Single Sign-On Help

HomeHelp SystemKey ConceptsSecurityTwo Factor Authentication in SSO

Two Factor Authentication in SSO

Two factor authentication was recently introduced into Single Sign-On.  Two factor authentication – 2FA for short – is a security technique that supplements your SSO password – something you know – with a second, tangible identification factor – your phone, which is something you have.

SSO’s two-factor process is implemented in partnership with Duo Security.  Opting in to Two-Factor Authentication in SSO means you will be prompted by Duo to acknowledge your login requests with your chosen method:

Remember device for 60 Days

Note that you can choose to remember your two-factor login on your computer, meaning you won’t have to answer the Duo prompt again until that period of time has elapsed.

Also note the help links on the image below. If you have trouble with your two-factor login, the links will direct you to the appropriate page on this help site.

Registering Devices

To use a device when logging in, you will enroll your device with Duo:

duo_devices

As shown above, it is possible to enroll more than one device and multiple types of devices. Most people enroll their office phone (landline) first then their mobile phone.

  • Mobile phone – Uses the Duo Push app, text or phone call
  • Tablet – Uses the Duo Push app
  • Landline – Uses phone call
  • U2F token – Uses a special hardware device (coming soon)

Click here to learn about using two-factor authentication.

Is Two-Factor Authentication Required?

While it isn’t required for all employees to use two-factor authentication,  it is recommended that it be used as an additional security measure for all SSO account holders.

Some users – including administrators of SSO and its related applications – will be required to implement two factor authentication.

Alternate Logins and SSO Two-Factor Authentication

It is worth noting that the initial implementation of SSO’s two-factor authentication only applies when logging into SSO using your UIN.  The alternate login applications that can be used with SSO will not:

  • use your SSO two-factor enrollment selection
  • access your two-factor device(s) registered with Duo on behalf of SSO

Additional alternate login integration work is planned that will alleviate the first issue.  Since each login provider must implement its own two-factor authentication process, system-wide support for this feature across all logins will take some time.