Skip to main content

Duo FAQ

Have a new phone?

If you acquire a new device, please sign into the self-service portal by clicking the “Self Service Portal” button below. You will be prompted to log in with your vuNetID and password. After doing so, you will be prompted with a Duo screen including buttons saying "Enter a Passcode" and "Send Me a Push." Select "Enter a Passcode." A blue box will pop up at the bottom. Click on "Text me new codes."

You will receive a code on your phone to enter as your passcode in order to log in. Once signed in, you can select “Device Options” next to the phone number or device you wish to edit. You can also choose to “+ Add another device” to add a backup device such as a tablet or security key.

Self Service Portal

Multifactor authentication or MFA is a method of confirming ones claimed identity using two or more pieces of evidence. Something you know, something you have, and something you are.

For more information, please visit our Multi-Factor Authentication product page .

Sign up by clicking the “enroll now” button and following the steps. Be sure to have your secondary device available during the enrollment process.

 

Enroll now!

 

Users of specific applications. Currently Duo is being rolled out on an application by application basis. To find out when your favorite applications will begin utilizing Duo, please reach out to your Relationship Manager or application owner.

No, once your application is determined to require MFA there is not an option to opt out. Please see, “What are my authentication options?” for more information.

Vanderbilt University uses Duo Security and leverages your VUNetID and password (something you know) and typically your mobile phone (something you have) to confirm your identity. Some application may bring in the third option for Multifactor Authentication and integrate biometrics or facial recognition (something you are) to confirm your identity.

Sign into the self-service portal. Once you have signed in and verified your identity with Duo, select “+ Add another device” to add a backup device such as a tablet or security key. You may also contact the  Help Desk for assistance with adding a second device.

 

Self Service Portal

Currently the following options are available as acceptable Multifactor authentication options;

Push (Duo Mobile app) –acknowledgement from the Duo Mobile app. Recommended and easiest form of authentication.

Passcode (Duo Mobile app/Hardware Token) – randomly generated code used to verify you are in possession of the MFA device.

Bypass Code – a passcode from the help desk in the event a user’s typical authentication device is unavailable.

U2F - long press (3 to 5 seconds) of the brass contact on a U2F generates a static password, which acts as a passcode.

*Not all applications will support all forms of authentication.

A passcode is a randomly generated code used to verify you are in possession of the MFA device, and can be obtained by one of the authentication options.

Duo Mobile

Bypass codes

Yes, anyone may purchase a Universal 2nd  Factor Authentication (U2F) device from Yubico.
YubiKey FIPS
YubiKey C FIPS
This token can then be enrolled and used as your second factor of authentication. 
To enroll your security token, please call the Help Desk at 615-343-9999.  You will need to have your token in hand and be ready to provide the operator with the serial number.

 

You must use the Google Chrome browser to add a U2F device.  During the Enrollment process follow the prompts to add a “Security Key”.  If you are already enrolled, sign into the self-service portal by clicking the “Enroll now!” button.  Once you have signed in and verified your identity with Duo, select “+ Add another device”, then select "Security Key".  You may also contact the  Help Desk for assistance with adding a U2F device.

 

 

If your device is lost or stolen, please reach out to the help desk to have the device removed from your account. You can always re-enroll your device at a later date. You may also need a temporary bypass code from the help desk to authenticate your applications and the self-service portal once you have a secondary device available again.  If you contact the Help Desk for a bypass code, they will need to verify your identity before being able to provide the code.  They will ask you to verify your identity by using a variety of different options:

  • Video of you with your VU badge
  • Picture of you with your VU badge (date stamped)
  • Supervisor contacted to verify

The Duo Mobile app is designed to work in airplane mode, which does not require Wi-Fi or cellular service. Duo Mobile passcodes will still be received without Wi-Fi or cellular service.

If you are traveling abroad it is recommended to utilize the Duo Mobile app passcode when authenticating. The app can also be installed on a different mobile device or tablet.

