Versions Compared

Version Old Version 11 New Version Current
Changes made by

Kelly Thomas

bromley2-high

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Duo Two-Factor Authentication (2FA) helps protect you against online attacks designed to gain unauthorized access to your Odin account and information. Duo 2FA is required for Single Sign-on (SSO) for all employees.

Table of Contents

...

How Duo 2FA Works

Duo 2FA adds a second layer of security when you sign in to certain systems, such as PSU's Single Sign-On (SSO) or Virtual Private Network (VPN). To access a protected system, you’ll combine your Odin account information with a secondary credential delivered through your phone, mobile device, hardware token, or security key. This prevents anyone else from signing in with your account, even if they know your password.

  1. You enter your Odin account username and password as usual.

  2. You are prompted to authenticate using your phone or other method to verify your identity.

  3. You are securely signed in to your account.

...

Start Using Duo 2FA

To use Duo 2FA, you must first enroll. After enrolling a device, you will automatically receive certain protections for PSU systems based on whether you are a PSU student or employee. 

  • PSU employees automatically receive protections for SSO and the VPN

  • PSU students automatically receive protection for the VPN. To receive the Odin password extension benefit, students must also add protection to SSO.

Enroll in Duo 2FA With a Mobile Device and the Duo App (recommended)

...

Include Page
IAMP:Duo Two-Factor Authentication (2FA)

...

  1. Sign in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. Select Set up Duo / Manage Duo Settings.

  3. Select Start setup.

  4. Choose your device from the options displayed.
    Note: Hardware tokens can't be used as your only authentication device, but can be added as a secondary option later.

  5. Select your country and enter your phone number.
    Note: Use the number of a smartphone, landline, or mobile phone that you'll have with you when you're signing in (you can enter an extension if you choose "Landline"). 

  6. Confirm that you entered the correct number.

  7. Check the box and select Continue.  

  8. Choose your device's operating system.

  9. Follow the platform-specific instructions on the screen to install the Duo Mobile app.

  10. Activate Duo Mobile by scanning the barcode on screen with the app's built-in barcode scanner.
    Note: After you scan the barcode, select the Continue button. If you are unable scan the barcode, select the Can’t scan the barcode? link and follow the instructions.

  11. Follow the platform-specific instructions.

Select Enroll another device to add an additional device (such as a backup phone), or select I'm done enrolling devices to continue to the verification prompt

Add Duo Protections to Single Sign-on (SSO)

To add Duo protections to SSO, follow these steps:

  1. Sign in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. Select Update Duo Protections.

  3. Select the checkbox next to the SSO service.

  4. Select Continue.

  5. On the Successfully updated Duo protections screen, select OK.

Configure Duo to Remember You on Trusted Devices

On trusted devices, you can configure Duo to remember you for 30 days. To do this:

  1. Sign in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. Select Manage Duo Settings.

  3. Select the Settings button, then select My Settings & Devices. You will be prompted to confirm your identity with Duo 2FA. After you have completed authentication, you can adjust your Duo settings

  4. From the My Settings & Devices screen, in the When I log in drop-down menu, select Ask me to choose an authentication method.

    DUO Mobile phone setup settings section of when I log in selected showing the option Ask me to choose an authentication method highlighted. Image Removed

  5. The next time you authenticate with Duo on a trusted device, select the Remember me for 30 days option.

    screenshot of the DUO Single Sign-On page with the option of how to sign-in such as Send Me a Push, Call Me, and Enter a Passcode. Below them is a checkbox that is highlighted that states Remember me for 30 days.Image Removed

Reconnect Trusted Device after Changing Phones

  1. Sign-in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. When prompted, select Other Options.

  3. Select Text Me New Codes or Call me.

  4. Enter the code sent via text message to your phone, or, answer the call and select 5.

  5. Select Manage Duo Settings, Click to continue, Other Options, and then Manage devices. You will be prompted to confirm your identity again with Duo authentication.

  6. Repeat steps two through four.

  7. For the device you are wanting to replace, select the option I have a new phone from the device selection menu.

  8. Once selected, follow the set-up steps for your new device.

Recommendations

For most people, we recommend using a mobile device with the Duo Mobile app installed as the best method of two-factor authentication. Using the Duo Mobile app on a smartphone or tablet gives you the greatest number of options when you sign in to a protected system. Most people find the push notification the most convenient option.

Push Notification

With the Duo Mobile app, you can use the Send me a Push method of authentication and select Approve on the login request sent to your device.

Using a Duo Token

PSU Employees may use a Duo Token as an authentication method, available from the Helpdesk. With a Duo Token, you can generate a passcode, even when you don’t have cell service or an internet connection.

Other Options

...

Overview
IAMP:Duo Two-Factor Authentication (2FA)

...

Overview

Related Support Content

Filter by label (Content by label)
showLabelsfalse
max10
maxCheckboxfalse
sorttitlecreation
showSpacefalse
reversetrue
cqllabel = in ( "authentication" , "duo" , "duo-2fa" , "token" ) and space in ( currentSpace ( ) , "FKB" , "ITKB" , "FSDESKB" )