Using Multi-Factor Authentication(MFA) with Duke’s Virtual Private Network(VPN)


Question 

How do I use Multi-Factor Authentication(MFA) when I want to access Duke’s Virtual Private Network(VPN)?

Answer:

After February 6, whenever you want to access the Duke University VPN, you will have to use MFA to connect.

 

 Follow these step to connect to Duke’s VPNs.

  1. Go to your Cisco AnyConnect VPN client or to https://portal.duke.edu
  2. Choose your VPN using the dropdown arrow and click Connect.

3. Enter your NetID and NetID password and click OK.

 

4. After February 6, you will see another screen with an MFA option field (See image below). Enter the number that corresponds to the MFA option you’d like. Depending on how many devices you have registered, you may see a different number of options. For example,

      * Type 1 if you want to authenticate with your DUO app. This is the most portable option and also allows for access if you don’t have service or Wi-Fi in your area.  

      * Type 2 if you want to authenticate with a phone call.You will receive a call asking you to press a number. Once you press a number, you will be connected to the VPN.

      * Type 3 if you want to receive ten codes via text. Each code can only be used once. These codes are active for three days. Enter one of those codes into the MFA Option field, click Continue, and you will be connected to the VPN.

      * If you want to use your YubiKey, make sure your cursor is in the MFA Option field, then touch the gold button. Your code will automatically be entered and you will be connected to the VPN.

 

5. You should now be connected to the VPN. You can verify by seeing if the Cisco AnyConnect icon in your dock has a small lock.

 

 

*************

 If you’d like to see what devices you have registered for MFA, follow the steps below.

 1. Log into https://idms-mfa.oit.duke.edu/mfa/home and click on “View Devices,” you’ll see the order in which your devices are registered. This order will determine the order of options you see in step 4 above.

In the case where you have a smartphone but you did not activate your Duo Mobile app, you or a Service Desk Analyst can use the NetID proxy tool to access and manage your MFA settings.

*************

If you’d like to activate a device, follow the steps below.

1. Once in the MFA settings homepage, click Replace your existing phone or tablet with a new device.

2. Next, click on the device you want to activate, then on the next page click Continue without changing any fields (unless you have a new number).

3. On the next page, click Send links to my phone. This will send two text messages; the first one with the Duo Mobile app install link and the second text with the activate app link.

Now you can open the app and follow the steps at the top of this page to connect to the VPN.  

 

 

Additional Information

If you need assistance, please contact the OIT Service Desk at 919.684.2200