Exceptions can be vetted by VUIT and a bypass code can be issued while traveling abroad.

It is recommended you attempt to connect to your application using Duo prior to traveling.

If you are traveling and have any issues, please contact the Help Desk .

If you acquire a new device, please sign into the self-service portal by clicking the “Self Service Portal” button. To authenticate with Duo, select "Enter a Passcode", then "Text me new codes".  You will receive a code on your phone, which you will enter as your passcode to log in.  Once signed in, you can select “Device Options” next to the phone number or device you wish to edit. You can also choose to “+ Add another device” to add a backup device such as a tablet or security key. You may also contact the Help Desk for assistance reactivating your new device.

 

Self Service Portal

 

Using a personal device is not a requirement of MFA. See “What are my authentication options?” for more information.

If you do not have a smart device or do not wish to use your smart device, you may purchase a security token from Yubico at the link below:

YubiKey FIPS

YubiKey C FIPS

Please follow your departmental procurement process for purchasing.

This token can then be enrolled and used as your second factor of authentication. 

To enroll your security token, please call the Help Desk at 615-343-9999.  You will need to have your token in hand and be ready to provide the operator with the serial number.

Yes. It is strongly recommended to have more than one device enrolled in Duo. See “How do I add a second device?” for more information.

Duo only collects information required to provide and improve the service which is inherent to the device by default.

If you want to connect to a Vanderbilt application or shared drive that does not have secure web access, you will need to log into VPN to access it. If you are out of the country and want to use your computer, or even in the country and want to use your computer on a public Wi-Fi network (i.e., hotels, or restaurants, or airports), you should log into the Vanderbilt VPN for security purposes. Not all users do this, nor is it currently required, but it is a best practice from a security standpoint. For more information about the VPN, please visit: Remote Access - SSL VPN.

Yes, Duo MFA is required for logging in to Pulse VPN. 

Logging in to Pulse VPN with DUO

 

 

Be sure you are allowing notifications from the Duo Mobile app. There may be an issue with the phone number associated with your account or fraudulent activity. If you have no way to log into the self-service portal to verify your device contact the Help Desk as soon as possible.

Client-based applications, such as Pulse VPN, will require authentication each time you log in.

By default all web-based applications (applications which are accessed through a web browser) will have a 30 day device remembrance policy. This means that you will only be required to provide a second factor of authentication once every 30 days. This device remembrance is stored as a cookie in your browser. If you use a different device or browser, you may be required to authenticate with Duo again.  This setting may differ based on the application.

Click “Cancel.”  Then you should be able to select the check box and proceed to authenticate. 

If you would like to have your application behind MFA reach out to the Application Owner or Relationship Manager to to get a project initiated.

This is a sign of fraud and/or a compromised account. Please contact Help Desk support immediately.

You will use the same Duo Mobile app and simply add your Vanderbilt University account. This is done by opening the Duo Mobile app and selecting the “ + “ sign in the upper right corner. Then you will scan the activation barcode which you will receive during the enrollment process.

Yes, Duo Mobile is an “authenticator application” that supports a number of web based accounts such as Facebook, Amazon, and even some online banking services that have multifactor login enabled. Search the support pages on the web service you wish to enable “multifactor factor authentication” or “two-factor authentication”, and follow the instructions to add your Duo Mobile authenticator application.

Device remembrance allows a device to be deemed trustworthy and thereby require two-factor authentication in a less-frequent manner.

You will need to grant access on your mobile device to receive notifications from Duo.

When entering the passcode from the Duo mobile app, enter the digits with no space.

Your TLA will also need to be enrolled in Duo. Please follow the steps below:

  1. Visit the DUO enrollment portal at https://it.vanderbilt.edu/services/catalog/security/identity_and_access_management/Multi_Factor_Authentication.php
  2. Log-in into SSO with your TLA
  3. During the enrollment process, select Tablet (if you are already using your mobile phone for your VUNetID)
  4. An additional Vanderbilt University option will appear in the app, and this will be used for your TLA