Two-Step Login: Using Duo at IU

Two-Step Login (Duo) provides an additional layer of security when you log in to some IU systems. Two-Step Login, also known as two-factor authentication, helps protect sensitive data and guard against increasingly sophisticated email and online scams (e.g., phishing attacks) that can leave you vulnerable to identity theft. IU has partnered with Duo to provide this service.

Training and support resources

Looking for help with Duo? Find what you need:

As of November 2, 2017, all IU students are required to use Two-Step Login (Duo) for all CAS logins.

Video demos for getting started with Duo

Description of the following video:

[00:00:00]
>> Welcome to the Duo Authentication Registration tutorial. Duo provides two factor authentication for secure systems at Indiana University. Two factor authentication is an extra layer of security that requires information in addition to the passphrase to login to our system. This ensures that if a passphrase is stolen, the password alone cannot be used by anyone to access your information.

[00:00:29]
Duo provides several authentication methods for use with mobile devices, telephones and more. Students can access Duo Mobile Registration from one.iu.edu. Simply search for "Duo" and click on the Duo Mobile Registration Task. Clicking the task in One will take you to the Duo Authentication page, assuming you are already CAS authenticated.

[00:01:00]
To set up Duo, click enroll. You must enter your date of birth in order to continue. Select the month and day of your birth date. Click "Continue." Now, let's click "Start Set Up" to begin the enrollment process. Students may enroll mobile phones, tablets, and landlines. This tutorial will provide instructions specifically for enrolling a mobile phone.

[00:01:35]
Select "Mobile Phone" and click "Continue." Input your mobile phone number using the format outlined. A green checkmark will display when a valid phone number has been entered. Verify the mobile phone number that you entered is correct and select the checkbox. Click "Continue." Select "Other and cell phones." Do not select the specific phone type unless you want to download the mobile app to receive push notifications.

[00:02:12]
By selecting "Other and cell phones," you are enrolling your mobile number to receive text messages or phone calls to assist with authentication. This tutorial provides instructions to authenticate by receiving a text message or phone call. If you would like to download the mobile app to receive push notifications, visit the link to the KB article on your screen for more details and to finish the enrollment process.

[00:02:41]
Now click, "Continue." The enrollment process is complete. You will now be able to receive an authentication text message or phone call to the registered phone when Duo is required. Now that you have Duo mobile registration set up, the next time you are prompted to authenticate via Duo, click "Enter a pass code." Now, click "Text me new codes," to receive a text message with a Duo passcode.

[00:03:10]
When you receive the text message, enter the pass code and then click "Login." You will then be taken to the application. Thanks for watching!

Duo Mobile Registration Tutorial

Description of the following video:

[00:00:02]
>> Welcome. This video will show you how to enroll a smartphone or tablet in Two-step Login, and is specifically intended for users who are enrolling a smartphone or tablet as their first device. To sign up for Two-step Login you'll need to do three things. First, select your device, a smartphone or tablet.

[00:00:25]
Then enter your device's information. And finally install and activate Duo mobile on your smartphone or tablet. You can access Two-step Login from One.IU. Simply search for two-step and click the Two-Step Login (Duo) task. Clicking the task in One will take you to the Two-step Login screen. If you have not logged in with your IU account and passphrase to the Central Authentication Service (CAS), you will need to do that first.

[00:00:59]
To set up Two-step Login, click Enroll a device. Note that if you have already enrolled a device you will see the Your devices & settings button instead of the Enroll a device button. If you are a student who is not also an employee select your month and day of birth from the drop-down menus.

[00:01:20]
If you have difficulties at this step, contact your Campus Support Center for further assistance. Click Continue. Now to begin the enrollment process select your device. To enroll a smartphone, select smartphone and click Start setup. If you are enrolling a tablet, select tablet before clicking Start setup. Select Mobile phone or Tablet and click Continue.

