Duo for Off-campus access to Microsoft O365
Starting in November 2018, two-factor authentication will be required to access Office 365 (O365) applications from remote locations (i.e., off campus). As part of the most recent updates to UT System policy (UTS165), this requirement is part of a continued effort to protect university data. Each Faculty and Staff member will require a DUO account to access O365 from off campus. The Institutional Compliance Office of Information Security (OIS) is working closely with the Office of Information Technology (OIT) to ensure the successful rollout of this policy.
What This Means to You
1. When logging into O365 applications from off campus, each time you are prompted for your UTSA login credentials you will receive the DUO two-factor authentication prompt.
2. When you VPN into UTSA you will see the DUO two-factor authentication prompt once for the VPN authentication and once again when logging in to O365.
3. If you use your cellular network (not the UTSA wireless network) you will see the DUO two-factor authentication prompt when you log in to O365 even when you are physically on campus.
4. Once DUO two-factor authenticated to O365, you will not see any additional authentication prompts unless your session times out or you are disconnected in some way.
To setup a DUO account
How do I get Duo?
Go to https://passphrase.utsa.edu. Click on Begin setup.
What if I get a new mobile phone?
If you get a new phone you will need to re-activate Duo Mobile. Contact OIT Connect at 210 458-5555 for assistance.
What systems utilize Duo two-factor authentication?
At this time the following services will require two-factor authentication:
- Staff and Faculty Off campus access to UT Share.
- Any access to the UTSA VPN.
- Staff and Faculty off campus access to O365
What should I do if I get an authentication message and I am not trying to log in?
Deny the request and report the incident to the OIT Connect immediately via email (OITConnect@utsa.edu) or by calling (210) 458-5555.
How do I connect to VPN using Duo Two Factor authentication?
Instructions are available here.
Can I opt out of Duo?
No. Two-factor authentication adds a second layer of security to our online accounts. In an effort to keep the university systems and your personal account information secure, we are enabling two-factor authentication on selected services.
What if I don’t have a cell phone, landline, or a tablet for a secondary device?
At this point you’ll have to use a token. They can be used in lieu of a cell phone, landline or tablet. There are two types of tokens available.
- USB tokens – inserted into a USB port on your computer. During the Duo authentication, you push a button on the token.
- One-Time-Password (OTP) tokens – have a digital readout with a six digit code you enter into the Duo authentication window.
We recommend the YubiKey 5 USB token. They can be purchased from the following places:
Yubico store at https://www.yubico.com/store
Amazon at https://www.amazon.com
Contact OIT Connect at (210) 458-5555 after receiving the token so it can be associated with your account.
Will UTSA have access to my mobile device if I install the Duo Security app?
UTSA is partnering with Duo Security to provide two-factor authentication for selected online services.
Installing the Duo Security app on your mobile device will not give the university access to or control over your mobile device. The only information provided to the university by Duo Security during the two-factor authentication process is that the authentication was completed using your registered device.
I have stopped receiving push notifications on Duo Mobile.
You may have trouble receiving push requests if there are network issues between your phone and our service.
Many phones have trouble determining whether to use the WiFi or cellular data channel when checking for push requests, and simply turning the phone to airplane mode and back to normal operating mode again often resolves these sort of issues, if there is a reliable internet connection available.
Similarly, the issue may be resolved by turning off the WiFi connection on your device and using the cellular data connection.
Also, check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device’s configuration to sync date and time automatically with the network.
If neither of these suggestions work, then the simplest resolution is to contact OIT Connect at 210-458-5555 to request re-activation of Duo Mobile. You can log in with a pass code generated by the Duo Mobile app and send a new activation link to your phone. See the Manage Devices guide for instructions.
What is two-factor authentication and why is UTSA implementing it?
Passwords are becoming increasingly easy to compromise. They can often be stolen, guessed, and hacked — you might not even know who else has your password and is accessing your account. Duo two-factor authentication adds a second layer of security to your account to make sure that it stays safe, even if someone else knows your password, by using your phone or other device to verify your identity. You will be alerted right away (on your phone – mobile or landline – or tablet) if someone tries to log in using your password. This prevents anyone but you from accessing your accounts.
What if I do not have a mobile phone?
You can use a landline or a tablet. Duo also lets you link multiple devices to your account, so you can use your mobile phone, a landline and/or tablet.
What if I lose my mobile phone or it is stolen?
Contact the OIT Connect at firstname.lastname@example.org or call 210-458-5555 immediately if you lose your phone or suspect that it has been stolen. The device will be disabled for authentication and you will be assisted in enrolling another phone/device. While it is important that you contact the Help Desk if you lose your phone, remember that your password will still protect your account.