Duo Security Overview

Quickly and simply configure DUO security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.

graphic with a laptop with an equal sign on the screen an arrow pointing right to a cell phone with a key on the screen, another arrow pointing  right to a check mark

Two-factor authentication adds a second layer of security to your online CWRU accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you logging in, even if they know your password.

For more help, call the Service Desk at (216) 368-HELP (4357).

Self enrollment is available via multiple methods. Information Security recommends all users enroll the following two devices:

  • Smartphone using the mobile application for iOS or Android
  • Desk phone (landline) using the voice call method

IMPORTANT UTech Information Security recommends you use your desk phone as a backup in the case that a mobile phone is lost, stolen or damaged.

However, CWRU Duo lets you link multiple devices to your account, and you may use any combination of compatible devices to secure it.

Applications That Support DUO

You can use the table below to see if an application uses a Duo authentication method you have set up, or if you may need to use an additional method for specific applications.

If an application you use does not support an authentication method you have set up, you will need to set up a supported device for authentication. Visit the Enroll an Authentication Device section below for instructions on enrolling the new device.

Authentication Method Duo Push Passcode Duo Token Phone Call SMS YubiKey
GMail / GSuite x x x x x x
My Apps x x x     x
Qualtrics x x x     x
Lastpass x x x x x x
VPN x x x x x  
HCM x x x x x x
SIS x x x x x x

Enroll an Authentication Device in DUO Security

CWRU Duo supports a range of electronic devices including;

  • iOS smartphones and tablets
  • Android smartphones and tablets
  • Basic cell phones with and without text message/SMS capabilities
  • Landlines
  • Duo tokens and other hardware tokens
  • Security keys (e.g. FIDO2, WebAuthn, YubiKey)

Add a phone number to your Duo profile, Install Duo Mobile application

  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Mobile phone" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the smartphone you'll have with you when you're logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. Choose your operating system (e.g., iOS, Android, Blackberry) and click Continue.
  8. Search for "Duo Mobile" in your smartphone's application store and then install it.
  9. Return to your computer. Choose "I have Duo Mobile installed" and click Continue.
    NOTE: If you do not complete the Activate steps, enrollment will fail.

Activate Duo Mobile

  1. On your mobile phone, open the Duo Mobile application and tap + or Add account. Then tap Scan Barcode.

    NOTE: Use a large monitor or laptop to complete these steps.

  2. Hold your phone up to your computer screen to scan the barcode.
  3. An account named "Case Western Reserve University" appears on your smartphone.
  4. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  5. Your smartphone is now enrolled and can be used in the authentication process.
  6. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.

Add a phone number to your Duo profile, Install Duo Mobile application

  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Tablet" as your device type and click Continue.
  5. Choose your operating system (e.g., iOS, Android) and click Continue.
  6. Search for "Duo Mobile" in your tablet's application store and then install it.
  7. Return to your computer. Choose "I have Duo Mobile installed" and click Continue.

Activate Duo Mobile

  1. On your tablet, open Duo Mobile.
  2. Tap +.
  3. Tap Scan Barcode.
  4. Hold the tablet up to your computer screen to scan the barcode.
  5. After an account named "Case Western Reserve University" appears on your tablet, click Continue.
  6. A “Device successfully enrolled” message is displayed on your computer.
  7. Your tablet is now enrolled and can be used in the authentication process.
  8. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  • All CWRU employees and students can request one Duo token for free by contacting the Helpdesk. The Helpdesk will assign you a Duo token and enroll it under your account. Once a token has been assigned to you, you can pick it up from the [U]Tech CARE Center in the Kelvin Smith Library. You can then use the Duo token to generate secure passcodes.
  • Purchasing a Duo token: The first Duo token for users is free. If you have lost your token, replacement Duo tokens can be purchased from the [U]Tech CARE Center. Faculty and staff should request a token and charge the cost to their department’s OPR code when they pick it up (Note: the Helpdesk and [U]Tech CARE Center cannot look up OPR codes--this must be presented by the user at time of pick up). Students should contact the Helpdesk for further instruction.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Mobile phone" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the telephone you'll answer when logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. Choose phone operating system, "Other" and then click Continue.
  8. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  9. Your phone is now enrolled and can be used in the authentication process.
  10. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Landline" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the telephone you'll answer when logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  8. Your phone is now enrolled and can be used in the authentication process.
  9. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Security key" as your device type and click Continue.
  5. A pop-up window will prompt you to insert your security key in your computer. Make sure you have pop-up windows allowed.
  6. Follow the on-screen instructions to tap to enroll your security key. You may need to tap the key multiple times in order for it to sync.
  7. You'll see whether the security key identification was successful or not.

