Duo FAQs
General Information
Duo is a form of multifactor authentication that uses a mobile device, phone, passcode or Yubikey to verify that the person logging into your account is actually you. Duo adds a second layer of defense against unauthorized logins to your CampusID account. Duo protects access to your campus accounts, even if your CampusID password is guessed or stolen.
Duo complies with USG information security policy, and increases the security of university systems and resources, protecting important sensitive and confidential information and helping prevent identity theft and other cyber crimes.
Faculty, staff, and students are required to use Duo to login to systems.
Duo multifactor authentication is mandatory and is required for login to university email and for applications that use CampusID single sign-on such as PAWS, iCollege, OneUSGConnect and many others.
No, you can not opt out of Duo.
Duo multifactor authentication protects login to the PantherMail and Office 365 Faculty/Staff email systems and all applications that use CampusID single sign-on such as PAWS, iCollege, OneUSGConnect and many others.
No. Duo will not be used to protect workstation login at this time.
Getting Started with Duo
The application at: https://gsu.login.duosecurity.com/devices walks you through the process of signing up for Duo.
Once you’ve set up one device, we recommend that you set up a second device in case you should ever have trouble locating your primary device for verification. This could be a landline phone number or other. Here are the instructions to do this: Add a Duo Device.
You should also generate an emergency passcode to keep safe and use (up to 20 times) in the event you do not have your registered device available or need to reset your device.
- Use the DUO App on a smartphone or tablet.
Send a “Push” Notification. (A notification sent within the Duo app that you can use to either accept or deny a login attempt. These “pushes” are not text messages so they do not count toward text message charges.) - Receive a Phone Call. Phone call to a landline or cell phone number. (No app required – you press a button when you receive the call to verify.)
- Enter a Passcode or Bypasscode. You can generate a passcode:
- From within the Duo App. (This option works even if you are not connected to cell or Internet service, such as when you are on an airplane. This type of passcode will allow login once for each code generated in the app.)
- Using the online Bypass code generator. (A bypasscode code can only be used once to verify login (and update Duo device settings if necessary) and must be used within a short period of time to verify login.)
- Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
Although use of a cellphone or mobile device is very flexible with Duo, you do not have to have a smartphone or cell phone to access Duo. You can use a landline phone number, or multiple phone numbers, with Duo. When you receive the call, just press any button to authorize your login. Texting is not currently enabled for security reasons.
A Bypass code generated online can be used for login for a temporary period of time.
Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
No. Duo does not currently use text messages for authentication at the university. You must use one of the allowed Duo verification methods.
While you can use alternative email address to reset your CampusID password at http://campusid.gsu.edu, you cannot use email address to verify login with Duo. You must use one of the allowed Duo verification methods.
If you receive a Duo authorization request when you are not trying to log in, do not authorize login. If you receive an app push notification, select I'm not logging in and report suspicious activity. If you receive a phone call, do not press any buttons to authorize. Report suspicious Duo authorization requests to the IIT Service Desk at help.gsu.edu, [email protected] or 404-413-HELP (404-413-4357).
When you log in with Duo, you will be asked if you're logging in with a device you own. If you select Yes, this is my device, Duo will remember your device and log you in automatically for a time.
It is safe to choose this option as long as you are not on a public device/computer or on device/computer you share with others. Note that using a different browser or device will require logging in with Duo again.
Yes. The Duo app lets you register multiple profiles. Open the Duo app and click the + at the top of the page to add Georgia State as a new account as you register for Duo.
Getting Started with Duo
Please note, however, that using a different browser or device may require logging in with Duo again, even if you've selected to have Duo remember the device in the past.
Duo Log in issues
If you cannot complete login using your device: Generate a Bypass Code Online and Use it to Reset Duo Device
Bypass codes can only be used once to verify login within a short period of time after generating them. You can update your device settings using a bypass code for initial Duo verification.
If you only see a blank screen in your browser in place of the Duo app setup or login screen, use this article to adjust your browser:
Duo will remember the method you previously used to log in and continue to use that authentication method until you select a different one.
If you would like to log in using a different method, click the Other options link on the duo login box that appears while you're authenticating.
You can use these articles to troubleshoot the issue if you are not receiving push notifications in your already installed Duo mobile app.
Manage Duo Device Settings Here
Instructions to Add or Change Duo Settings
If you cannot complete login using your device: Generate a Bypass Code Online and Use it to Reset Duo Device
It's also important to keep a generated bypass code safe as a backup for access in the event of a device change or other logon issue.
An account will lock after multiple failed authentication attempts. The account will only remain locked for 15 mins if no additional attempts are made. Wait 15 minutes to take the following steps and attempt further login.
Lockout generally happens when your Duo account is not up-to-date. You may have:
- A new telephone number.
(If your number is correct, your phone could be sending the Duo number to your blocked list, or you may not have a good cellular connection.) OR - A new device that needs to be authorized to Duo.
