Users Guide

Duo Users Guide

Duo Security is being used to further secure many UC San Diego Health applications and functions. Duo allows you to use a cell phone - most often a smart phone with the Duo application installed -  to prove that requests to access critical systems or perform certain functions actually come from you.

This guide is intended to cover usage of Duo once you are enrolled. Questions about enrollment are addressed in the Duo Enrollment Guide.

Once you have finished the enrollment process you can start using Duo in the UC San Diego environment.

PUSH: Using Duo "push" is the most common, fastest and easiest way to use Duo. When you log into a device or service that is protected by Duo a prompt will be sent to your phone and you simply need to acknowledge that it is you requesting access.

The Duo Guides to answering Duo notifications are here for each smartphone format: iPhone, Android (Samsung, HTC, etc.), and Windows Phone.

Example CWP : Starting in early June you will need to be signed up for Duo to use the Clinical Web Portal (CWP). After you login you will be presented with the Duo notification screen. 


Four hour unchecked.png

Here you can see the various options for "Send Me a Push", "Call Me" (generally for non-smart phones) or "Enter a Passcode" verification.

If you are on a computer you commonly use for CWP you can check the "Remember me for 4 hours" check and not have to answer a Duo prompt for the next 4 hours if you log in again.






If you have already selected Push notifications during sign up a notification will be pushed to your phone as shown here. If you want to use another form of Duo verification click "Cancel" to access the panel. 

CWP Duo Pushed.PNG











Additional Example RDP: Using RDP to access a server. Log in normally and the following Duo message appears after the login screen and then the alert appears on your phone.

duo_1.pngduo_2.png

 

Once you touch "Approve" you are logged into the remote server as always. 

If your phone is locked you will receive an alert to your lock screen. If you have fingerprint technology implemented on your phone you can approve Push notices from the lock screen. Duo Push is also integrated into Apple Watch notifications.  

One Time Codes: The Duo application can create revolving codes that can also be used to log into most applications. This is a good option if you are somewhere where cell reception is unreliable or you're having trouble receiving Push notifications. 

Example: In our RDP example clicking the "Cancel" button in the Duo dialogue will create a dialogue box that will accept codes. Open the Duo app and click on the "key" icon to create a one time code. Entering this code into the dialogue box will satisfy Duo security.

 

duo_3.pngduo_4.png

Note: If you forget your phone the helpdesk can generate a code that will work for your Duo account temporarily that you can use the same way as the one time code.

Most Duo implementations support Push and One Time Codes and these are the preferred methods of using Duo.

Additional Security: If you ever receive a Push notification that you did not initiate always choose the “Deny” option and then choose “It was a mistake” or “It seems fraudulent” as appropriate.

More Helpful Tips:
1) Always report lost or stolen phones to the Helpdesk immediately.
2) If you have multiple login names you may have to activate more than one in Duo
a. All logins can to attached to single phone and only a single copy of the Duo app is required
3) Always make sure any device you use for Duo is enrolled in Mobile Device Management (MDM) such as Airwatch
4) More tips and answers: hs2fa.ucsd.edu