Welcome to Two-Factor Authentication at ASU!
The facts are that ASURITE accounts compromises have dropped considerably with the implementation of two-factor. While the external threats have remained relatively constant at 172 billion per year, our instances of potentially compromised accounts dropped by roughly 40%, from 663 in 2016 to 393 in 2017. Exchange email is the final faculty and staff service where we are adding this protection.
ASU has enabled Duo two-factor authentication for ASU Exchange email accounts to protect against the significant increase we have seen in phishing attacks.
All employees, students and ASU Affiliates are required to use two-factor authentication when accessing ASU authenticated websites (all SSO enabled sites), administrative services through the ASU VPN (e.g. PeopleSoft), and when accessing ASU email.
- For ASU Exchange email (Outlook) and other ADFS services, please click the Duo and Cloud Services tab above for more information.
- For VPN services, please click the Duo and VPN Services tab above for more information.
ASU uses two-factor authentication for all employees, students, and ASU Affiliates when authenticating with your ASURITE ID on ASU's websites.
Please enroll a second device to ensure you can always authenticate. See “Step Three: Enroll a Second Device” in the knowledge article for information on enrolling a second device. This is especially important if you are a student-employee and need to authenticate in classroom situations where you may not be able to use your cell phone.
Have questions? Get help here!
Enrollment for all students
ASU uses two-factor authentication to protect you and your data from cyber security threats. You will be asked to enroll in Duo if you are enrolled in classes in the current semester.
Two-factor authentication uses a combination of your password (something you know) and a device that you own (like a phone) to access ASU systems.
What you’ll need
You will be asked to verify who you are by sending a signal to a device that you own.
Types of devices you can use
- Smart Phone and Mobile App
- Phone (Cell phone, land line or internet based phone)
- Key Fob Hardware Token
- YubiKey Security Keys
Time (up to 30 minutes)
Enrollment usually takes 10 - 30 minutes. Make sure you set aside enough time to finish the process before you need to log in to ASU systems.
Student Duo enrollment effort
In April 2018, enrolled students had their banking information protected with two-factor authentication. When their account was enabled they saw a to-do item posted on their MyASU page notifying them it was enabled. As students accessed their banking information online at ASU, they were required to enroll in, and use, two-factor authentication with Duo.
With the start of Spring 2021, all students are now required to use two-factor authentication when accessing ASU authenticated websites (all SSO enabled sites), services through the ASU VPN, and when accessing ASU email. This process is still being carried out by ASU for all student workers.
ASU is committed to protecting students from fraud and scams that attempt to steal student personal and financial information. Enabling two-factor authentication on web pages that display personal and banking information is an essential means to protect student data.
DUO Two-Factor for Email and Web Applications
Duo two-factor authentication is now required when employees login to email services at ASU. You will see the authentication and Duo prompt (shown below) with desktop and mobile applications like Outlook, Skype or OneDrive upon initial connection and then periodically thereafter in 90-day intervals.
1) When the following ASU ADFS Microsoft Services Sign In page appears:
2) You’ll be asked for Duo two-factor authentication, just like my.asu.edu and other ASU websites.
Rollout
The roll-out will be department by department and your local support staff will contact you when your account is enabled. Here is the proposed rollout schedule.
If you receive ASU Office 365 Exchange email on your mobile device, we strongly recommend using the Microsoft Outlook Mobile App because it is fully compatible with newer Microsoft authentication protocols. On a PC, Office 2016 will work with Microsoft Modern Authentication but Office 2013 on a PC requires a fix found here. On a Mac, the native Mac Mail client will no longer work, only Microsoft Outlook 2016 is compatible. We have addressed this issue with Apple and they are working to resolve the issue. They currently have a fix planned for release in 6-9 months. For more information about supported desktop or mobile devices (Android or iOS) review this ServiceNow article.
How to get help
- Contact your local deskside support team or department technical contact.
- Call the ASU Help Center at 855-278-5080
- 9-10AM Monday through Friday, visit Computing Commons room 202, or click here.
Here is a helpful guide to configuring your clients: Configuration guide
In addition, you may wish to review the help articles below that describe how to connect to ASU O365 Exchange with fully compatible mobile email clients:
Please note, on iOS devices you will most likely need to remove and recreate your ASU O365 Exchange mail connection.even If you had it previously setup for ASU email. For the Outlook App on your mobile device, check your connection to determine if it is working, if it is not you will need to remove the ASU O365 Exchange mail account connection and recreate the connection to authenticate properly.
The Outlook Web Access client is always available if you need to access mail but are having trouble with your locally installed Outlook desktop or mobile client.
ADFS enabled websites, like analytics.asu.edu, or portal.office.com, will prompt at the same intervals as ASU single-sign-on sites do now. Duo will not be required to log into your computer.
DUO Two-Factor
ASU uses DUO's two-factor authentication services for faculty and staff ASURITE logins as an additional measure for managing cybersecurity threats.
Two-factor authentication also includes access to the ASU VPN for faculty and staff for both the Cisco AnyConnect VPN client and the VPN website. To ensure proper function and the best connectivity your Cisco AnyConnect VPN client must be version 4.1 or later.
The two-factor enabled site is necessary to login to Advantage and other Windows or Linux servers that are protected by VPN. This change does not affect students, who may continue to use sslvpn.asu.edu without two-factor authentication.
ASU VPN Services
The ASU recommended VPN service Cisco can be downloaded from the My Apps page. The ASU VPN (virtual private network) site address is:
https://sslvpn.asu.edu/2fa.
Both the 2FA and full tunnel ASU SSLVPN services provide DNS protection.
If connecting with the Cisco AnyConnect VPN client, type the address “sslvpn.asu.edu/2fa” into the field as shown, then clicking “Connect”.
This site is available now. Please begin using the site address sslvpn.asu.edu/2fa for access to ASU’s administrative systems.
When you connect with the Cisco AnyConnect VPN client using https://sslvpn.asu.edu/2fa this dialogue box is displayed.
To complete your login to ASU’s administrative systems:
- Enter ASURITE ID and password.
- The third box is used to select the second authentication factor. Type one of the following DUO options then click OK:
- push for a DUO push notification for the app on your smartphone
- phone for a DUO phone call notification
- sms for a DUO sms passcode message
- If you choose “sms” the Cisco AnyConnect authentication box will appear again.
- Re-enter your ASURITE ID, password
- in the third box enter the passcode you received from the Duo sms message
Contact your department’s desk side support staff for questions about DUO, visit our Knowledge Article or call the ASU Help Center at 1-855-278-5080.