Enrollment guide for two-step login with Duo


Rutgers requires two-step login with Duo for all Rutgers students, faculty, staff and guests. Visit the Rutgers Two-Step login with Duo page to learn more about Duo.

Two-step login helps protect your account by adding an extra layer of security beyond your password. With two-step login, you will need to provide additional confirmation of your identity to gain access to many online resources at the university.

Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily. Without it you'll still be able to log in using a phone call or text message, but for the best experience, we recommend that you use Duo Mobile. With the app installed you will get a notification on your phone to approve your login.

Note: If you are required to obtain and enroll with a hardware token, please follow the directions on the hardware token information page.

Enrolling

  1. On your computer, go to the Two-factor authentication set-up and management page.
  2. Sign in with your NetID and click Next to begin enrolling your device.

        Duo Welcome Screen

  3. Select the type of device you'd like to enroll. We recommend using Duo Mobile with a smartphone for the best experience, but you can also enroll a landline telephone, a security key, or iOS/Android tablets. If you choose to use a phone number, follow the guide on how to setup a phone number instead. 

         Select which device you want to enroll

  4. After selecting Duo Mobile, select your country from the drop-down list and type your phone number.  
  5. Double-check that you entered it correctly and click Add phone number. If you're going to use Duo Mobile on a tablet (like an iPad) with no phone service, don't enter a phone number and click I have a tablet instead.

         Enter your phone number


  6. If you entered a phone number, double-check that you entered it correctly and click Yes it's correct to continue or No, I need to change it.

        Is the phone number you entered correct

  7. Download and install Duo Mobile on your phone or tablet from the Google Play Store or Apple App Store. Once you have Duo Mobile installed click Next which will show a barcode for you to scan using the Duo Mobile app.

         Now download the duo appQR Code to scan to enroll in duo

  8. Once installed on your device, open the Duo Mobile app and select the + button. Use your phone's camera viewfinder to position the barcode on your computer screen inside the viewfinder in the app on your phone as shown below.

         

  9. If you aren't able to scan the QR code, tap Or email activation code and then enter your email address to send the activation link to yourself. Follow the instructions in the email to activate the new account in Duo Mobile.

  10. When you receive confirmation that Duo Mobile was added click Continue.

         confirmation screen that you added duo mobile

  11. It's a good idea to add a second verification method that you can use as a backup if the first method you added isn't available to you at some point, like if you lose or forget your phone and need to log in with Duo. When you click Continue after registering your first verification method, Duo prompts you to add another one. Choose any of the available methods and proceed through the steps for adding it. If you don't want to add another method at this time, click Skip for now.

        Add another way to login

  12. After you add a second login verification method, or if you chose to skip it, you'll arrive at the end of the Duo setup process. Click Log in with Duo to log in to the application using the Duo method you just added.

        setup completed

Logging in with Duo for the first time

The first time you log in with Duo, Duo chooses one of your configured login options automatically based on a sequenced list from the ones you have available. If you don't want to use the method Duo automatically suggests for that application, cancel the Duo authentication in progress and click Other options. Then, select the method you want from the list.

Completing a Duo login sets the authentication method you used, as the first choice. Future Duo logins from the same device and browser will automatically use that same method. If you cancel the authentication in process and choose a different device, then the device you use becomes the first choice. There is no way to turn off automatic device selection, or to explicitly configure a default authentication device.

This is the sequence of authentication methods that Duo uses when first logging in. If you don't have an particular authentication method setup, then Duo automatically selects your next available option.

  1. Touch ID
  2. Security keys
  3. Duo Mobile push approval
  4. Duo Mobile generated passcodes
  5. Hardware token passcodes
  6. SMS passcodes
  7. Phone call approval

Remembered Devices

The first time you approve the Duo authentication request, you'll see the option to confirm the device is yours. This creates a trusted browser session that will let you skip Duo two-factor authentication when you log in again with the same browser and device until that trust session expires. You are still required to authenticate with your NetID and Password each time and your remembered device acts as a confirmation of your identity. Please note that this feature is a browser specific and not shared between different browsers. For example if you login with Chrome today and use Firefox later, it will ask you to authenticate again.

Do not select that this is your device when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer. Clicking on No, other people use this device will not create a trust session. You won't be asked to trust that device again for 14 days.

When your trusted browser session expires, you will need to use two-factor authentication again. Duo Push, phone call, text message, and passcode authentication methods will show the option to Remember Me already checked for you. Leaving the option enabled creates a new trusted browser session. If you don't want to trust that browser again, uncheck the Remember Me box before you approve the Duo Push or phone call request or enter a passcode.

Setting up a phone number 

  1. After selecting the Phone number option, use the number of your smartphone, landline, or cell phone that you'll have with you when you're logging in to a Duo-protected service. If this phone number is a landline and can't receive text messages, select the This is a landline phone option before continuing. If you opted to add a landline, you can enter the landline's extension on the next screen and click Add extension or click Skip this step if you do not need to enter an extension for your landline.

        enter your phone number

  2. Verify that the phone number shown (and landline extension, if you entered one) is accurate and click Yes, it's correct to continue or No, I need to change it to go back and enter the number again.

        verify that the number is correct

  3. You'll need to enter a code sent to that number by phone call or text message to confirm that you own it. Choose how you want to receive the code and enter it to complete verification and continue.

        confirm ownership of the number by sending a passcode

  4. When you receive confirmation of adding the new mobile phone number for texts or calls, click Continue to login to the application with a passcode received via text message or a phone call from Duo.