We have compiled a few frequently asked questions. This list will be updated a new questions and situations arise. As always, please contact the Service Desk if you need additional assistance or your specific question is not listed.
Who is required to use two-factor authentication?
SHSU Faculty, Staff, and Student Employees are required to use two-factor authentication.
Two-factor authentication sounds complicated; how does it work?
Its not complicated at all. After IT@Sam configures an application to be protected by two-factor authentication, when you login to that application with your username and password (something you know) you will be prompted for a second authentication using a security device such as your smartphone, tablet, or phone line (something you have). This in a nutshell is what two-factor authentication means...using two different factors for a complete authentication process. The first factor is something only you should know, in this case your password. The second factor is something you have, in this case your smartphone, tablet, or phone line. This ensures that you are the person that is actually logging in, as someone who may have guessed or cracked your password should not have your smartphone, tablet, or office landline.
I don't have a smartphone or tablet, how can I use two-factor authentication?
Even though IT@Sam recommends you use a smartphone or tablet as the Duo Mobile app is free to use for SHSU, you can register a phone line for call backs such as your office landline or your regular mobile phone. If you register a mobile phone, you can also receive a block of codes via SMS (text message) that can be used to authenticate. Follow the instructions for registering a phone line. Using these Call Me or SMS methods costs the University a small amount for each use, so please use them only if you do not have a smartphone or tablet.
Can I still use two-factor authentication if my device does not have a data plan or cellular access?
Yes you can. Launch the Duo Mobile app on your smartphone or tablet and generate a passcode. You can then enter this passcode into the application to continue logging in.
You can also go to the Duo Self-Service site, log in with your username and password. Click on the pass code authentication method. Then click the "Text Me New Codes" button. This will give you a set of codes that can be used when you do not have cellular service.
In addition, most cell phones have the ability to connect to WiFi. The Internet connection provided by a WiFi hotspot will allow you to use the Duo App.
I don't use banner, does this affect me?
If you are an employee you most likely do use Banner for reporting your time at a minimum. Applications that are part of Banner (Self-Service Banner and Banner Administrative Applications) include: Banner Employee Profile (Timesheets, leave reports, time balances, etc), Workflow, Grade Entry, Account Balance, Budget Development, EPAFs, and Attendance Tracking.
System not impacted by two-factor authentication at this time are: Cognos, Ad Astra, Bearkat Buy, Chrome River, NuPark (Parking System), DegreeWorks (except when pulling something directly from Banner), StarRez, CBORD, AcademicWorks, CourseLeaf (Catalogs), Maxient (Title IX training), and CampusConnect.
How do I start using two-factor authentication?
First you have to enroll your security devices (the things you have, such as your smartphone, tablet, or phone line) with your SHSU account. IT@Sam has setup a Two-Factor Self-Service Portal that you can log into using your SHSU username and password. If you are eligible for two-factor authentication, you will be prompted to configure a security device. IT@Sam recommends using a smartphone (or tablet if you carry it with you all the time) if you have one as it is the easiest and most convenient to use (as there is an app for iOS and Android devices). Once you've completed the initial enrollment of your security device, you can always visit the Self-Service Portal to add additional devices.
What are the different methods of two-factor authentication?
Duo Security employs multiple methods for implementing the second factor authentication.
Duo Push: The first and most convenient method (also free to the University) is called Duo Push. When you enroll a smartphone or tablet as your security device in Duo, you are asked to install the Duo Mobile app on your device. This app pairs your phone with your SHSU account. Whenever you login to a two factor-secured application and you select the Push method, Duo Security sends a notification to your smartphone or tablet and all you have to do is click a button to indicate you approve logging in or you deny it. You have no codes to enter or anything...just a button click.
Call Me: The second method is called Call Me. If you enrolled a phone number such as your office landline or home phone, you can use this method when logging into a two factor-secured application to have the Duo service call the enrolled phone number. You will hear a message asking if you agree to the authentication and to press a number on the phone to agree or to just hang up if you didn't actually attempt the authentication.
Passcode: The third method is called Passcode. If you have a one-time use passcode (either from a block of codes sent to you by Duo via SMS, generated from the Duo Mobile app on your smartphone or tablet, or given to you by the Service Desk), you can select this method and enter the passcode into the field provided.
My security device is not receiving push notifications. What do I do?
If you experience an issue where you are not receiving push notifications, please follow the below troubleshooting steps.
- If push notifications are active, network issues between your device and the Duo service may be the culprit. Some devices may have trouble determining whether to use WiFi or cellular data. Try turning off WiFi and/or switching your device into "Airplane Mode" and back to normal operation.
- Verify that the time and date on your device is correct. If the date and time are manually set, consider changing your device's configuration to sync automatically with the network.
- Duo Security has created in-depth troubleshooting guides for Duo Push delivery for iOS and Android. Note that an IT administrator with ability to modify port access may be required depending on the specific issue being encountered.
If the issue still persists, please contact the Service Desk.
How do I replace or add a new security device?
Use the Self Service Portal. If you have additional security devices already added to your account, then you can use one of them to two-factor authenticate when you are prompted.
My security device has been lost or stolen. What are my next steps?
Contact the Service Desk immediately to report that your device was lost or stolen. They will remove the device from Duo and assist you with setting up another security device in Duo.
How often do I need to use two-factor authentication?
IT@Sam has configured the Duo system to allow you to remember your computer that you logged into the Duo secured application for up to 7 days. If you logged in from a private workstation that you trust, you can check the box to remember your device. If you are using a public workstation that people other than you use, please don't check this option. You will need to use Duo two-factor authentication each time you log out and log back in to the Duo secured application.
I have logged in with Duo already for one application, but when I go to another application, it is requiring me to use Duo again, why is that?
Duo is web browser specific. This means that if you used one web browser, say Chrome, to log into the first application and then you used a different web browser, say Internet Explorer, to log into the second application, you will be asked to use Duo for the second application even after using it for the first application since the applications were accessed using different web browsers. The Duo 2FA will also be requested again if you clear your browser’s cache, please keep this in mind.