Current revision updated by kpreston7 on
Originally created by kpreston7 on

Description: 
Two-Factor Authentication

DUO: Helpdesk Overview

Multifactor Authentication

What:

Duo is a multifactor Authentication client licensed to the institute.  To the end-user, it operates as a second layer of authentication that triggers once the correct Username and Password have been entered into the Campus Authentication Services portal.  If the incorrect 2nd factor authentication information is supplied, the authentication process is aborted.

Why:

Multifactor authentication exists as a safeguard preventing compromise of accounts in event that account credentials or passwords are leaked via phishing or accidental disclosure.  Attackers that may have acquired a compromised password or account would still need to acquire and use the token or authorized device that the user keeps with them to grant access.  As a preventative service, this effort minimizes the required security actions by reducing occurrences where they are necessary.

Who:
To protect accounts and services at Georgia Tech, and minimize the impact of unauthorized intrusions, use of multifactor authentication enrollment is required by faculty, staff, and students.

How:  

Self-Enrollment:

All for-credit on-campus, or off-campus students, faculty, and staff are able to self-enroll in two factor authentication.
https://gatech.service-now.com/home?id=kb_article_view&sysparm_article=KB0027575

Use:
CAS: 
After logging in with the campus username and password on the campus authentication portal, a duo prompt will appear, allowing the user to select a push notification, a phone call, or to enter a 2-factor code.  The user will select one of these options (and an accompanying device/phone number via drop-down menu) and complete the authentication  prompt.

If desired, users can minimize the repetitiveness of this process by checking a box at the bottom of the prompt, to remember the device for 7 days.

Additionally, rescue codes can be entered under the 2-factor code option.
    
VPN:
When connecting to the campus or departmental VPN using GlobalProtect, a field will appear when authenticating to the 2-factor enabled group.  Here, the user can enter a command for a push     notification, phone call, or directly enter the 2-factor code.                                   

Additional information about these commands is available at the link below: 
https://gatech.servicenow.com/home?id=kb_article_view&sysparm_article=K…
                          
Administration:
Account administration can be performed on individual accounts at IAT.gatech.edu.  Here, devices can be activated/enrolled, or additional phone lines can be added.  Please ensure that identities are properly verified before processing a Duo support request requiring that these actions be performed.
 

Filing Categories
Identifier Categories
Specific categories