DUO Two-Factor Authentication

Two-Factor Authentication with DUO

As part of Oakland University's continuing commitment to protecting its community of research, faculty, staff, and students the University is implementing two-factor authentication from DUO Security. Two-factor authentication (2FA) requires individuals to provide a secondary confirmation of their identity after initial NetID login using a physical device in their possession (app, text message or phone call). 2FA protects against phishing, social engineering, password brute-force attacks and secures your login from attackers exploiting weak or stolen credentials.

Systems that Require DUO

  • Banner 9 Administrative Pages
  • Oakland VPN
  • Destiny One - Staff Administrative View
  • Argos

Getting started

  • UTS strongly recommends registering two devices (smartphone and desk phone) for two-factor authentication.
  • UTS strongly recommends using the Manage Device option to ensure your most used device is listed first
  • Note that standard text messaging and phone call rates apply when using a phone for two-factor authentication.
  • We strongly recommend using the Duo app on a smartphone, either to receive a push notification or to generate a pass-code, this is the most cost effective and convenient process. Other options include phone calls to your smartphone or desk phone, pass-codes sent to you via text message, or a hardware token, which all incur charges to the University.

Setting up Two-Factor Authentication with Duo

Using Duo Two-Factor Authentication to Log in

In most cases DUO Two-Factor authenticaton occurs interactively in the browser as shown below. The Faculty and Staff VPN offers additional methods for DUO Authentiction which are detailed HERE:

  • After initial NetID and password are entered, you will be prompted with this screen.

This is a picture of a DUO authentication screen.

  • Use "Remember Me" To bypass the two-factor prompt for 12 hours when using Banner Services (using the same device and web browser). Otherwise you will be prompted to use two-factor authentication each time you login to Banner services that day.
  • Push Notification Duo Mobile App
    • Click Send Me a Push
    • Duo immediately sends a notification to your mobile device. Depending on how you have set notifications up on your device, you may need to open the notification. On your device, tap Approve to approve the login.
  • Phone Call - Call me
    • You will receive an automated phone call from 248-370-4748 to the primary phone number enrolled and asked to push 1 to login or push 9 to report fraud.
    • If you receive a Duo authentication phone call that you did not initiate, press 9 to report fraud.
  • Enter A Passcode
    • You can get a passcode to enter in multiple ways:
      • Generate a passcode with the Duo Mobile app
      • Get passcodes via text message
      • Duo hardware token passcode
      • Emergency bypass code

Frequently Asked Questions

  • Why do I need to use two-factor authentication?

    • Two-factor authentication enhances the security of your NetID credentials by using a device you own to verify your identity.

  • If your office desk phone was not available to be enrolled by UTS

  • What if I am signing into Banner I get the message from DUO: "Invalid username/password: Logon Denied"?

    • If you get this message, you will need to report this error using a Banner ticket. This isn't a DUO, it is Banner which is affecting your login.

  • What if I get a Duo Notification that I did not request?

    • If you receive a Duo notification that you did not initiate via a login process, your NetID credentials may have been compromised. You need to immediately:
      • Press 9 to report fraud if you receive a Duo authentication phone call that you did not initiate
      • Deny the Duo Request
      • Contact UTS at uts@oakland.edu

  • What if on the Duo Notification I push the wrong button and report my legitimate access as fraud?

    • Any time you report an access as fraud we will attempt to contact you by email to verify the report.
      • Please respond to the email and let us know if it was an accident.
    • Instead of waiting for our verification email you may open a UTS ticket to let us know you accidentally reported an access as fraud.

  • Why do I automatically get denied access? I was never given an option to Approve login or to enter a passcode.

    • If you are getting denied access by Duo after successfully authenticating your NetID account, you are likely locked out of Duo. This usually occurs when 10 attempts to authenticate with Duo either have timed out or failed. After 10 minutes your account will automatically be unlocked or contact UTS to unlock your Duo account.

  • What if I forgot my device and need access?

    • If you do not have your enrolled device with you and need access, you may contact UTS and we will enroll your deskphone.
    • If you do not have a desk phone with a personal extension, UTS may provide you with a temporary DUO passcode. The passcode will expire after 12 hours and can only be used once. The temporary DUO passcode must be picked up at the UTS service window in Dodge Hall room 220. Please bring your university or government issued picture ID to verify your identity.
      • Contact UTS at uts@oakland.edu

  • What do I need to know if I am traveling?

  • Do I have to use my cell phone?

    • A mobile Phone is the recommended option as it is typically with you and can take advantage of the Duo Push option for the easiest two-factor authentication. Please note that a best practice for your cell phone is to have port protections enabled with your carrier, so that your phone number cannot be moved to a different carrier or SIM card without your permission. Please verify the security practice with your carrier.

  • What OSs are supported by DUO on my iPhone or Android device?

  • Can I setup Duo on more than one device?

    • You are encouraged to register more than one device (mobile phone, office phone, tablet) for two-factor authentication. If you forget your phone or something happens to your phone, you will need another way to authenticate.

  • What should I do if my enrolled device is lost or stolen?

    • Please contact UTS uts@oakland.edu immediately if your enrolled device is lost or stolen. UTS will assist with the deactivation of your lost/stolen device and enroll your new device.

  • Will I be able to authenticate with Duo if I don't have a cell signal or WiFi connection?

    • You can generate a passcode in the Duo Mobile app on your mobile phone by tapping the key icon next to "Oakland University", then log in to the system using the passcode.

  • If I choose SMS message or phone call option, will I be charged by my phone carrier?

    • If you do not have an unlimited cell phone plan, you may be charged by your carrier for SMS messages or phone calls.

  • What to do if you need to reactivate Duo on a device, you have lost your phone, your hardware token has stopped working, you are using an older operating system on your device, and more.

  • A cell phone is not required for my position and I do not have access to a landline at my workstation?

    • Please fill out the DUO Security Token Request form at forms.oakland.edu.

  • I am using my cell phone as my primary device but I do not have a landline to use as a backup device. What other options do I have for a backup device?

    • Please fill out the DUO Security Token Request form at forms.oakland.edu.

  • I previously enrolled with DUO, why is DUO prompting me to enroll again as a new user?

    • After 180 days of inactivity user accounts are removed from DUO. Please enroll again as a new user.
    • If it has not been 180 days since logging in with DUO, please contact UTS at uts@oakland.edu .

Troubleshooting Help From Duo