Duo: Multi-Factor Authentication (2FA)


Duo Multi-Factor Authentication (MFA) adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.

Duo MFA will be used to verify your identity when logging into certain SMU sites, and can help prevent unauthorized use of your SMU account. Download the Duo Mobile app from your smartphone's app store using the links below:


Please note:  Users can expect to be required to use Duo Multi-Factor Authentication for most campus services. For more information, please see the latest Duo: Multi-Factor Authentication updates on the IT Connect blog.

Getting Started with Duo Two-Factor Authentication

  1. Download the Duo Mobile app from your smartphone's app store.
  2. Use your desktop or laptop computer to log in to my.SMU and access secure information, such as your past paychecks or W2.
  3. Follow the on-screen DUO enrollment instructions. We suggest having your smartphone available to scan a QR code with the Duo Mobile app.

Detailed enrollment instructions can be found under the Duo Documentation and Training section below.


Video Tutorials

Two-Factor Authentication with the Duo Mobile app

Duo Push is the easiest form of secondary authentication. Once Duo Mobile is installed and activated on your smartphone, you can authenticate with just one tap of a button.

Duo Two-Factor Authentication on Apple Watch

Users can now approve login requests from an Apple Watch. Upon receiving a push notification, users with a paired Apple Watch will also see the notification on their watch.


Documentation and Training for Duo

Setting Up Duo

Duo on Mobile Devices

The Duo Mobile application makes it easy to authenticate — just tap “Approve” on the login request sent to your phone.

  1. iPhone
  2. Android

Other

Frequently Asked Questions

No, we have multiple ways to authenticate with Duo. You can use a smartphone, cell phone, landline (such as your office or home phone), tablet, or hardware token. A complete and up-to-date list of authentication methods is available on the Duo Security website. We recommend that users who have a smartphone choose to use them, since they are the easiest to use with Duo, and the most cost effective for the University to support.

You can download the Duo Mobile App for most tablets.

The easiest and most effective option for two-factor authentication is to install the Duo Application on your mobile device. You can even log in to Duo with a simple click on an Apple Watch or Android Smartwatch.

Another available method is to use a hardware token which is often easily carried on a key ring. These tokens either plug into the USB port on a computer or display a code for you to enter on the screen. Faculty and staff can inquire about a hardware token by emailing the IT Help Desk at help@smu.edu.

If you happen to forget your phone at home and need to authenticate, call the IT Help Desk at 214-768-4357. After verifying your identity, we can provide you with a one-time use pin code.

During the initial enrollment process, you may register as many devices as you wish, including smartphones and tablets. If you need to register another device once you have completed the initial enrollment process, you may do so from the Duo self-service portal.

OIT recommends that you register at least two devices, for example both your smartphone and a tablet. In the event that you lose one device, you will still be able to access 2FA protected systems using your secondary device. If you did not register a second device initially, you register a second device directly from the Duo Login screen. Full instructions can be found at guide.duo.com/add-device.

No. We verify your account password with our internal systems, and never send it to Duo. Duo provides only the second factor—the “something you have”— to verify it is actually you logging in to the system.

To keep Duo from automatically sending a Duo Push:

  1. Log in to a protected area.
  2. When you get the Duo screen, ignore the Duo Push that was sent.
  3. Click the My Settings & Devices link.
  4. Duo will now need to verify it is you. Click the method you would like to use for verification this one time.
  5. Approve the verification.
  6. At the My Settings and Devices screen, uncheck the checkbox next to "Automatically send me a:"
  7. Click Save.

While JavaScript support is not required, the Duo Security website does make use of JavaScript. In order for the Duo Security web pages to display as designed, the JavaScript support in the browser is recommended. You can check to see if your JavaScript is enabled by visiting www.enable-javascript.com.

The Duo Login will automatically try to connect to your smartphone to authenticate, but you have the option at that screen to cancel and ask to authenticate with another method.

You can also call the IT Help Desk at 214-768-4357 from another phone or through Skype for Business. After verifying your identity, we can provide you with a one-time use pin code.

We encourage you to set up multiple authentication methods with 2FA, so that when one method is unavailable, you have others from which to choose.  See "Can I register multiple devices?"

”Push” authentication with the Duo Mobile app uses a very small amount of Internet data traffic to function (a few kilobytes per login). The text messages and voice calls verification are sent only when you request them, and would be billed by your carrier the same as any other text message or inbound voice call.

