loader
714.456.3333 (Orange) / 949.824.3434 (Irvine)
200 S. Manchester Ave. Orange, CA 92868

Duo Two Factor Support

UC Irvine Health uses Duo Security for Two-Factor Authentication. Two-factor authentication will take effect starting on:

  • October 03, 2017 - Citrix Quest Remote Access
  • October 10, 2017 - Remote Desktop (RDP) connections via our RD Gateway
  • October 17, 2017 - Virtual Private Network (VPN) connections

Passwords are increasingly easy to compromise. They can be stolen, cracked, or guessed. Two-factor authentication adds an additional layer of security to your HS account by mitigating password compromise. By verifying your identity using both something you know (your HS username and password) and something you have (such as a mobile phone and/or landline), compromised password cannot be used by itself to log in.

How It Works:

how-it-works

  1. When logging in, you'll enter your HS username and password as usual
  2. Then you use your device (mobile phone* and/or landline) to verify your identity
  3. Your access is confirmed and you're allowed in

*Mobile phone is the recommended option as it is typically with you and you can take advantage of the Duo Push option for the easiest two-factor authentication.

Getting Started (Enroll or Update Duo):

When a service is enabled for Duo Two-Factor Authentication and you have not logged into it before, you'll need to enroll at least one second factor device in Duo.

Enroll or Update Duo

Sample step by step instructions

  1. Click on the "Enroll or Update Duo" button. If you're prompted to input your user name and password, please do so:
    duo-enroll-login
  2. Once you have acknowledged and agreed to the UC Irvine Health Duo Security Agreement, proceed by clicking on the "Enter Duo Self-Service Portal" button:
    self-service-portal
  3. Click on the "Start Setup" button:
    enroll-start-setup
  4. Select the type of device you are adding:
    enroll-select-device
  5. Enter your phone number, then click on the checkbox to confirm your number.
    enroll-enter-phone-number
  6. Select the type of phone you have:
    enroll-phone-type
  7. Following the instructions on your screen, on your mobile phone, download and install the "Duo Mobile" app from the Google Play Store (for android devices) or the Apple App Store (for Apple devices) if you do not already have the mobile app installed. Click "I have Duo Mobile installed" once you have the mobile app installed. enroll-install-duo-android
  8. Your unique barcode should now be displayed on your computer screen. Following the instructions on your computer screen, on your mobile phone, open the "Duo Mobile" app, tap the "+" button (at the top of the screen), then scan your barcode on the computer screen. enroll-activate-duo-android
  9. You may now set the preferred authentication method for this device. The recommended option is "Automatically send this device a Duo Push". Click the "Save" button when done. enroll-my-settings-devices
  10. You're done enrolling. If you're on a shared workstation, please close your web browser since you're logged in.

Who is required to use Duo?

Duo is required by all UC Irvine Health staff, students, faculty, and affiliates for any system that is Duo-integrated. Access to UCI Health systems from within the hospital and clinics is not affected.

What UC Irvine Health services use Duo authentication?

When accessing remotely, you will be prompted for second factor authentication (after your HS credential) for the following applications:

  • Starting October 03, 2017 - Citrix Quest Remote Access
  • Starting October 10, 2017 - Remote Desktop (RDP) connections via our RD Gateway
  • Starting October 17, 2017 - Virtual Private Network (VPN) connections

What devices can I use with Duo?

You will need to choose between using a Software "Token" or a Hardware Token. The Software Token is a free app that you install on your phone or tablet. It is the recommended method if you have a supported mobile device (Android, iOS, Windows Phone). The hardware token is a small physical device you carry with you on a keychain.

UC Irvine Health Duo Security Token Agreement

I request the assignment of a Duo Security software "token" license or hardware token for use to access UC Irvine Health systems with two-factor authentication. The Duo Security software license or hardware token is the property of the University of California, Irvine. For software licenses, the device on which the software license is installed may be University or personally owned. By enrolling I understand and agree to the following:

  1. I will use the Duo Security token only in accordance with UC Computer and Network Use Policies (e.g., http://www.policies.uci.edu/policies/pols/714-18.html) and only for University business.
  2. If the token is used in such a way as to compromise University computer security, I will notify UC Irvine Health Information Services and return the Duo Security hardware token or remove the Duo Security software, as applicable.
  3. If my employment with UC Irvine Health and/or any other business relationship with the University of California, Irvine is terminated, I will notify UC Irvine Health Information Services and return the Duo Security hardware token or remove the Duo Security software, as applicable.
  4. If either the Duo Security hardware token or the device on which the Duo Security software is installed is lost or stolen, I will notify UC Irvine Health Information Services immediately.
  5. If I believe my existing Duo Security hardware token or device containing the Duo Security software may have been compromised, I will notify UC Irvine Health Information Services.
  6. Whenever requested by the UC Irvine Health Data Security Team, I will return the Duo Security hardware token or remove the Duo Security software.
  7. I will store the Duo Security hardware token or the device on which the Duo Security software is installed in a safe place at all times.
  8. I will not share my password with anyone at any time, nor store the first factor password with the second factor token at any time.
  9. I will not register a device unless it is absolutely needed for University business.

