fb pixel

Â鶹´«Ã½

The University of Â鶹´«Ã½

Multi-Factor Authentication (MFA)

Â鶹´«Ã½

Glossary

MFA Activation

Student Info

Multi-Factor Authentication Presentation

Videos

System Requirements

Setup MFA

Download Duo Mobile App

New M365 Login Page

How To Documents

Faculty / Staff FAQs

Student FAQs

MFA Communications

Â鶹´«Ã½ Multi-Factor Authentication (MFA)

Multi-Factor or Two-Factor Authentication (MFA or 2FA) adds a level of security by combining two or more methods of authentication when you log into an account, email and /or application. There are different applications that enable MFA or 2FA and The University of Â鶹´«Ã½ has selected Cisco DUO for UÂ鶹´«Ã½ MFA. Initially, UÂ鶹´«Ã½ will be implementing MFA on M365/email but more applications will be enabled in the coming months. When you log to your UÂ鶹´«Ã½ M365 or email, you will be asked to verify your identity using a second factor (like your mobile device). This prevents others from accessing your email even if your password has been compromised.

In response to recent feedback, the rollout of MFA has been delayed. A meeting will be scheduled with each department to explain the project rollout strategy. After this meeting MFA enrollment dates and a MFA enforcement date will be determined for each department.

Refer to MFA Activation for UÂ鶹´«Ã½ Faculty, Staff and Students for specific dates.

Glossary

2FA (two-factor authentication): an additional layer of authentication beyond a username and password. 2FA involves something you know (password) plus something you have with you (like Duo Mobile on your smartphone) to prevent someone from logging in with only your password. With Duo 2FA, you still enter your username and password. The second factor provided by Duo is simply an added layer of security on top of your existing credentials. We recommend using Duo Push via the Duo Mobile app to perform 2FA.

Duo Basic Prompt:  this interactive prompt lets you choose how to verify your identity each time you log in (e.g. “Duo Push” or “Call Me”) to a web-based application. The Duo Prompt allows you to enroll and authenticate.

Duo Prompt

Duo Universal Prompt: Similar to the Duo Basic Prompt. When you select Other option a second screen will allow you to select a different verification method or you can select Manage devices at the bottom of the prompt to setup a new phone or other options that may be available. (Note: All options displayed may not be available.)

universal prompt

Passcode:  these are numeric codes that can be generated either via the Duo Mobile app, SMS (text message), or a hardware token, depending on what your IT administrator permits. Passcodes may be used at any time and are particularly handy for authenticating when your 2FA device doesn't have internet or cellular service.

Duo Passcode

Push Notification (Duo Push):  a push authentication request that is sent to the Duo Mobile App on an enrolled device. Push notifications include information like the geographical location of the access device, IP address of the access device, and the application being accessed so you can verify whether the push is real or fraudulent.

Self-service portal:  if the self-service portal has been enabled for use in the Duo Prompt, you can click “My Settings & Devices” to add additional devices or update authentication method settings right from the Duo Prompt.

MFA Activation for UÂ鶹´«Ã½ Faculty, Staff and Students

MFA for M365 and UÂ鶹´«Ã½ email will be required for all faculty, staff and students starting in 2022. 

Activity Dates Status

  Progress as of

    2-Aug-22

MFA Self-Enrollment for Tech Sector & ACS Techs January 18 - February 1, 2022

Complete

 

Enforce MFA for Tech Sector & ACS Techs February 2, 2022

Complete

 

Meeting with Departments February 2 - May 31, 2022

Complete

    

   91 completed

   

MFA Self-Enrollment for staff / faculty by Department February 28 - TBD

Complete

        

MFA Activation for staff /faculty by Department March 7 - TBD

In Progress

    106*/108

     98.15%

MFA Self-Enrollment for students June 27 - Sept 2022

In Progress

 

MFA Activation for students July - August 8 2022

In Progress

       3452

* retirees and consultants remaining 

How it works

mfa-how-does-it-work.png

  1. Enter your username and password
  2. Use your phone / other method* to verify your identity
  3. You are securely logged in

Supported Devices

The following devices are supported with DUO

mfa-supported-devices.png

Setup MFA

DUO’s self-enrollment process makes it easy to register your device and install the mobile app. Refer to the How-to documents below.

Enroll in Duo MFA

Refer to the for information and the How-to documents.

If you have any issues please contact the Technology Service Desk (servicedesk@uwinnipeg.ca, 204.786.9149).

Student MFA Info

Refer to the

Multi-Factor Authentication Presentation

Videos

The following videos are available to assist you:

: Skip to 2.26 minutes to view the User Experience with the Self-Service Portal

: The following videos are available:

  • Passwordless Authentication
  • Authenticate with Duo Mobile (Android)
  • Zero-Trust, Explained
  • Authenticate with Hardware Tokens
  • Introduction to Duo Help Desk Push
  • Duo Security Overview for Schools and Students
  • Authenticate with SMS
  • Authenticate with Apple Watch
  • Authenticate with Mobile Passcodes
  • Authenticate with U2F Tokens
  • Authenticate with Bypass Codes
  • Authenticate with Duo Mobile on iPhone
  • Duo for Apple Watch
  • Duo Push Demonstration

System Requirements

 The current version supported for Android can be found .

: The current version of Duo Mobile supports can be found .

: The current version supported for Apple Watch can be found .

Note: For more information, click the above link.