SMU will not reimburse users for any expenses incurred. If you would incur significant expense using Duo on a device, we recommend enrolling another device, such as a landline.

The "Remember me for 7 day" is browser specific. If you logged in using Edge this morning and are now using Firefox, it will ask you to the authenticate again. If you are using the same browser as this morning and you are prompted to authenticate again, it could be due to the cookie not being saved. If you have "Private Browsing" mode turned on, "Prevent Cross-Site Tracking:" enabled, or have disabled cookies, the Duo Login will appear every time.

If you lose your phone or tablet, you can and should remove it from your list of 2FA enrolled devices using the Duo self-service portal as soon as possible. You may also contact the IT Help Desk at 214-768-HELP to disable the Duo account connected to your missing device.

If your mobile device registered on Duo does not have a data connection due to location or signal issues, there is also an option to generate a passcode on the device which does not require an internet/data connection. To use this feature, click the Use a Passcode option instead of the push option when logging into your account. Then, on your device, open the Duo app and click/tap on the key icon to the right of SMU. This will present you with a passcode to enter on the login page to access your account.

If you receive a notification (a login alert on the Duo Mobile app, a phone call from the Duo authentication system, or a batch of passcodes via text message) that you did not initiate from logging in to an SMU system, your SMU ID password may have been compromised. Reject the login and change your SMU ID password as soon as possible at smu.edu/password.

Contact the IT Help Desk at 214-768-HELP if your YubiKey Key stops working or if you can't log in with the passcodes it generates.

Your YubiKey Key can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. In some cases this can happen by accident if the token is stored next to other objects in a pocket, backpack, etc.

If there is an issue with your carrier, we recommend using the Mobile App to verify over the SMU wireless network.  If that is not an option, please contact the IT Help Desk about arranging for a YubiKey Key to connect to Duo.

No, Duo Security is required to access specific SMU systems. Two-factor authentication adds a second layer of security to our online accounts. In an effort to keep the university systems and even your personal account information secure, we are enabling 2FA on select services.

For the best results we do not recommend using Internet Explorer's Compatibility View with Duo authentication. You may be able to turn off Compatibility View yourself.

From the Address bar:

If the Compatibility View button displays in the Address bar to the right of the page address, you can click the button to exit Compatibility mode.

From the Internet Explorer Tools Menu:

In the Internet Explorer browser window press the Alt key to display the menu bar. Navigate to Tools → Compatibility View settings and make one or
more of the following changes:

  • Remove the website where you use Duo authentication from the
    "Websites you've added to Compatibility View."
  • Uncheck the "Display all websites in Compatibility View" option if present and enabled.
  • Uncheck the "Display intranet sites in Compatibility View" option.

Click the Close button to save your change.

Contact IT Help Desk at 214-768-HELP if the Duo Login continues to display incorrectly.

You will not need to authenticate with Duo for 7 days on that device with that web browser. If you quit your browser or your Single Sign-On session times out, you will still need to sign in with your SMU ID and password.

Also, even if you have selected to "trust this device," if you use another web browser, you will be prompted by Duo to authenticate again in the new web browser.

When there are too many failed attempts to log in, accounts are locked. You will need to contact the Help Desk at 214-768-HELP for assistance unlocking your account.

SMU has a contractual agreement with Duo Security for confidentiality of user information such that it will not be used by Duo Security for any reason other than authentication on behalf of SMU. SMU personnel may also use the information for identification purposes. For example, if a user contacts the IT Help Desk for assistance with their Duo account, we may use the phone number that’s enrolled in Duo to help confirm the user’s identity.

Only specific named administrative SMU contacts have access to Duo enrollment details, and all have signed standard confidentiality agreements with the University. Duo Security undergoes regular infrastructure and operational audits by third-party auditors. To find out more, please visit duo.com/why-duo/security-and-reliability.

After separation from SMU, the user’s Duo enrollment data will be removed. However, authentication logs for that user will be retained. The timeframe for deprovisioning activity has not yet been determined. Our objective is to achieve a balance for removing the data in a timely manner, but not require a user to perform the Duo enrollment process again if they return quickly to SMU employment.

Sometimes the Duo Mobile app will not launch as intended on your smartphone. Usually, a simple reboot of your phone will resolve the issue.

If you don't wish to reboot your smartphone, you could manually launch the Duo app. Your notification should be there waiting for your approval.

Please use the following definitions regarding Duo device enrollment:

Mobile has a phone number, can use the Duo Mobile app, and can receive SMS text messages
Tablet has no phone number but can use the app