Duo Security Overview

Quickly and simply configure DUO security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.

graphic with a laptop with an equal sign on the screen an arrow pointing right to a cell phone with a key on the screen, another arrow pointing  right to a check mark

Two-factor authentication adds a second layer of security to your online CWRU accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you logging in, even if they know your password.

For more help, call the Service Desk at (216) 368-HELP (4357).

Self enrollment is available via multiple methods. Information Security recommends all users enroll the following two devices:

  • Smartphone using the mobile application for iOS or Android
  • Desk phone (landline) using the voice call method

IMPORTANT UTech Information Security recommends you use your desk phone as a backup in the case that a mobile phone is lost, stolen or damaged.

However, CWRU Duo lets you link multiple devices to your account, and you may use any combination of compatible devices to secure it.

Applications That Support DUO

You can use the table below to see if an application uses a Duo authentication method you have set up, or if you may need to use an additional method for specific applications.

If an application you use does not support an authentication method you have set up, you will need to set up a supported device for authentication. Visit the Enroll an Authentication Device section below for instructions on enrolling the new device.

Authentication Method Duo Push Passcode Duo Token Phone Call SMS YubiKey
GMail / GSuite x x x x x x
My Apps x x x     x
Qualtrics x x x     x
VPN x x x x x  
HCM x x x x x x
SIS x x x x x x

Enroll an Authentication Device in DUO Security

CWRU Duo supports a range of electronic devices including:

  • iOS smartphones and tablets
  • Android smartphones and tablets
  • Basic cell phones with and without text message/SMS capabilities
  • Landlines
  • Duo tokens and other hardware tokens
  • Security keys (e.g. FIDO2, WebAuthn, YubiKey)

The table below illustrates what authentication methods are supported by which device. This may help you decide which devices you want to enroll in Duo.

Device Duo Push Passcode Voice Call SMS U2F
Smartphone x x x x  
Basic Cell Phone     x x  
Landline     x    
Tablet x x      
Duo Token   x      
YubiKey         x

Add a phone number to your Duo profile, Install Duo Mobile application

  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Mobile phone" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the smartphone you'll have with you when you're logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. Choose your operating system (e.g., iOS, Android, Blackberry) and click Continue.
  8. Search for "Duo Mobile" in your smartphone's application store and then install it.
  9. Return to your computer. Choose "I have Duo Mobile installed" and click Continue.
    NOTE: If you do not complete the Activate steps, enrollment will fail.

Activate Duo Mobile

  1. On your mobile phone, open the Duo Mobile application and tap + or Add account. Then tap Scan Barcode.

    NOTE: Use a large monitor or laptop to complete these steps.

  2. Hold your phone up to your computer screen to scan the barcode.
  3. An account named "Case Western Reserve University" appears on your smartphone.
  4. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  5. Your smartphone is now enrolled and can be used in the authentication process.
  6. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.

Add a phone number to your Duo profile, Install Duo Mobile application

  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Tablet" as your device type and click Continue.
  5. Choose your operating system (e.g., iOS, Android) and click Continue.
  6. Search for "Duo Mobile" in your tablet's application store and then install it.
  7. Return to your computer. Choose "I have Duo Mobile installed" and click Continue.

Activate Duo Mobile

  1. On your tablet, open Duo Mobile.
  2. Tap +.
  3. Tap Scan Barcode.
  4. Hold the tablet up to your computer screen to scan the barcode.
  5. After an account named "Case Western Reserve University" appears on your tablet, click Continue.
  6. A “Device successfully enrolled” message is displayed on your computer.
  7. Your tablet is now enrolled and can be used in the authentication process.
  8. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  • All CWRU employees and students can request one Duo token for free by contacting the Helpdesk. This is an alternative to using your phone, tablet or the Duo Mobile app. It will generate a passcode that you can enter when you need to complete the two-factor authentication process. The Helpdesk will assign you a Duo token and enroll it under your account. Once a token has been assigned to you, you can pick it up from the [U]Tech CARE Center in the Kelvin Smith Library. You can then use the Duo token to generate secure passcodes.
    Example of a Duo Hardware Token, which is a small device that fits on a keychain.
  • Purchasing a Duo token: The first Duo token for users is free. If you have lost your token, replacement Duo tokens can be purchased from the [U]Tech CARE Center. Faculty and staff should request a token and charge the cost to their department’s OPR code when they pick it up (Note: the Helpdesk and [U]Tech CARE Center cannot look up OPR codes--this must be presented by the user at time of pick up). Students should contact the Helpdesk for further instruction.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Mobile phone" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the telephone you'll answer when logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. Choose phone operating system, "Other" and then click Continue.
  8. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  9. Your phone is now enrolled and can be used in the authentication process.
  10. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Landline" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the telephone you'll answer when logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  8. Your phone is now enrolled and can be used in the authentication process.
  9. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Security key" as your device type and click Continue.
  5. A pop-up window will prompt you to insert your security key in your computer. Make sure you have pop-up windows allowed.
  6. Follow the on-screen instructions to tap to enroll your security key. You may need to tap the key multiple times in order for it to sync.
  7. You'll see whether the security key identification was successful or not.

Authenticate to VPN with a Supported Device

Review the table below to identify what methods of authentication your enrolled devices support. Then, follow the instructions to authenticate a VPN session.

YubiKey does not work with FortiClient VPN. To access FortiClient VPN, please use one of the other supported devices in the table.

Device Duo Push Passcode Voice Call SMS
Smartphone x x x x
Basic Cell Phone     x x
Landline     x  
Tablet x x    
Duo Token   x    
YubiKey        

For more information and instructions on connecting to the FortiClient VPN, please visit the following page:

https://case.edu/utech/help/forticlient-vpn