Duo FAQs

General Information

What is Duo and why are we using it?

Duo is a form of multifactor authentication that uses a mobile device, phone, passcode or Yubikey to verify that the person logging into your account is actually you. Duo adds a second layer of defense against unauthorized logins to your CampusID account. Duo protects access to your campus accounts, even if your CampusID password is guessed or stolen.

Duo complies with USG information security policy, and increases the security of university systems and resources, protecting important sensitive and confidential information and helping prevent identity theft and other cyber crimes.

Who uses Duo at the university?

Faculty, staff, and students are required to use Duo to login to systems.

Is Duo mandatory? Can I opt out?

Duo multifactor authentication is mandatory and is required for login to university email and for applications that use CampusID single sign-on such as PAWS, iCollege, OneUSGConnect and many others.

No, you can not opt out of Duo.

Which campus applications does Duo protect?

Duo multifactor authentication protects login to the PantherMail and Office 365 Faculty/Staff email systems and all applications that use CampusID single sign-on such as PAWS, iCollege, OneUSGConnect and many others.

Do I have to use Duo to login to my workstation?

No. Duo will not be used to protect workstation login at this time.

Getting Started with Duo

How do I begin using Duo?

Set Up Duo by Associating an Initial Device

How do I know if I've completed registration correctly?

The application at: https://gsu.login.duosecurity.com/devices walks you through the process of signing up for Duo.

Once you’ve set up one device, we recommend that you set up a second device in case you should ever have trouble locating your primary device for verification. This could be a landline phone number or other. Here are the instructions to do this: Add a Duo Device.

You should also generate an emergency passcode to keep safe and use (up to 20 times) in the event you do not have your registered device available or need to reset your device.

What are the device options for verification using Duo?

Use the DUO App on a smartphone or tablet.
Send a “Push” Notification. (A notification sent within the Duo app that you can use to either accept or deny a login attempt. These “pushes” are not text messages so they do not count toward text message charges.)
Receive a Phone Call. Phone call to a landline or cell phone number. (No app required – you press a button when you receive the call to verify.)
Enter a Passcode or Bypasscode. You can generate a passcode:
- From within the Duo App. (This option works even if you are not connected to cell or Internet service, such as when you are on an airplane. This type of passcode will allow login once for each code generated in the app.)
- Using the online Bypass code generator. (A bypasscode code can only be used once to verify login (and update Duo device settings if necessary) and must be used within a short period of time to verify login.)
Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.

What if I don’t have a cell phone or smart phone?

Although use of a cellphone or mobile device is very flexible with Duo, you do not have to have a smartphone or cell phone to access Duo. You can use a landline phone number, or multiple phone numbers, with Duo. When you receive the call, just press any button to authorize your login. Texting is not currently enabled for security reasons.

A Bypass code generated online can be used for login for a temporary period of time.

Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.

Is text message a verification option with Duo?

No. Duo does not currently use text messages for authentication at the university. You must use one of the allowed Duo verification methods.

Is email address a verification option with Duo?

While you can use alternative email address to reset your CampusID password at http://campusid.gsu.edu, you cannot use email address to verify login with Duo. You must use one of the allowed Duo verification methods.

What should I do if I receive a Duo authorization request and I am not trying to log in?

If you receive a Duo authorization request when you are not trying to log in, do not authorize login. If you receive an app push notification, select I'm not logging in and report suspicious activity. If you receive a phone call, do not press any buttons to authorize. Report suspicious Duo authorization requests to the IIT Service Desk at help.gsu.edu, [email protected] or 404-413-HELP (404-413-4357).

I use multiple applications that use Duo in a day. How do I reduce how often I am asked to verify with Duo?

When you log in with Duo, you will be asked if you're logging in with a device you own. If you select Yes, this is my device, Duo will remember your device and log you in automatically for a time.

It is safe to choose this option as long as you are not on a public device/computer or on device/computer you share with others. Note that using a different browser or device will require logging in with Duo again.

I'm already set up with Duo for another organization. Can I set up for both that organization and Georgia State University without conflict?

Yes. The Duo app lets you register multiple profiles. Open the Duo app and click the + at the top of the page to add Georgia State as a new account as you register for Duo.
Getting Started with Duo

Please note, however, that using a different browser or device may require logging in with Duo again, even if you've selected to have Duo remember the device in the past.

Duo Log in issues

What should I do if I have changed my device and can't get into Duo?

If you cannot complete login using your device: Generate a Bypass Code Online and Use it to Reset Duo Device

Bypass codes can only be used once to verify login within a short period of time after generating them. You can update your device settings using a bypass code for initial Duo verification.