Download DUO Mobile App

New M365 Login Page

Starting January 31, 2022 there will be an additional login page for M365 login page. It will look like the following: 

login screenlogin screen 2

 

How To Documents

OWA / VPN

How Multi-factor Authentication Works with Outlook Web Access

How Multi-factor Authentication Works with VPN

How Multi-factor Authentication and VPN work together

Smartphone / Tablet

Setup Duo Mobile on a Smartphone

Setup Duo for on a Tablet

Activate a New Phone or Add a Security Key / Phone Number / Duo Mobile for Smartphone or Tablet

USB Key

Setup Duo Mobile using a USB Security Key (WebAuthn/Fido2)

SMS Text

Setup Duo on a cellphone for SMS (text message) only passcodes

Phone Call 

Setup Duo for Phone Call Only

Shared Mailboxes

Faculty / Staff FAQs

Why is my password not good enough?

Passwords are no longer enough to secure accounts. They are increasingly easy to compromise. Weak, reused or easy to guess passwords put your accounts at risk. Enabling MFA on an account adds a layer of protection, even if your password is compromised a hacker will not be able to gain access to your account and you will be notified that someone is trying to log in.

 

Do I need a smartphone or data plan to use two-factor authentication?

No. Having a smartphone makes for an easier and more secure experience with Duo Push. However, it is also possible to enroll a non-smartphone mobile device to receive SMS passcodes.

 

What is Duo Mobile?

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.

 

What is the recommended two-factor authentication method?

If you have a smartphone or tablet, Duo Push is recommended, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video: 

 

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

 

What are the mobile device requirements for using DUO?

Android: The current version of Duo Mobile supports Android 8 and greater. ()

iOS: The current version of Duo Mobile supports iOS 12.0 and greater. ()

Apple Watch: requires Duo Mobile 3.8 or later. ()

 

Can I have DUO on multiple devices?

Yes, DUO can be configured on several devices or multiple devices of the same type. 

 

I have a new device what do I do?

If you get a new cell phone, you will need to re-activate Duo Mobile. You may enroll your new device yourself using the device management portal. 

If you no longer have access to your cell phone that was registered, you will need to contact the Technology Service Desk (servicedesk@uwinnipeg.ca  or 204.786.9149) for assistance.

 

What are the most to least secure methods for Duo authentication?

Duo authentication methods from most to least secure:

  1. Touch ID (only for MacBook Pro and MacBook Air with Touch ID) Currently not enabled
  2. Security keys
  3. Duo Mobile push approval (Recommended)
  4. YubiKey passcodes
  5. Duo Mobile generated passcodes
  6. Hardware token passcodes
  7. SMS passcodes
  8. Phone call approval

To learn more about Duo Authentication methods visit the .

I don’t want to use the Duo Mobile App

Faculty and staff who do not have a mobile phone or tablet, or would prefer to use an alternative method, can request a hardware token by submitting a request to the Technology Service Desk (servicedesk@uwinnipeg.ca or 204.786.9149).

 

What happens if I lose my hardware token?

Lost or stolen tokens should be reported to the Technology Service Desk (servicedesk@uwinnipeg.ca or 204.786.9149) as soon as they are noticed missing. Please note there may be a fee for replacing the hardware token. 

 

Can tokens be reused by someone else in my department?

Duo hardware tokens can be reprogrammed for use by a different employee. Please contact the Technology Service Desk (servicedesk@uwinnipeg.ca or 204.786.9149).

 

What happens if my token doesn't work?

Defective tokens can be replaced. Please note there may be a fee for replacing the hardware token. Please contact the Technology Service Desk (servicedesk@uwinnipeg.ca or 204.786.9149).

Tokens can be retired when an employee leaves the University. Please return them to Technology Solutions Centre.

 

What if I don’t have a phone?

Faculty and staff who don’t have a mobile phone or tablet can request a hardware token from the Technology Service Desk (servicedesk@uwinnipeg.ca or 204.786.9149).

 

Why have I stopped receiving push notification from Duo Mobile?

There are several reasons this could be happening. Please try the following to troubleshoot:

  1. Make sure your enrolled device has a cellular network or WiFi connection.
  2. Have the Duo Mobile app open when you authenticate.
  3. Try these additional push troubleshooting steps:
    • iPhone: 
    • Android: 
  4. If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.

 

Can I use Google Authenticator?

Duo Mobile App does not support OTP applications like Google Authenticator.

 

How can I authenticate if I’m somewhere with no cell signal or WiFi access?

See this Duo Knowledge Base article for information on authenticating without cell or internet service: 

 

How can I manage the devices I use for Duo?

If you have access to the “My Settings & Devices” link (the self-service portal) at the Duo Prompt and are currently able to authenticate with a device, you may:

  • Add additional devices
  • Designate your “default” device that receives authentication requests in addition to your preferred authentication method
  • Deactivate Duo Mobile if you got a new phone but kept your number
  • Change the name of your device (ex. “Personal Cell” or “Work Phone”)
  • Remove a device

Go to Manage devices at the bottom of the "Other options to log in" list. 

Learn more about managing your devices here: 

 universal prompt

 

Having trouble downloading the Duo Mobile App from the Apple store?

Open Apple App Store

Click on the Person (upper right hand corner)
Click on your Name/email address

Sign In when prompted with your Apple ID Password

Scroll down to the bottom and click on Terms of Service

That initiated the Acceptance message for Apple Terms of Service that needed to be Accepted in order to use the Apple App Store.

Duo App Security and Privacy
Where can I get more info on DUO?

To get more detailed help with DUO check out

Can Duo see my password?

No. Your password is only verified by your organization and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

Does using Duo give up control of my smartphone?

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you  act on these recommendations.

What should I do if I receive a push notification in Duo that I didn't initiate?

Assume that someone is trying to illegally access your account. 

  • Choose "Deny" in the Duo app to block the request then call the Technology Service Desk at 204.786.9149 and report the attempted login!
Where can I find Duo's privacy and security information?

Please refer to Duo's Privacy Data Sheet

Why is my Outlook client not showing a MFA (2FA) prompt when Microsoft 365 is protected by Duo?

Please refer to the Duo Information: