Multifactor Authentication

VPN Multifactor Authentication

VPN Multi-factor Authentication via DuoMobile

VPNs use Duo's "Append Mode" to provide a second factor in addition to UA Password in the Password field. You enter your password, followed by a comma, then an indicator of your second factor. You can provide the second factor using DuoMobile Push, telephone call-back, one-time passcodes (OTPs), or YubiKey token.

DuoMobile for Second Factor

password,push             e.g., enTrenching?4flogged,push

Pushes a login request to your smart phone with DuoMobile app enrolled for UA; review the request and tap "Approve" on the phone to complete login.

One-time Passcodes for Second Factor

password,OTPasscode      e.g., Licenser&6wiretapper,012345

OTPasscode is a one-time passcode generated with DuoMobile, or generated by your hardware token .

You can also request that passcodes be sent to you via SMS to your enrolled mobile phone by appending "sms" to your password; please note that SMS is considered less secure than other methods using OTPasswords, and may be disallowed in the future.

password,sms      e.g., Licenser&6wiretapper,sms

Telephone call-bak for Second Factor

password,phone#          e.g., BestialiZed^7picovolts,phone

Triggers a telephone call to the number that has been enrolled and attached to your Duo account; you will be asked to touch a key on the telephone key pad to complete authentication. If you have multiple phone numbers enrolled and attached to your Duo account, you can specify which to use by typing "phone1" or "phone2".

You can enroll telephone numbers in your Duo account if you are enrolled for use of Duo for SSO.

YubiKey for VPN

  1. Obtain a YubiKey supporting OTP in form factor that works for you: ​https://www.yubico.com/products/yubikey-hardware/
  2. Download the YubiKey Personalization Tool: ​https://www.yubico.com/support/knowledge-base/categories/articles/yubikey-personalization-tools/
  3. Configure your YubiKey for OTP in one of its two (virtual) slots* (generally shipped already programmed for OTP in slot 1) using the Duo guide: ​https://duo.com/docs/yubikey
  4. Send the CSV string with digital serial no, 6 byte private id, 16 bit secret key (e.g:   4475749, e7 fe 84 57 55 d4, 81 84 65 01 22 db e5 00 57 f9 68 92 7f 22 4b 6a)  to IAM or Security, noting your UA Username, which is the Duo account to which the token will be attached.  
  5. IAM or Security will upload the CSV string to import your token, and assign it to your ID at Duo
  6. When integrated (step 5), you can use the YubiKey to send the second factor passcode:
    • In the password field type your password followed by comma then touch your key*; that is,    <password>,  then touch your key, which enters a one-time passcode.