What should I do if I only see a blank screen when setting up Duo?

If you only see a blank screen in your browser in place of the Duo app setup or login screen, use this article to adjust your browser:

https://help.duo.com/s/article/3710?language=en_US

Duo is calling me, but I want it to send me a Push. How can I change the method used?

Duo will remember the method you previously used to log in and continue to use that authentication method until you select a different one.

If you would like to log in using a different method, click the Other options link on the duo login box that appears while you're authenticating.

What can I do if I am not receiving Duo push notifications in my installed Duo mobile app?

You can use these articles to troubleshoot the issue if you are not receiving push notifications in your already installed Duo mobile app.

Apple iOS: https://help.duo.com/s/article/2051?language=en_US

Andriod: https://help.duo.com/s/article/2050?language=en_US

How do I change the device settings Duo uses?

Manage Duo Device Settings Here
Instructions to Add or Change Duo Settings
If you cannot complete login using your device: Generate a Bypass Code Online and Use it to Reset Duo Device

It's also important to keep a generated bypass code safe as a backup for access in the event of a device change or other logon issue.

What should I do if Duo states my account is locked?

An account will lock after multiple failed authentication attempts. The account will only remain locked for 15 mins if no additional attempts are made. Wait 15 minutes to take the following steps and attempt further login.

Lockout generally happens when your Duo account is not up-to-date. You may have:

A new telephone number.
(If your number is correct, your phone could be sending the Duo number to your blocked list, or you may not have a good cellular connection.) OR
A new device that needs to be authorized to Duo.

You can use the self-service website to set up a new phone number or device to use for Duo.

Follow these instructions to generate a bypass code and use it to update your Duo device settings.

If you still need assistance, contact the IIT Technology Service Desk at 404-413-4357(HELP). A representative will need to verify your identity before assisting you with updating your device option.

Section

Duo and University Email

Do I need to upgrade my email client so I can continue to access email?

Duo uses a standard called modern authentication. Some older email clients do not use this standard. You may need to upgrade your email client before you enable Office 365 email or if you are having trouble logging into Office 365 faculty and staff email after enabling Duo.

Computer: If you have Office 2013 or older installed, you’ll need to update to the latest version of Microsoft Office. To update on your work computer, download the latest version of Microsoft Office using your computer’s software center. To update on a personal computer, download the latest version of Microsoft Office from within Office 365 online.

Android Devices: Many native email clients on Android devices do not currently use a standard needed to work with Duo multifactor authentication. If you check your Office 365 staff email account using an Android device, you should install the Outlook mobile client to check your Office 365 email account. Installing the Outlook App on Android Devices

Apple iOS Devices: If you check your Office 365 staff email account using an Apple iOS device (iPhone or iPad) with iOS 10 or lower installed, you will either need to update your iOS operating system or install the Outlook mobile client to check your email. Installing Outlook App on Apple iOS Devices

What email programs are compatible with DUO?

Duo uses a standard called modern authentication. You should be able to use Duo with any email client that uses modern authentication. The below are the common, university-supported clients.

Windows computers

Outlook 2019	Compatible
Outlook 2016	Compatible
Outlook 2013	Not compatible – update to Outlook 2016
Outlook 2010	Not compatible – update to Outlook 2016

Mac Computers

Outlook 2019	Compatible
Outlook 2016	Compatible
Outlook 2011	Not compatible – update to Outlook 2016
Mac Mail Client	Only compatible with Mojave 10.14 or above – use Outlook 2016 if you cannot upgrade your operating system

Android Mobile Devices

Android 8 or higher	Outlook app from the Google Play Store.
Android 4.4 or higher but below Android 8	Outlook app from the Google Play Store.
Below Android 4.4	Web mail at outlook.com/gsu.edu

iOS Mobile Devices

iOS 11 or higher	Native mail app or the Outlook app from the Apple App Store.
iOS 10.x	Web mail at outlook.com/gsu.edu

Do I need to enter my password every time I open Outlook on my phone or computer?

The Outlook app will typically only prompt you with Duo for verification on initial setup and at some other instances like when your CampusID password is changed.

Generally, it is web access where you will see the prompt more often. With web access you can click Yes, this is my device after you log in to have Duo remember your device and automatically log you in for a time.

Duo has been enabled for my Office 365 email account and I'm having trouble logging in to Outlook. What should I do?

You may need to update or download a new email client to ensure you have an email client that allows for a standard that Duo uses.

