are small plastic devices that can generate a passcode to use with Duo, are available for order via this form.
- Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
Although use of a cellphone or mobile device is very flexible with Duo, you do not have to have a smartphone or cell phone to access Duo. You can use a landline phone number, or multiple phone numbers, with Duo. When you receive the call, just press any button to authorize your login. Texting is not currently enabled for security reasons.
Duo tokens, which are small plastic devices that can generate a passcode to use with Duo, are available for order via this form.
Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
If your phone doesn’t meet the requirements to install Duo, you can still use it to receive a telephone call for verification. Instead of choosing to register your phone as an iPhone or Android device, you can register it to get a call as a mobile phone. Instead of choosing iPhone or Android for the type of phone, you may need to select “Other and Cell Phones” at that step if you are getting stuck by not being able to install the app from the Apple or Google Play store.
Here are the overall instructions for setting up a device:
https://gsutech.service-now.com/sp?id=kb_article&sys_id=aa5fe937db641340186e5058dc961929
No. Duo does not currently use text messages for authentication, as they were determined not to be a secure method of verification by the university’s cybersecurity team.
While you can use alternative email address to reset your CampusID password at http://campus.gsu.edu, you cannot use email address to verify login with Duo. You must use one of these Duo verification methods:
- Push Notification: Recommended. A notification sent to your mobile device or phone using the Duo app (must be installed) for you to approve or deny your log in attempt. This is the recommended option if you have a mobile device or phone on which you can install the Duo mobile app.
- Phone Call: A computer-generated call to your phone that includes a code for you to enter to approve your log in attempt.
- Enter a Passcode. You can generate a passcode:
- From within the Duo App. (This option works even if you are not connected to cell or Internet service, such as when you are on an airplane. This type of passcode will allow login once for each code generated in the app.)
- Using the online passcode generator. (This type of passcode will allow login up to 20 times.)
- Token: A Duo hardware token, which is a small plastic device that can generate a passcode to use with Duo, can be purchased with this form. Yubikeys can be ordered from Amazon to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
There is is an option when logging in to "remember" a device's log in for the next 30 days. It is safe to choose this option as long as you are not on a public device/computer or on device/computer you share with others. Note that using a different browser or device will require logging in with Duo again, even if you've selected to remember a log in for 30 days on another device or in another browser.
To set up the "Remember Me" setting, log in to Office 365 Faculty and Staff Email, OneUSG Connect or PantherMail (depending on which applications are protected with Duo). Select the Remember me for 30 days setting when you are prompted to verify login with Duo.
Yes. The Duo app lets you register multiple profiles. Open the Duo app and click the + at the top of the page to add Georgia State as a new account as you register for Duo.
Getting Started with Duo
Please note, however, that using a different browser or device may require logging in with Duo again, even if you've selected to remember a log in for 30 days.
It’s possible to set up Duo to call your work phone (and also set up additional phones if appropriate for multiple locations). However, the most flexible option is to set up Duo on a personal device that you are likely to have with you on a regular basis.
Departments can also purchase a Duo hardware token, which is a small plastic device that can generate a passcode to use with Duo. Request to purchase a hardware token
Yubikeys can also be ordered through Panthermart or Amazon.
We’ve received variations of this question, which seems to refer to the Georgia Open Records Act. University records, including, but not limited to, documents, emails, notes, photographs, videos, etc., are subject to the Georgia Open Records Act and valid subpoenas, regardless of whether the information is (a) contained on a university device or a personal device (e.g. mobile phones, laptops, tablets, desktop computers, etc.) or (b) created, reviewed or maintained in university applications (e.g., Outlook, Sharepoint, etc.) or personal applications (e.g., Gmail, Yahoo Mail, etc.). University records are subject to review and disclosure, absent any valid exceptions being applicable to the particular records pursuant to the act. Personal records on a personal device are not subject to review and disclosure under the act, even if an employee or service provider’s device was otherwise used for university business.
As it relates to downloading and installing Duo on your personal device, Duo itself only transmits limited information between Duo and the university and such information could be subject to the act. However, this information is similar to the information that is already created as a result of logging into a campus system through a browser using any device (i.e., CampusID, browser version, session IP Address, operating system). If you utilize a phone call with Duo, it additionally maintains information about the phone number that was used.
Finally, the downloading and use of Duo by itself does not make your personal device subject to the act; only university records are subject to the act.
Using Duo Out of the Office
The Duo application provides an offline passcode authentication option for times when you lack cell service or for when using the service could cause you to incur additional cellphone charges, such as when you are traveling internationally.
To use the offline authentication option, download and install the Duo app on your device prior to beginning travel or other anticipated cell-phone reception issues.
If you have a smartphone or tablet, using the Duo app with the “passcode” option may be a good option while you’re abroad. A passcode is a randomly-generated code located in the Duo app log in that you enter to approve your login attempt. Each time you log in, you'll use a different passcode generated by the app. You might choose to use this option if you have the Duo App installed on your device but do not have access to a wireless network or cellular network at the time of login.
If you don’t have access to a smartphone or a tablet while traveling, a token may also be a good option. There are two types of tokens available. Duo tokens, which are small plastic devices that can generate a passcode to use with Duo, are available for order via this form. They are available for purchase for $20 using the form. Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
To use Duo, you’ll need to be near a device you’ve registered with Duo each time you log in. If you’ve registered a landline, you’ll need to answer the phone and verify login by pressing a phone key. (There are some exceptions. You won’t need Duo every time you check your email with the Outlook desktop or mobile phone client. Outlook only prompts you to use Duo the first time you log in and when you change your password. You can also chose the remember me for seven days option when logging in online to minimize how often you are prompted to verify with Duo.)
Register Multiple Devices: Keep in mind you can register multiple devices if you need to be in different locations when logging in and if you don’t have a mobile device registered. Here’s how you add additional devices.
https://gsutech.service-now.com/sp?id=kb_article&sys_id=ddeea884dbc9db40601b502bdc9619b8
You may want to set up multiple devices or phone numbers to work with Duo so you are prepared in case your primary phone can’t be used. The Device menu lets you switch between phones or devices. If a secondary phone or device option is not available, contact the IIT Service Desk for assistance.
Duo Tokens
Tokens are $20 and can be purchased by a department speedtype or personal cash or check.
Request a Duo Token
When you receive your token, you can contact the IIT Technology Service Desk to have your Token set up.
Set Up a Duo Token
Yes. We will coordinate delivery of Duo tokens to all campuses.
Background on Duo
Yes. Duo complies with university and University System of Georgia policies on protecting information. These guidelines help ensure the university meets applicable information protections.
Yes. Duo Security recently became a part of Cisco.
Duo and the VPN
Beginning Thursday, May 20 at 10 p.m., Duo multifactor authentication will be required to verify login to the university’s virtual private network (VPN) at secureaccess.gsu.edu.
Review Step-by-Step Instructions on How to Connect with Duo
No. For the VPN, you must verify with Duo each time you sign in.