[00:01:49]
Enter your device's phone number. Tablet users will not need to do this. A green checkmark will display when a valid phone number has been entered. Click the checkbox to verify the phone number is correct. And click Continue. Select your device's operating system and click continue. To finish enrolling your smartphone or tablet with the two-step login service, you will need to install and activate Duo mobile.

[00:02:21]
Follow the prompts on this page to install the app. Download the app in the App Store or Google Play store. You can find the app by searching for Duo mobile. You'll need to tap Get and then Install for an Apple device or tap Install for an Android device.

[00:02:42]
Be sure to tap OK to allow notifications. Once the Duo app is installed on your device, click I have Duo Mobile installed. Now open the Duo mobile app on your mobile device. In the Duo app tap the plus sign and allow or enable the camera to scan the barcode.

[00:03:05]
Using your mobile device, scan the barcode on the screen. When the barcode is scanned, you will see a green checkmark. Now click Continue. Your newly added device will be listed under My Settings & Devices. You have now finished enrolling your device with Two-step Login. The next time you log into CAS and attempt to access a system or site protected by Two-step Login, choose Send me a Push to receive a push notification from the Duo mobile app on your smartphone or tablet.

[00:03:41]
You can then tap Approve on your mobile device to log into the application. If you did not attempt to login, tap the Deny button. For more information visit twostep.iu.edu or learn more at kb.iu.edu/d/aluu. Thanks for watching.

Two-Step Login (Duo) for Smartphone/Tablet PUSH

Description of the following video:

[00:00:03]
>> Welcome to Two-step Login using voice calls or text messages. This video is specifically intended for students who are enrolling a mobile phone as their first device. You can login with Two-step by receiving a phone call or a text message which includes a passcode. Standard phone call and text messaging rates apply.

[00:00:25]
This can be set up using any cell phone including a smartphone. To access Two-step Login go to One.IU.edu and simply search for two-step then click the Two-step Login (Duo) task. Clicking the task in One will take you to the Two-step Login screen. If you have not logged in with your IU account and passphrase to the Central Authentication Service (CAS), you will need to do that first.

[00:00:55]
To set up Two-step Login, click Enroll a device. Note that if you have already enrolled a device, you will see the Your devices & settings button instead of the Enroll a device button. If you are a student who is not also an employee, select your month and day of birth from the drop-down menus.

[00:01:16]
If you have difficulties at this step, contact your Campus Support Center for further assistance. Click Continue. Now to begin the enrollment process select your device. Let's select Cell (simple) phone and click Start setup. Select Mobile phone and click Continue. Enter your phone number. You'll notice that a green checkmark will display when a valid phone number has been entered.

[00:01:48]
Select the checkbox to verify the mobile phone number you entered is correct then click Continue. For the type of phone, select Other (and cell phones). By selecting Other (and cell phones), you are enrolling your mobile number to receive text messages or phone calls to assist with Two-step Login.

[00:02:10]
Click Continue. The enrollment process is complete. Your newly added device will be listed under My Settings & Devices. Now that you have Two-step Login set up, the next time you log into CAS and attempt to access a system or site protected by Two-step Login, you'll have the option to select Call Me or Enter a Passcode.

[00:02:35]
If you select Call Me, you will receive a phone call with an automated message. You can then press or tap any key on your phone to log in. If you select Enter a Passcode, click Text me New Codes to receive a text message which includes a passcode. When you receive the text message on your phone enter the passcode on the CAS page and click Login to open the application.

[00:03:03]
For more information visit twostep.iu.edu or learn more at kb.iu.edu/d/aluu. Thanks for watching.

Two-Step Login (Duo) using Cell Phone or Text Messaging

Description of the following video:

[00:00:00]
>> Welcome to Two-step Login using a single button hardware token. To access Two-step Login go to One.IU.edu and simply search for two-step. Then click the Two-step Login (Duo) task. Clicking the task in One will take you to the Two-step Login screen. If you have not logged in with your IU account and passphrase to the Central Authentication Service (CAS), you will need to do that first.