Desktop
If you have Office 2013 or older installed, you’ll need to update to the latest version of Microsoft Office. To update on your work computer, download the latest version of Microsoft Office using your computer’s software center. To update on a personal computer, download the latest version of Microsoft Office from within Office 365 online.

Android Devices
Many native email clients on Android devices do not currently use a standard needed to work with Duo multifactor authentication. If you check your Office 365 staff email account using an Android device, you should install the Outlook mobile client to check your Office 365 email account. Installing the Outlook App on Android Devices

If you are already using Outlook on your Android and have trouble signing in, you may need to reset up your account.
Installing the Outlook App on Android Devices

Apple iOS Devices
If you check your Office 365 staff email account using an Apple iOS device (iPhone or iPad) with iOS 10 or lower installed, you will either need to update your iOS operating system or install the Outlook mobile client to check your email.
Installing Outlook App on Apple iOS Devices

Additionally, if you have a device with iOS 10 or newer installed and are using the native email client and are having trouble signing in, you may need to delete and reset up your GSU faculty or staff email account on the device.
Configure Your iOS Device for Campus Email Service

When I try to log into campus email account using my device’s email client, I am prompted to log in and then to verify with Duo multiple times? I’ve checked that my email client is compatible with Duo. What should I do?

Sometimes when Duo is first activated or after a password change, the mail client on a device may exhibit a behavior where users are prompted to log on and then to verify multiple times. To address this issue, delete the campus email account profile in the email client and then re-add it to the email client. See the following for re-setting up your campus email account.
Configure your iOS device
Configure your iOS Device with Outlook
Configure your Android device
Configure your Android Device with Outlook
Configure your Windows Phones

Can I use the Gmail web or mobile apps to check my Office 365 email with Duo?

The Gmail web and mobile apps do not use modern authentication and therefore do not work with Duo for checking your Office 365 email. To check your Office 365 faculty and staff email account, the recommended solution is to use the Microsoft Outlook app, which is can be set up to check multiple email accounts if needed.

Do non-person email accounts require Duo Authentication in order to log in?

Non-person accounts do not require Duo for login the way accounts associated with individuals do. Keep in mind that we suggest using delegate access for non-person accounts which means that you can reach the non-person accounts when you log in with your CampusID account, therefore protecting both accounts. Here’s how to set up delegate access. However you set up non-person account access, those accounts will not have separate Duo verification.

Duo and Your Device or Phone

What if my phone is lost/stolen/forgotten?

You can do a few things to prepare in case your device is lost, stolen or forgotten. You may want to set up multiple devices or phone numbers to work with Duo so you are prepared in case your primary device can’t be used. The Device menu lets you switch between phones or devices.

If you need update your device settings, you can also generate a bypass code to access Duo temporarily to log in and update your device settings.

When you replace a device or phone, if your phone number remains the same, you can also choose to receive a phone call instead of an app notification until you re-setup a new preferred method of notification (Instructions).

If none of the options above are available to you, contact the IIT Service Desk for assistance accessing your account and getting a link to re-set up Duo if needed.

My Apple or Android smartphone doesn't meet the minimum requirements to install the Duo App. What should I do?

If your phone doesn’t meet the requirements to install Duo, you can still use it to receive a telephone call for verification. Instead of choosing to register your phone as an iPhone or Android device, you can register it to get a call as a mobile phone. Here are the overall instructions for setting up a device:
https://gsutech.service-now.com/sp?id=kb_article&sys_id=aa5fe937db641340186e5058dc961929

You can also use online generated bypass codes as an additional login method.

When I'm setting up Duo on my phone, why does the app need permission to use my camera?

The Duo app uses the device’s camera to take a photo of a QR code in order to quickly personalize your access for security purposes. You can deny this permission, but without this access you will have to type a long, alphanumeric “2FA secret” key to get your account working.

This article describes how to turn off permissions you may have granted the Duo Mobile application:
https://help.duo.com/s/article/3464?language=en_US

What if I don’t want to use my personal device for a work purpose?

It’s possible to set up Duo to call your work phone (and also set up additional phones if appropriate for multiple locations). However, the most flexible option is to set up Duo on a personal device that you are likely to have with you on a regular basis.

Yubikeys can also be ordered through Panthermart or Amazon.

Does putting Duo on my personally-owned device make it university property or subject to legal action involving the university?

