Multi-factor authentication administrator guide
Duo SecurityDuke has partnered with Duo Security to provide an advanced authentication solution; other partners may follow in the future. Once you have registered a phone, tablet, or hardware token (e.g. YubiKey®) with Duo, you can use that as your second factor when authenticating to a website or system. Visit the multi-factor authentication home page to view what you currently have registered with Duo.
Requiring multi-factor authentication for your websites and systems
Web-based application protected by Shibboleth
If you have a web-based application that uses our NetID login page, we can easily require all or a subset of users to use multi-factor authentication when accessing that application. If you would like a subset of users to use multi-factor authentication, we would create a group in our Grouper management tool, Grouper. The members of the group can be maintained manually by one or more people or can also be maintained automatically based on role information. It is also possible to do a combination of both. For instance, you can have a Grouper group with all users in your org unit plus potentially other users that would be added manually. To set this up, please contact the OIT Service Desk.
SSHYou can require multi-factor authentication when users SSH to your systems. For more information, please see our Linux install and configuration guide. The instructions there refer to keys and a Duo API hostname. You can obtain those by contacting the OIT Service Desk.
For more advanced and detailed installation instructions, please visit the Duo web site.
Windows RDPYou can require multi-factor authentication during Remote Desktop logins. For more information, please visit the Duo web site. The instructions there refer to keys and a Duo API hostname. You can obtain those by contacting the OIT Service Desk.
SupportFor further assistance:
University Users: OIT Service Desk - 919 684 2200
Duke Medicine Users: DHTS Service Desk - 919 684 2243