[00:00:33]
You cannot register a single button hardware token yourself. If the serial number on your token is a thirteen digit number, it's likely that your Campus Support Center has already enrolled it with your Two-step Duo account. To confirm this, click Your devices & settings. You should see your Duo hardware token listed here.

[00:00:58]
Now that you have Two-step Login set up, the next time you are prompted to authenticate you will see Token listed in the drop-down menu. You may need to select Token from the list if you have more than one device registered in Duo. Click Enter a passcode. Click the button on your hardware token to generate a passcode and enter the passcode into the CAS screen.

[00:01:23]
Now click Login to open the application. For more information visit twostep.iu.edu or learn more at kb.iu.edu/d/aluu. Thanks for watching.

Two-Step Login (Duo) using a Single Button Hardware Token

Description of the following video:

[00:00:03]
>> Welcome to Two-Step Login using Google Voice. Google Voice service includes the ability to receive phone calls and text messages and both of these options are supported with Two-Step Login. In addition to receiving phone calls and text messages to your Google Voice number, by default the phone calls and text messages will also be forwarded to your Gmail email account.

[00:00:27]
This means that you can enroll your Google Voice phone number for two-step login, and when you need to complete the second step of your login using Duo, you will receive the Duo phone call or text message by accessing your Gmail e-mail account. Since Google Voice service is free, there would be no charges for phone calls or text messages sent by the Duo service.

[00:00:50]
To access two-step login go to One.IU.edu and simply search for two-step then click the Two-Step Login (Duo) task. Clicking the task in One will take you to the two-step login screen. If you have not logged in with your IU account and passphrase to the Central Authentication Service (CAS), you will need to do that first.

[00:01:18]
To set up two- step login, click Enroll a device. Note that if you have already enrolled a device you will see the Manage devices & settings button instead of the Enroll a device button. When you click Manage devices & settings, you will be prompted to complete the login using Duo before you can add another device.

[00:01:41]
Employees, including student employees, will need to enter the last four digits of their national ID or social security number in order to continue. If you are a student who is not also an employee or affiliate, select your month and day of birth from the drop down menus. If you have difficulties at this step, contact your Campus Support Center for further assistance.

[00:02:04]
Click Continue. Now, to begin the enrollment process, select your device. Let's select Google Voice phone number and click Start setup. Select Mobile phone and click Continue. Enter your Google Voice phone number. You'll notice that a green checkmark will display when a valid phone number has been entered. Select the checkbox to verify the phone number you entered is correct, then click Continue.

[00:02:38]
For the type of phone, select Other (and cell phones). Click Continue. Your Google Voice phone number is now enrolled. You will be redirected to the Duo devices & settings page and your newly added device will be listed under My Settings & Devices. Let's select an option from the list.

[00:02:59]
In this example, I'll select Ask me to choose an authentication method. Now that you have two-step login set up, the next time you are prompted to authenticate you'll have the option to select Call Me or Enter a Passcode. Before you select Call Me or Enter a Passcode, log in to your Gmail account in another browser window or tab.

[00:03:22]
You will receive phone calls and text messages to your Google Voice number and the phone calls and text messages will also be forwarded to your Gmail email account. If you select Call Me, you will see the phone call pop up in your Gmail account. Press the phone icon to answer the call and then press any number on the dial pad to complete the dual authentication and login.

[00:03:45]
If you click Enter a Passcode, you will need to click Text me new codes. In your Gmail account, you should receive an email from Duo with a passcode in the email message. Open the email message to get the passcode and then enter the passcode on the CAS page.

[00:04:02]
Now click Log In and you will be successfully authenticated. For more information, visit twostep.iu.edu or learn more at kb.iu.edu/d/beum. Thanks for watching.

Two-Step Login (Duo) using Google Voice