Authenticate to VPN with a Supported Device

Review the table below to identify what methods of authentication your enrolled devices support. Then, follow the instructions to authenticate a VPN session. This may help you in deciding what devices you want to enroll in Duo. 

 

Device Duo Push Passcode Voice Call SMS
Smartphone x x x x
Basic Cell Phone     x x
Landline     x  
Tablet x x    
Duo Token   x    
  1. Launch the FortiClient VPN client.
  2. Choose "Case" from the list of VPN profiles.
  3. Type your CWRU Network ID and passphrase in the boxes marked Username and Password, respectively.
  4. Your primary device enrolled in Duo will receive a push notification.
  5. Click Connect.
  6. An alert will display on your smartphone or tablet.
  7. Tap Accept to authenticate.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.

IMPORTANT: If you receive a login request on your phone or tablet that you did not request, tap the red Deny button and then choose "It seems fraudulent" when prompted to alert Information Security.

It is possible that your password has been compromised.

Use mobile passcodes to authenticate if you have your smartphone or tablet, but do not have a mobile data connection (e.g., poor cellular reception).

  1. Open the Duo Mobile application on your smartphone or tablet.
  2. Tap the key icon to generate a 6-digit passcode.
  3. Launch the FortiClient VPN client.
  4. Choose "Case" from the list of VPN profiles.
  5. In the box marked Username enter your CWRU Network ID.
  6. Into the box marked Password enter your CWRU Passphrase, then add a comma (",") at the end of your passphrase followed by the Duo 6-digit passcode
  7. Click Connect.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.
  1. Launch the FortiClient VPN client.
  2. Choose "Case" from the list of VPN profiles.
  3. In the box marked Username enter your CWRU Network ID.
  4. Into the box marked Password enter your CWRU Passphrase, then add a comma (",") at the end of your passphrase followed by "Phone".
  5. Click Connect.
  6. Your will receive a telephone call from 216-368-2000 on the telephone number listed first in your CWRU Duo profile.
  7. Answer the telephone and, when prompted, press any key to authenticate.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.
  1. Launch the FortiClient VPN client.
  2. Choose "Case" from the list of VPN profiles.
  3. In the box marked Username enter your CWRU Network ID.
  4. Into the box marked Password enter your CWRU Passphrase, then add a comma (",") at the end of your passphrase followed by "SMS"
  5. Click Connect.
  6. You will receive a series of single use passcodes on the first SMS-capable phone listed in your CWRU Duo profile.
  7. Using these codes, re-enter your CWRU Network ID and Passphrase. Following the passphrase, add a comma (",") followed by one of the codes.
  8. Click Connect
  9. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  10. VPN connection completed.

Hardware tokens are available for purchase. Contact UTech Information Security for details.

  1. Use your hardware key to generate a passcode.
  2. Launch the FortiClient VPN client.
  3. Choose "Case" from the list of VPN profiles.
  4. Type your CWRU Network ID and password in the boxes marked Username and Password, respectively.
  5. Type the passcode in the box marked Second Password.
  6. Click Connect.
  7. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  8. VPN connection completed.

Notes for Multi-Device Accounts

It's possible to call or send SMS codes to any compatible device in your profile by typing "PHONE" or SMS" and its number in series (e.g., "SMS2", "PHONE2").

However, if you use the Manage Devices screen to change the order of your devices so that your basic cell phone appears before your your smartphone (but after any landline) you'll not need to remember the order of devices to authenticate by the preferred method when using a multi-device account.

Also, if you use the mobile application with both a smartphone and tablet, the device you'll use to authenticate more often should appear first.

Because hardware tokens are not associated with a phone number, it does not matter where in the order of devices they appear.

To access the Manage Devices screen, first enroll at least one device. The enrollment page now features a gray button marked Manage devices. Click this and then authenticate. The management screen opens after successful authentication.