University of Utah two-factor authentication (2FA)
Users who choose to opt in to 2FA should visit the Duo Management Portal to register a device.
Note: If you have already enrolled with Duo and are still being redirected to this
page, you may need to completely exit out of your web browser and/or clear your web
browser's cache and cookies. If you continue to experience issues, please contact
your help desk for assistance.
About
University of Utah students, faculty, staff, affiliates, and alumni are required to use two-factor authentication (2FA) when logging in to use certain online U applications and IT systems.
Two-factor authentication provides an extra layer of security by requiring a user to log in with a username/password combo plus a second method of verifying the user’s identity. The second method is something the user has physical access to, like a mobile phone or tablet. This ensures that even if a criminal manages to obtain a user’s login credentials, the information is useless without access to the user’s secondary device.
Driven by University of Utah Information Security Policy 4-004, 2FA is required for many university applications and services, including:
- Box, Campus Information Services (CIS), and Canvas
- UMail and Microsoft 365 applications
- Google Workspace applications
- Citrix Application Portal (remote use only)
- Remote Citrix access for Duo users: access.med.utah.edu
- Campus virtual private network (VPN)
- High-risk servers
Top support topics
Duo-enforced users will automatically be prompted to enroll when logging in to certain U web resources (e.g., CIS and UMail). Please access the Universal Duo Prompt Guide for instructions.
Opt-in users may register for Duo 2FA via the Duo Management Portal. Please access the Universal Duo Prompt Guide for instructions.
Note: Please register with Duo Mobile and a portable device (e.g., mobile phone or hard token). If you set up Duo 2FA using only a platform authenticator (e.g., Touch ID on an Apple desktop or laptop computer) and need to log in to U services on another device, you will not be able to verify your identify without calling your respective help desk.
No, however, UIT recommends registering more than one device in case a device becomes lost or deactivated.
Note: Please register with Duo Mobile and a portable device (e.g., mobile phone or hard token). If you set up Duo 2FA using only a platform authenticator (e.g., Touch ID on an Apple desktop or laptop computer) and need to log in to U services on another device, you will not be able to verify your identify without calling your respective help desk.
Duo Mobile does not support Android 8, Android 9, iOS 13, or older mobile operating systems. To download Duo Mobile, please update your device to a compatible operating system. Access Duo’s iOS or Android support articles for more information.
Please call your respective help desk to request a temporary bypass code. Help desk staff will require you to verify your security information. The code is valid only for a short time.
What if I change devices?
If you have already registered a device with Duo, select a link most applicable to your needs.
-
- Add another device
- If you replace your phone, please contact your respective help desk.
- Add or manage devices after enrollment
- Duo hardware token: Duo users who purchase a hard token must call their respective IT help desk to request manual enrollment.
- Add another device
If you lose your device and have multiple devices enrolled, you can remove the lost device upon logging in:
- When logging in to a university application, select Other options
- Select Manage devices
- Select Edit and then Remove
- Confirm that you want to delete the device
You cannot delete your only authentication device. If you have enrolled only one device, please contact your respective help desk.
Your Duo Mobile app may no longer be registered. Registration is per device and can become invalid if the operating system (OS) changes or is updated. If you have upgraded the OS on your device, or if you are using a new smartphone, and you have a second way to verify your identity with Duo, reinstall the Duo Mobile app and register the device through the device management portal.
Note: To reactivate Duo Mobile (e.g., you have a new phone or phone number), please contact your help desk.
Another reason could be that the device’s data connection is not working properly. Internet connectivity is required for push notifications. Check that the device is successfully connected to UConnect or another secure network, and can reach external websites, or that wireless is turned off and you are using data directly from your carrier.