Topics Map > Security
Topics Map > Campus Services > E-mail

Security - Two-factor Authentication (Duo) FAQ

Frequently asked questions regarding two-factor authentication using Duo at UW-Platteville


General


Q: What is two-factor authentication?
A: Two-factor authentication – a.k.a. multi-factor authentication (MFA) - is a second layer of protection that combines something you know (your password) with something you have (phone or tablet). Verifying your identity using a second factor (like your cell phone or tablet) prevents anyone but you from logging into a system, even if they know your password.

Q: Why is two-factor authentication important?
A: Information security is everyone’s responsibility. Verifying your identity using a second factor prevents anyone but you from logging in, even if they know your password. The extra step protects your online identity as well as our employees and students and the University as a whole. Two-factor authentication also mimics real life; chances are, you are already using two-factor authentication in your personal online business (e.g. Amazon, Gmail, etc.).

In addition, this effort conforms to existing UW System policy on authentication related to high-risk data. Read the UW System Information Security: Authentication Policy at https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/information-security-authentication/information-security-authentication/

Q: What is Duo?

A: Duo is the service UW-Platteville uses for two-factor authentication.

Q: Of the two-factor options provided, is there a recommended method?
A: All of the options will do the job, but we strongly recommend using the app on your phone or tablet if possible.
  • The app is easy to read.
  • The app sends notices if someone tries to access your account.
  • The app is free while texts and phone calls cost the University money.
We also recommend that you choose more than one option if possible to cover bases.  If you forget one device at home, you have another option. If you are not able to choose more than one option, and you find yourself without a device when you need it, call the ITS Help Desk at 608.342.1400.

Q: What if I do not have a cell phone/device?
A: Call the ITS Help Desk at 608.342.1400 for options.  ITS has a limited number of fobs that can be checked out to employees.  Note that university-issued fobs must be returned to the ITS Help Desk when an employee leaves employment at UW-Platteville.

Q: What if I break, lose, or do not return my university-issued fob?
A: Call the ITS Help Desk at 608.342.1400.  There will be a $20 charge to replace the device.

Q: What if I only enroll one device, and I forget it at home?

A: Call ITS Help Desk at 608.342.1400.  They will ask you to verify your identity using the Help Desk questions you set up for your password. Once verified, staff will issue a temporary code to get you into the system.

Q: If I use my personal device, will it be subject to open records requests?
A: No. Duo does not capture or store University data. It is merely a method for verifying logins.

Q: If I have to use two-factor authentication for one system that uses Single Sign On (SSO), why am I required to use to two-factor authentication for all applications that use Single Sign On (SSO)?
A: If you have access to sensitive data in any application that uses Single Sign On (SSO) for authentication, Single Sign On will require two-factor authentication for all SSO applications.  This is required to protect sensitive data due to the nature of how Single Sign On works.

Q: DUO phone calls are not coming through but the number I have on file is correct?
A: Check to make sure that your phone is not blocking the DUO calls. Sometimes phones will block numbers that it thinks are spam.

Q: Why do all Perceptive Content and WebNow users require two-factor authentication?
A: Perceptive Content contains sensitive data including Personally Identifiable Information (PII) and financial data related to Purchasing and Accounts Payable.  Because of this, all Perceptive Content users are required to authenticate using two-factor.

Q: What is the Duo LDAP Proxy?
A: For applications that do not natively support two-factor authentication (such as Perceptive Content), the Duo Self-Service box will not appear to ask you which authentication method you want to use. Instead, Duo LDAP Proxy service is used to facilitate two-factor authentication. 

The Duo LDAP Proxy service will automatically use the default device you selected in Duo. The system name will appear as "LDAP Proxy" on your device instead of "Perceptive Content". (See comparison below when default is push notification.) (Need to enroll in Duo? Go to Security - Enrolling in Duo and managing your devices for instructions.)

Sample push notification using Duo Self-Service (displays name of system: Drupal)

Drupal push notification in Duo


Sample push notification using LDAP Proxy (displays LDAP Proxy instead of Perceptive Content)

LDAP Proxy push notification sample

Q: How do I authenticate with the Duo LDAP Proxy if I do not have my default device?
A: If you need to use a device other than your default device to authenticate using LDAP Proxy, you can enter additional information after your password on the login window for your application, e.g. Perceptive Content. 

To use a push notification to the Duo App on your cell phone:
NetID: username
Password: password,push

To use a passcode from a fob or the Duo App (example passcode: 1234567):
NetID: username
Password: password,1234567

To initiate a phone call to your device registered to receive calls, you would enter the device name from Duo (example: landline):
NetID: username
Password: password,phone

Return to Top

NOTE: Branch employees who use their UW-Platteville account as their primary email account should enroll in Duo to ensure a smooth transition.  Branch employees who forward their UW-Platteville email to their Colleges account may not need to use two-factor right away; however, ITS recommends enrolling in Duo as soon as possible to avoid issues in the future.

Q: Will I have to use two-factor authentication every time I log into my email account?

A. If you use the Office 365 web application in a browser, you will have to use two-factor every time you log in.  The same is true of related apps like Teams, OneDrive, and SharePoint.

For the Outlook app or the native app on your mobile device, you will log in once with two-factor, and that should last for awhile.  Factors that may require you to use two-factor include changing your password or system updates.

For Outlook desktop client, you will log in once with two-factor, and that should last you until you change your password.  Again, factors such as system updates may require you to use two-factor on occasion.

Q: I tried logging into my Office 365 account, but the app is asking for approval to Microsoft Azure Active Directory.  Is this legitimate?

A. Yes. Azure Active Directory is a system Microsoft uses for authentication. (See example below.)

Sample push notification displaying Microsoft Azure Active Directory instead of Office 365

Azure Active Directory



Q: For single sign-on (SSO) systems, how often will I have to use two-factor authentication? once and out? once a day?

A: The term "single sign-on" can be a bit misleading.  The first sign-on only lasts 30 minutes.  For example, if you log into one SSO system using two-factor at 9:00 a.m., and then you log into additional systems before 9:30 a.m. you will only have to use two-factor the first time.  However, if you sign into a SSO system at 9:00 a.m. and then you sign into another SSO system at 9:45 a.m., you will be required to use two-factor for that second system.





If you have questions, please contact the ITS Help Desk at 608.342.1400 or helpdesk@uwplatt.edu.  You may also visit the Help Desk on the first floor of the Karrmann Library.

See Also:




Keywords:multi factor multi-factor PASS BI business intelligence Perceptive Content Web Now WebNow access log in frequently asked questions lost fob token charge lose what why important policy information security office 365 single sign-on outlook teams sharepoint onedrive one drive duo two factor two-factor enroll   Doc ID:81934
Owner:Deb M.Group:UW Platteville
Created:2018-04-27 10:21 CSTUpdated:2019-10-21 12:50 CST
Sites:UW Platteville
Feedback:  0   0