We’ve received variations of this question, which seems to refer to the Georgia Open Records Act. University records, including, but not limited to, documents, emails, notes, photographs, videos, etc., are subject to the Georgia Open Records Act and valid subpoenas, regardless of whether the information is (a) contained on a university device or a personal device (e.g. mobile phones, laptops, tablets, desktop computers, etc.) or (b) created, reviewed or maintained in university applications (e.g., Outlook, Sharepoint, etc.) or personal applications (e.g., Gmail, Yahoo Mail, etc.). University records are subject to review and disclosure, absent any valid exceptions being applicable to the particular records pursuant to the act. Personal records on a personal device are not subject to review and disclosure under the act, even if an employee or service provider’s device was otherwise used for university business.

As it relates to downloading and installing Duo on your personal device, Duo itself only transmits limited information between Duo and the university and such information could be subject to the act. However, this information is similar to the information that is already created as a result of logging into a campus system through a browser using any device (i.e., CampusID, browser version, session IP Address, operating system). If you utilize a phone call with Duo, it additionally maintains information about the phone number that was used.

Finally, the downloading and use of Duo by itself does not make your personal device subject to the act; only university records are subject to the act.

International Students and Duo Setup

What should I do if I am having trouble registering an international phone number?

When entering your number, enter the plus sign (+) followed by your entire number, including country code, with no spaces or punctuation. Example: +911234567890. If you are still unable to add your device with your phone number, follow the instructions for adding your device as a tablet.

What can I do if I can't reach the google playstore internationally?

If the google playstore is not available from your location, you may be able to download the DUO Mobile APK App directly from DUO website (available for Android only). Be sure to allow push notifications for the Duo mobile app.

These two articles relate to this issue.

Downloading the app directly from the Duo website: https://help.duo.com/s/article/2211?language=en_US

How does Duo mobile work in China:
https://help.duo.com/s/article/2094?language=en_US

Why might I see the error "Access denied. Duo Security does not provide services in your current location"?

To comply with U.S. regulations, Duo blocks users whose IP address originates in certain countries or regions subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.

Information on which regions this applies to is here: https://help.duo.com/s/article/7544?language=en_US

If you receive the error and are located in one of the listed regions, contact the IIT Service Desk to report the issue and explore solutions.

Using Duo Out of the Office

How can I authenticate with Duo if I will be traveling or while my device is not receiving a strong cell signal?

The Duo application provides an offline passcode authentication option for times when you lack cell service or for when using the service could cause you to incur additional cellphone charges, such as when you are traveling internationally.

To use the offline authentication option, download and install the Duo app on your device prior to beginning travel or other anticipated cell-phone reception issues.

Logging in Offline with a Duo Passcode

What do I do if I am abroad for extended period and can't use my phone or phone number?

If you have a smartphone or tablet, using the Duo app with the “passcode” option may be a good option while you’re abroad. A passcode is a randomly-generated code located in the Duo app log in that you enter to approve your login attempt. Each time you log in, you'll use a different passcode generated by the app. You might choose to use this option if you have the Duo App installed on your device but do not have access to a wireless network or cellular network at the time of login.

If you don’t have access to a smartphone or a tablet while traveling, a yubikey may also be a good option. Yubikeys can be ordered from Amazon or through Panthermart to use with a laptop. Series 5 are the more flexible option. Chrome is the preferred browser to use with this option.

If I use a landline instead of a cell phone, will I have to be in the location where the landline is?

To use Duo, you’ll need to be near a device you’ve registered with Duo each time you log in. If you’ve registered a landline, you’ll need to answer the phone and verify login by pressing a phone key. (There are some exceptions. You won’t need Duo every time you check your email with the Outlook desktop or mobile phone client. Outlook only prompts you to use Duo the first time you log in and when you change your password. You can also chose the remember me for seven days option when logging in online to minimize how often you are prompted to verify with Duo.)

Register Multiple Devices: Keep in mind you can register multiple devices if you need to be in different locations when logging in and if you don’t have a mobile device registered. Here’s how you add additional devices.
https://gsutech.service-now.com/sp?id=kb_article&sys_id=ddeea884dbc9db40601b502bdc9619b8

What if I use a landline phone as my method, but I am away from it and need to log in?

You can generate a temporary bypass code for backup login.

You may want to set up multiple devices or phone numbers to work with Duo so you are prepared in case your primary phone can’t be used. The Device menu lets you switch between phones or devices.

Yubikeys

How do I get and use a Yubikey?

Yubikeys can be bought at retailers such as Amazon and through PantherMart.

The following devices available on Amazon and other electronic retailers function with Duo.

The key can be used with any device that supports standard USB. It can also be used with a smart phone that supports NFC.

Duo and the VPN

When will signing into the VPN require Duo?

Duo multifactor authentication is required to verify login to the university’s virtual private network (VPN) at secureaccess.gsu.edu.
Review Step-by-Step Instructions on How to Connect with Duo