Welcome to Two-Factor Authentication at ASU!
Please take a moment to read this communication from Dr. Olsen & Dr. Searle regarding two-factor authentication at ASU.
The facts are that ASURITE accounts compromises have dropped considerably with the implementation of two-factor. While the external threats have remained relatively constant at 172 billion per year, our instances of potentially compromised accounts dropped by roughly 40%, from 663 in 2016 to 393 in 2017. Exchange email is the final faculty and staff service where we are adding this protection.
ASU has enabled Duo two-factor authentication for ASU Exchange email accounts to protect against the significant increase we have seen in phishing attacks.
All employees are also required to use two-factor authentication when accessing ASU authenticated websites, administrative services through the ASU VPN (e.g. PeopleSoft), and when accessing ASU email.
- For ASU Exchange email (Outlook) and other ADFS services, please click the Duo and Cloud Services tab above for more information.
- For VPN services, please click the Duo and VPN Services tab above for more information.
ASU uses two-factor authentication for all employees (this includes students who are also ASU employees) when authenticating with your ASURITE ID on ASU's websites. At this time students who are not employed by ASU will only use two-factor to access their direct deposit banking information.
Please enroll a second device to ensure you can always authenticate. See “Step Three: Enroll a Second Device” in the knowledge article for information on enrolling a second device. This is especially important if you are a student-employee and need to authenticate in classroom situations where you may not be able to use your cell phone.
Enrollment for all students
ASU uses two-factor authentication to protect you and your data from cyber security threats. You will be asked to enroll in Duo if you are enrolled in classes in the current semester.
Two-factor authentication uses a combination of your password (something you know) and a device that you own (like a phone) to access ASU systems.
What you’ll need
You will be asked to verify who you are by sending a signal to a device that you own.
- Smart Phone and Mobile App
- Phone (Cell phone, land line or internet based phone)
- Key Fob Hardware Token
- YubiKey Security Keys
- Enrollment usually takes 10 - 30 minutes. Make sure you set aside enough time to finish the process before you need to log in to ASU systems.
DUO Two-Factor for Email and Web Applications Like Skype and OneDrive
Duo two-factor authentication is now required when employees login to email services at ASU. You will see the authentication and Duo prompt (shown below) with desktop and mobile applications like Outlook, Skype or OneDrive upon initial connection and then periodically thereafter in 90-day intervals.
1) When the following ASU ADFS Microsoft Services Sign In page appears:
2) You’ll be asked for Duo two-factor authentication, just like my.asu.edu and other ASU websites.
The roll-out will be department by department and your local support staff will contact you when your account is enabled. Here is the proposed rollout schedule.
If you receive ASU Office 365 Exchange email on your mobile device, we strongly recommend using the Microsoft Outlook Mobile App because it is fully compatible with newer Microsoft authentication protocols. On a PC, Office 2016 will work with Microsoft Modern Authentication but Office 2013 on a PC requires a fix found here. On a Mac, the native Mac Mail client will no longer work, only Microsoft Outlook 2016 is compatible. We have addressed this issue with Apple and they are working to resolve the issue. They currently have a fix planned for release in 6-9 months. For more information about supported desktop or mobile devices (Android or iOS) review this ServiceNow article.
How to get help:
- Contact your local deskside support team or department technical contact.
- Call the ASU Help Center at 855-278-5080
- 9-10AM Monday through Friday, visit Computing Commons room 202, or click here.
Here is a helpful guide to configuring your clients: Configuration guide
In addition, you may wish to review the help articles below that describe how to connect to ASU O365 Exchange with fully compatible mobile email clients:
Please note, on iOS devices you will most likely need to remove and recreate your ASU O365 Exchange mail connection.even If you had it previously setup for ASU email. For the Outlook App on your mobile device, check your connection to determine if it is working, if it is not you will need to remove the ASU O365 Exchange mail account connection and recreate the connection to authenticate properly.
The Outlook Web Access client is always available if you need to access mail but are having trouble with your locally installed Outlook desktop or mobile client.
ADFS enabled websites, like analytics.asu.edu, or portal.office.com, will prompt at the same intervals as ASU single-sign-on sites do now. Duo will not be required to log into your computer.
ASU uses DUO's two-factor authentication services for faculty and staff ASURITE logins as an additional measure for managing cybersecurity threats.
Two-factor authentication also includes access to the ASU VPN for faculty and staff for both the Cisco AnyConnect VPN client and the VPN website. To ensure proper function and the best connectivity your Cisco AnyConnect VPN client must be version 4.1 or later.
The two-factor enabled site is necessary to login to Advantage and other Windows or Linux servers that are protected by VPN. This change does not affect students, who may continue to use sslvpn.asu.edu without two-factor authentication.
ASU VPN Services
Both the 2fa and full tunnel ASU SSLVPN services provide DNS protection.
If connecting with the Cisco AnyConnect VPN client, type the address “sslvpn.asu.edu/2fa” into the field as shown, then clicking “Connect”.
This site is available now. Please begin using the site address sslvpn.asu.edu/2fa for access to ASU’s administrative systems.
When you connect with the Cisco AnyConnect VPN client using https://sslvpn.asu.edu/2fa this dialogue box is displayed.
To complete your login to ASU’s administrative systems:
- Enter ASURITE ID and password.
- The third box is used to select the second authentication factor. Type one of the following DUO options then click ok
- push for a DUO push notification for the app on your smartphone
- phone for a DUO phone call notification
- sms for a DUO sms passcode message
- If you choose “sms” the Cisco AnyConnect authentication box will appear again.
- Re-enter your ASURITE ID, password
- in the third box enter the passcode you received from the Duo sms message
Contact your department’s desk side support staff for questions about DUO, visit our Knowledge Article or call the ASU Help Center at 1-855-278-5080.