Replace an Existing Phone

What should I do if I replaced the phone I enrolled in Duo?

  • Phone number stays the same
    • If you are using the phone call or text message option to authenticate with Duo instead of using Duo Push, no action is needed.
    • If you are using the Duo Push option or SMS message with the Duo Mobile app, follow these steps to reactivate Duo Mobile on your new phone:
      1. Download the Duo Mobile app from Google Play Store or Apple app store and install it on your new phone
      2. Using a Web browser on the phone or on your computer, log in to the Duo Self-Service Portal with your HS username/password
      3. Use either the "Call Me" or "Passcode" authentication method to authenticate
      4. Click on the "Device Options" for the phone number you are reactivating
      5. Click on "Reactive Duo Mobile"
      6. Select the type of phone you are using
      7. Click on "I have Duo Mobile installed"
      8. Open the Duo Mobile app on your phone, tap the "+" button at the top of the screen, and scan the barcode on the screen.
      9. Modify the "When I log in" authentication method if needed. "Automatically send this device a Duo Push" is the recommended option. Click "Save" to complete the setup
  • Phone number is different
    • If you have an alternate device enrolled in Duo, please follow these steps:
      1. Download the Duo Mobile app from the Google Play Store or Apple app store and install it on your new phone
      2. Logon to the Duo Self-Service Portal with your HS username/password
      3. Select the alternate enrolled device from the Device dropdown menu
      4. Select either the "Call Me" or "Passcode" authentication method to authenticate
      5. Click on "Device Options" for the device associated with your old phone number
      6. Click on the trash bin to remove the device
      7. To enroll your new device, select "Add another device" link
      8. Click on "Device Options" for the phone number you are adding
      9. Enter the new phone number, click on the checkbox to confirm the number and click on "Continue"
      10. Select the type of phone you are using
      11. Click on "I have Duo Mobile installed"
      12. Open the Duo Mobile app on your phone, tap the "+" button at the top of the screen, and scan the barcode on the screen
      13. Modify the "When I log in" authentication method if needed. "Automatically send this device a Duo Push" is the recommended option. Click "Save" to complete the setup
  • If you do not have an alternate device enrolled in Duo, please contact the UC Irvine Health Service Desk at 714-456-3333 or 949-824-3434 for assistance

Tutorials

FAQs

Why do I need to use two-factor authentication?

Two-factor authentication enhances the security of your HS credential by using a device you own to verify your identity when you access UC Irvine Health systems.

What if I get a Duo Notification that I did not request?

If you receive a Duo notification that you did not initiate via a login process, your HS password may have been compromised. You need to immediately:

  1. Deny the Duo Request
  2. Change your HS password
  3. Contact the UC Irvine Health Service Desk to report the incident

Why do I automatically get denied access? I was never given an option to Approve login or to enter a passcode.

If you are getting denied access by Duo after successfully authenticating your HS account, you are likely locked out of Duo. This usually occurs when 10 attempts to authenticate with Duo either have timed out or failed. You will need to contact the UC Irvine Health Service Desk to unlock your Duo account.

What if I forgot my device and need access?

If you do not have your enrolled device with you and needing access, you may contact the UC Irvine Health Service Desk for a temporary passcode. The passcode will expire after 13 hours.

What do I need to know if I am traveling?

Please refer to Duo Travel Guide.

Also, you will need to fully shut down the laptop instead of letting it sleep or hibernate before you board your flight or enter an area that does not have internet access. If you do not fully shut down, you may get prompted for two-factor authentication and may not be able logon until you either gain internet access or until you force shutdown and restart your laptop.

Do I have to use my cell phone?

A mobile Phone is the recommended option as it is typically with you and can take advantage of the Duo Push option for the easiest two factor authentication.

Can I setup Duo on more than one device?

You are encouraged to register more than one device (mobile phone, office phone, tablet) for two factor authentication. If you forget your phone or something happens to your phone, you will need another way to authenticate.

What should I do if my enrolled device is lost or stolen?

Please contact UC Irvine Health Service Desk at 714-456-3333 or 949-824-3434 immediately if your enrolled device is lost or stolen. The Service Desk will assist with the deactivation of your lost/stolen device and enroll your new device.

Will I be able to authenticate with Duo if I don't have a cell signal or WiFi connection?

You can generate a passcode in the Duo Mobile app on your mobile phone by tapping the key icon next to "UC Irvine Health", then log in to the system using the passcode.

If I choose SMS message or phone call option, will I be charged by my phone carrier?

If you do not have an unlimited cell phone plan, you may be charged by your carrier for SMS messages or phone calls.

Duo Standard User Guide