You can use the self-service website to set up a new phone number or device to use for Duo.
Follow these instructions to generate a bypass code and use it to update your Duo device settings.
If you still need assistance, contact the IIT Technology Service Desk at 404-413-4357(HELP). A representative will need to verify your identity before assisting you with updating your device option.
Duo and University Email
Duo uses a standard called modern authentication. Some older email clients do not use this standard. You may need to upgrade your email client before you enable Office 365 email or if you are having trouble logging into Office 365 faculty and staff email after enabling Duo.
Computer: If you have Office 2013 or older installed, you’ll need to update to the latest version of Microsoft Office. To update on your work computer, download the latest version of Microsoft Office using your computer’s software center. To update on a personal computer, download the latest version of Microsoft Office from within Office 365 online.
Android Devices: Many native email clients on Android devices do not currently use a standard needed to work with Duo multifactor authentication. If you check your Office 365 staff email account using an Android device, you should install the Outlook mobile client to check your Office 365 email account. Installing the Outlook App on Android Devices
Apple iOS Devices: If you check your Office 365 staff email account using an Apple iOS device (iPhone or iPad) with iOS 10 or lower installed, you will either need to update your iOS operating system or install the Outlook mobile client to check your email. Installing Outlook App on Apple iOS Devices
Duo uses a standard called modern authentication. You should be able to use Duo with any email client that uses modern authentication. The below are the common, university-supported clients.
Windows computers |
|
||||||||
Mac Computers |
|
||||||||
Android Mobile Devices |
|
||||||||
iOS Mobile Devices |
|
The Outlook app will typically only prompt you with Duo for verification on initial setup and at some other instances like when your CampusID password is changed.
Generally, it is web access where you will see the prompt more often. With web access you can click Yes, this is my device after you log in to have Duo remember your device and automatically log you in for a time.
You may need to update or download a new email client to ensure you have an email client that allows for a standard that Duo uses.
Desktop
If you have Office 2013 or older installed, you’ll need to update to the latest version of Microsoft Office. To update on your work computer, download the latest version of Microsoft Office using your computer’s software center. To update on a personal computer, download the latest version of Microsoft Office from within Office 365 online.
Android Devices
Many native email clients on Android devices do not currently use a standard needed to work with Duo multifactor authentication. If you check your Office 365 staff email account using an Android device, you should install the Outlook mobile client to check your Office 365 email account. Installing the Outlook App on Android Devices
If you are already using Outlook on your Android and have trouble signing in, you may need to reset up your account.
Installing the Outlook App on Android Devices
Apple iOS Devices
If you check your Office 365 staff email account using an Apple iOS device (iPhone or iPad) with iOS 10 or lower installed, you will either need to update your iOS operating system or install the Outlook mobile client to check your email.
Installing Outlook App on Apple iOS Devices
Additionally, if you have a device with iOS 10 or newer installed and are using the native email client and are having trouble signing in, you may need to delete and reset up your GSU faculty or staff email account on the device.
Configure Your iOS Device for Campus Email Service
Sometimes when Duo is first activated or after a password change, the mail client on a device may exhibit a behavior where users are prompted to log on and then to verify multiple times. To address this issue, delete the campus email account profile in the email client and then re-add it to the email client. See the following for re-setting up your campus email account.
Configure your iOS device
Configure your iOS Device with Outlook
Configure your Android device
Configure your Android Device with Outlook
Configure your Windows Phones
The Gmail web and mobile apps do not use modern authentication and therefore do not work with Duo for checking your Office 365 email. To check your Office 365 faculty and staff email account, the recommended solution is to use the Microsoft Outlook app, which is can be set up to check multiple email accounts if needed.
Non-person accounts do not require Duo for login the way accounts associated with individuals do. Keep in mind that we suggest using delegate access for non-person accounts which means that you can reach the non-person accounts when you log in with your CampusID account, therefore protecting both accounts. Here’s how to set up delegate access. However you set up non-person account access, those accounts will not have separate Duo verification.
Duo and Your Device or Phone
You can do a few things to prepare in case your device is lost, stolen or forgotten. You may want to set up multiple devices or phone numbers to work with Duo so you are prepared in case your primary device can’t be used. The Device menu lets you switch between phones or devices.
If you need update your device settings, you can also generate a bypass code to access Duo temporarily to log in and update your device settings.
When you replace a device or phone, if your phone number remains the same, you can also choose to receive a phone call instead of an app notification until you re-setup a new preferred method of notification (Instructions).
If none of the options above are available to you, contact the IIT Service Desk for assistance accessing your account and getting a link to re-set up Duo if needed.
If your phone doesn’t meet the requirements to install Duo, you can still use it to receive a telephone call for verification. Instead of choosing to register your phone as an iPhone or Android device, you can register it to get a call as a mobile phone. Here are the overall instructions for setting up a device:
https://gsutech.service-now.com/sp?id=kb_article&sys_id=aa5fe937db641340186e5058dc961929
You can also use online generated bypass codes as an additional login method.
