Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 11 Next »

Duo Two-Factor Authentication (2FA) helps protect you against online attacks designed to gain unauthorized access to your Odin account and information. Duo 2FA is required for Single Sign-on (SSO) for all employees.

Table of Contents

How Duo 2FA Works

Duo 2FA adds a second layer of security when you sign in to certain systems, such as PSU's Single Sign-On (SSO) or Virtual Private Network (VPN). To access a protected system, you’ll combine your Odin account information with a secondary credential delivered through your phone, mobile device, hardware token, or security key. This prevents anyone else from signing in with your account, even if they know your password.

  1. You enter your Odin account username and password as usual.

  2. You are prompted to authenticate using your phone or other method to verify your identity.

  3. You are securely signed in to your account.

Enter your username and password, verify your identity using a second method, then you'll be signed in to your account.

Start Using Duo 2FA

To use Duo 2FA, you must first enroll. After enrolling a device, you will automatically receive certain protections for PSU systems based on whether you are a PSU student or employee. 

  • PSU employees automatically receive protections for SSO and the VPN

  • PSU students automatically receive protection for the VPN. To receive the Odin password extension benefit, students must also add protection to SSO.

Enroll in Duo 2FA With a Mobile Device and the Duo App (recommended)

To enroll in Duo with a mobile device and the Duo app (recommended), follow these steps. Instructions for enrolling alternative devices can be found at Enroll and manage settings in Duo Two-Factor Authentication (2FA).

  1. Sign in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. Select Set up Duo / Manage Duo Settings.

  3. Select Start setup.

  4. Choose your device from the options displayed.
    Note: Hardware tokens can't be used as your only authentication device, but can be added as a secondary option later.

  5. Select your country and enter your phone number.
    Note: Use the number of a smartphone, landline, or mobile phone that you'll have with you when you're signing in (you can enter an extension if you choose "Landline"). 

  6. Confirm that you entered the correct number.

  7. Check the box and select Continue.  

  8. Choose your device's operating system.

  9. Follow the platform-specific instructions on the screen to install the Duo Mobile app.

  10. Activate Duo Mobile by scanning the barcode on screen with the app's built-in barcode scanner.
    Note: After you scan the barcode, select the Continue button. If you are unable scan the barcode, select the Can’t scan the barcode? link and follow the instructions.

  11. Follow the platform-specific instructions.

Select Enroll another device to add an additional device (such as a backup phone), or select I'm done enrolling devices to continue to the verification prompt

Add Duo Protections to Single Sign-on (SSO)

To add Duo protections to SSO, follow these steps:

  1. Sign in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. Select Update Duo Protections.

  3. Select the checkbox next to the SSO service.

  4. Select Continue.

  5. On the Successfully updated Duo protections screen, select OK.

Configure Duo to Remember You on Trusted Devices

On trusted devices, you can configure Duo to remember you for 30 days. To do this:

  1. Sign in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. Select Manage Duo Settings.

  3. Select the Settings button, then select My Settings & Devices. You will be prompted to confirm your identity with Duo 2FA. After you have completed authentication, you can adjust your Duo settings

  4. From the My Settings & Devices screen, in the When I log in drop-down menu, select Ask me to choose an authentication method.

    DUO Mobile phone setup settings section of when I log in selected showing the option Ask me to choose an authentication method highlighted.

  5. The next time you authenticate with Duo on a trusted device, select the Remember me for 30 days option.

    screenshot of the DUO Single Sign-On page with the option of how to sign-in such as Send Me a Push, Call Me, and Enter a Passcode. Below them is a checkbox that is highlighted that states Remember me for 30 days.

Reconnect Trusted Device after Changing Phones

  1. Sign-in to the Odin Account Manager (OAM) at oam.pdx.edu.

  2. When prompted, select Other Options.

  3. Select Text Me New Codes or Call me.

  4. Enter the code sent via text message to your phone, or, answer the call and select 5.

  5. Select Manage Duo Settings, Click to continue, Other Options, and then Manage devices. You will be prompted to confirm your identity again with Duo authentication.

  6. Repeat steps two through four.

  7. For the device you are wanting to replace, select the option I have a new phone from the device selection menu.

  8. Once selected, follow the set-up steps for your new device.

Recommendations

For most people, we recommend using a mobile device with the Duo Mobile app installed as the best method of two-factor authentication. Using the Duo Mobile app on a smartphone or tablet gives you the greatest number of options when you sign in to a protected system. Most people find the push notification the most convenient option.

Push Notification

With the Duo Mobile app, you can use the Send me a Push method of authentication and select Approve on the login request sent to your device.

Using a Duo Token

PSU Employees may use a Duo Token as an authentication method, available from the Helpdesk. With a Duo Token, you can generate a passcode, even when you don’t have cell service or an internet connection.

Other Options

Refer to Enroll and manage settings in Duo Two-Factor Authentication (2FA) for details on your other device and authentication options.

Related Support Content


  • No labels