Duo Security Overview

Quickly and simply configure DUO security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.

graphic with a laptop with an equal sign on the screen an arrow pointing right to a cell phone with a key on the screen, another arrow pointing  right to a check mark

Two-factor authentication adds a second layer of security to your online CWRU accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you logging in, even if they know your password.

For more help, call the Service Desk at (216) 368-HELP (4357).

Self enrollment is available via multiple methods. Information Security recommends all users enroll the following two devices:

  • Smartphone using the mobile application for iOS or Android
  • Desk phone (landline) using the voice call method

IMPORTANT UTech Information Security recommends you use your desk phone as a backup in the case that a mobile phone is lost, stolen or damaged.

However, CWRU Duo lets you link multiple devices to your account, and you may use any combination of compatible devices to secure it.

Enroll an Authentication Device in DUO Security

CWRU Duo supports a range of electronic devices including;

  • iOS smartphones and tablets
  • Android smartphones and tablets
  • Blackberry devices
  • Windows phones
  • Basic cell phones with and without text msg capabilities
  • Landlines
  • Hardware tokens (e.g., Yubikey - enrolled by administrator)

Add a phone number to your Duo profile, Install Duo Mobile application

  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Mobile phone" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the smartphone you'll have with you when you're logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. Choose your operating system (e.g., iOS, Android, Blackberry) and click Continue.
  8. Search for "Duo Mobile" in your smartphone's application store and then install it.
  9. Return to your computer. Choose "I have Duo Mobile installed" and click Continue.
    NOTE: If you do not complete the Activate steps, enrollment will fail.

Activate Duo Mobile

  1. On your mobile phone, open the Duo Mobile application and tap + or Add account. Then tap Scan Barcode.

    NOTE: Use a large monitor or laptop to complete these steps.

  2. Hold your phone up to your computer screen to scan the barcode.
  3. An account named "Case Western Reserve University" appears on your smartphone.
  4. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  5. Your smartphone is now enrolled and can be used in the authentication process.
  6. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Mobile phone" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the telephone you'll answer when logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. Choose phone operating system, "Other" and then click Continue.
  8. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  9. Your phone is now enrolled and can be used in the authentication process.
  10. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.
  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Landline" as your device type and click Continue.
  5. Type your 10 digit phone number and choose the country associated with it. Use number of the telephone you'll answer when logging in.
  6. Double-check your phone number and then select the box marked "(###) ###-#### is the correct phone number". Click Continue.
  7. A “Device successfully enrolled” message is displayed and the phone number of the registered device is indicated on your computer.
  8. Your phone is now enrolled and can be used in the authentication process.
  9. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.

Add a phone number to your Duo profile, Install Duo Mobile application

  1. Open the Duo Security self-enrollment page using a laptop or desktop computer.
  2. When prompted, type in your CWRU network ID and password.
  3. Click Start Setup.
  4. Choose "Tablet" as your device type and click Continue.
  5. Choose your operating system (e.g., iOS, Android) and click Continue.
  6. Search for "Duo Mobile" in your tablet's application store and then install it.
  7. Return to your computer. Choose "I have Duo Mobile installed" and click Continue.

Activate Duo Mobile

  1. On your tablet, open Duo Mobile.
  2. Tap +.
  3. Tap Scan Barcode.
  4. Hold the tablet up to your computer screen to scan the barcode.
  5. After an account named "Case Western Reserve University" appears on your tablet, click Continue.
  6. A “Device successfully enrolled” message is displayed on your computer.
  7. Your tablet is now enrolled and can be used in the authentication process.
  8. If you want to register other devices, click Enroll another device. Otherwise, click I’m done enrolling devices.

Authenticate with a Supported Device

Review the table below to identify what methods of authentication your enrolled devices support. Then, follow the instructions to authenticate a VPN session.

 

Device Duo Push Passcode Voice Call SMS
Smartphone x x x x
Basic Cell Phone     x x
Landline     x  
Tablet x x    
  1. Launch the Cisco AnyConnect VPN client.
  2. Choose "Case" from the list of VPN profiles.
  3. Type your CWRU Network ID and password in the boxes marked Username and Password, respectively.
  4. Type the word "push" in the box marked Second Password.
  5. Click Connect.
  6. An alert will display on your smartphone or tablet.
  7. Tap Accept to authenticate.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.

IMPORTANT If you receive a login request on your phone or tablet that you did not request, tap the red Deny button and then choose "It seems fraudulent" when prompted to alert Information Security.

It is possible that your password has been compromised.

Use mobile passcodes to authenticate if you have your smartphone or tablet, but do not have a mobile data connection (e.g., poor cellular reception).

  1. Open the Duo Mobile application on your smartphone or tablet.
  2. Tap the key icon to generate a 6-digit passcode.
  3. Launch the Cisco AnyConnect VPN client.
  4. Choose "Case" from the list of VPN profiles.
  5. Type your CWRU Network ID and password in the boxes marked Username and Password, respectively.
  6. Type the passcode in the box marked Second Password.
  7. Click Connect.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.
  1. Launch the Cisco AnyConnect VPN client.
  2. Choose "Case" from the list of VPN profiles.
  3. Type your CWRU Network ID and password in the boxes marked Username and Password, respectively.
  4. Type the word "phone" in the box marked Second Password.
  5. Click Connect.
  6. Your will receive a telephone call from 216-368-2000 on the telephone number listed first in your CWRU Duo profile.
  7. Answer the telephone and, when prompted, press any key to authenticate.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.
  1. Launch the Cisco AnyConnect VPN client.
  2. Choose "Case" from the list of VPN profiles.
  3. Type your CWRU Network ID and password in the boxes marked Username and Password, respectively.
  4. Type the word "SMS" in the box marked Second Password.
  5. Click Connect.
  6. You will receive a series of single use passcodes on the SMS-capable phone listed first in your CWRU Duo profile.
  7. Type the SMS passcode into the box marked Second Password.
  8. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  9. VPN connection completed.

Hardware tokens are available for purchase. Contact UTech Information Security for details.

  1. Use your hardware key to generate a passcode.
  2. Launch the Cisco AnyConnect VPN client.
  3. Choose "Case" from the list of VPN profiles.
  4. Type your CWRU Network ID and password in the boxes marked Username and Password, respectively.
  5. Type the passcode in the box marked Second Password.
  6. Click Connect.
  7. The network Acceptable Use Banner displays on your computer screen. Click Accept to finish.
  8. VPN connection completed.

Notes for Multi-Device Accounts

It's possible to call or send SMS codes to any compatible device in your profile by typing "PHONE" or SMS" and its number in series (e.g., "SMS2", "PHONE2") in the Second Password box.

However, if you use the Manage Devices screen to change the order of your devices so that your basic cell phone appears before your your smartphone (but after any landline) you'll not need to remember the order of devices to authenticate by the preferred method when using a multi-device account.

Also, if you use the mobile application with both a smartphone and tablet, the device you'll use to authenticate more often should appear first.

Because hardware tokens are not associated with a phone number, it does not matter where in the order of devices they appear.

To access the Manage Devices screen, first enroll at least one device. The enrollment page now features a gray button marked Manage devices. Click this and then authenticate. The management screen opens after successful authentication.