The Duo app uses the device’s camera to take a photo of a QR code in order to quickly personalize your access for security purposes. You can deny this permission, but without this access you will have to type a long, alphanumeric “2FA secret” key to get your account working.
This article describes how to turn off permissions you may have granted the Duo Mobile application:
https://help.duo.com/s/article/3464?language=en_US
It’s possible to set up Duo to call your work phone (and also set up additional phones if appropriate for multiple locations). However, the most flexible option is to set up Duo on a personal device that you are likely to have with you on a regular basis.
Yubikeys can also be ordered through Panthermart or Amazon.
We’ve received variations of this question, which seems to refer to the Georgia Open Records Act. University records, including, but not limited to, documents, emails, notes, photographs, videos, etc., are subject to the Georgia Open Records Act and valid subpoenas, regardless of whether the information is (a) contained on a university device or a personal device (e.g. mobile phones, laptops, tablets, desktop computers, etc.) or (b) created, reviewed or maintained in university applications (e.g., Outlook, Sharepoint, etc.) or personal applications (e.g., Gmail, Yahoo Mail, etc.). University records are subject to review and disclosure, absent any valid exceptions being applicable to the particular records pursuant to the act. Personal records on a personal device are not subject to review and disclosure under the act, even if an employee or service provider’s device was otherwise used for university business.
As it relates to downloading and installing Duo on your personal device, Duo itself only transmits limited information between Duo and the university and such information could be subject to the act. However, this information is similar to the information that is already created as a result of logging into a campus system through a browser using any device (i.e., CampusID, browser version, session IP Address, operating system). If you utilize a phone call with Duo, it additionally maintains information about the phone number that was used.
Finally, the downloading and use of Duo by itself does not make your personal device subject to the act; only university records are subject to the act.
International Students and Duo Setup
When entering your number, enter the plus sign (+) followed by your entire number, including country code, with no spaces or punctuation. Example: +911234567890. If you are still unable to add your device with your phone number, follow the instructions for adding your device as a tablet.
If the google playstore is not available from your location, you may be able to download the DUO Mobile APK App directly from DUO website (available for Android only). Be sure to allow push notifications for the Duo mobile app.
These two articles relate to this issue.
Downloading the app directly from the Duo website: https://help.duo.com/s/article/2211?language=en_US
How does Duo mobile work in China:
https://help.duo.com/s/article/2094?language=en_US
To comply with U.S. regulations, Duo blocks users whose IP address originates in certain countries or regions subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.
Information on which regions this applies to is here: https://help.duo.com/s/article/7544?language=en_US
If you receive the error and are located in one of the listed regions, contact the IIT Service Desk to report the issue and explore solutions.
Using Duo Out of the Office
The Duo application provides an offline passcode authentication option for times when you lack cell service or for when using the service could cause you to incur additional cellphone charges, such as when you are traveling internationally.
To use the offline authentication option, download and install the Duo app on your device prior to beginning travel or other anticipated cell-phone reception issues.
If you have a smartphone or tablet, using the Duo app with the “passcode” option may be a good option while you’re abroad. A passcode is a randomly-generated code located in the Duo app log in that you enter to approve your login attempt. Each time you log in, you'll use a different passcode generated by the app. You might choose to use this option if you have the Duo App installed on your device but do not have access to a wireless network or cellular network at the time of login.
If you don’t have access to a smartphone or a tablet while traveling, a yubikey may also be a good option. Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.
To use Duo, you’ll need to be near a device you’ve registered with Duo each time you log in. If you’ve registered a landline, you’ll need to answer the phone and verify login by pressing a phone key. (There are some exceptions. You won’t need Duo every time you check your email with the Outlook desktop or mobile phone client. Outlook only prompts you to use Duo the first time you log in and when you change your password. You can also chose the remember me for seven days option when logging in online to minimize how often you are prompted to verify with Duo.)
Register Multiple Devices: Keep in mind you can register multiple devices if you need to be in different locations when logging in and if you don’t have a mobile device registered. Here’s how you add additional devices.
https://gsutech.service-now.com/sp?id=kb_article&sys_id=ddeea884dbc9db40601b502bdc9619b8
You can generate a temporary bypass code for backup login.
You may want to set up multiple devices or phone numbers to work with Duo so you are prepared in case your primary phone can’t be used. The Device menu lets you switch between phones or devices.
Yubikeys
Yubikeys can be bought at retailers such as Amazon and through PantherMart.
Duo and the VPN
Duo multifactor authentication is required to verify login to the university’s virtual private network (VPN) at secureaccess.gsu.edu.
Review Step-by-Step Instructions on How to Connect with Duo
No. For the VPN, you must verify with Duo each time you sign in.