Multi-Factor Authentication (Duo)

The college has engaged in a coordinated effort to further strengthen system and network access safeguards. Columbia College is partnering with DUO Security to implement Multi-Factor Authentication (MFA) on various software systems as well as on college hardware. Multi-Factor Authentication is an additional layer of security on top of user IDs and passwords, Single Sign-On, or VPN.  
  
As a result, when you enter your username and password into one of these systems, Duo will send a message to your smart device prompting a response to gain access.
 
What does this mean for you? 

  • College systems such as Canvas, The CCC Intranet, PeopleSoft, O365, VPN, CX/Jenzabar  will require this additional layer of security. 

  • If you have a college-provisioned workstation or laptop, you may be required to unlock your machine utilizing multi-factor authentication as well.  Duo will be pushed to your machine and then once the second step above is completed, you will be asked for the additional layer of security to access your machine once you return to campus or utilize Global Protect. 

What are the benefits?  

  • By utilizing Multi-Factor Authentication, you will be notified if anyone is attempting to access a system or your machine using your ID and password credentials. If that person is not you, you can deny the access from your smart device. This preserves the college’s security around sensitive data and systems.
  • A password is no longer enough. Attacks on accounts are increasingly sophisticated. MFA helps to determine that you are who you say you are and are not someone with a stolen password.
  • The college will be able to quickly assess any instances of access that are denied, safeguarding our systems further.
  • Each and every person utilizing our systems will be assisting in keeping our community safe from outside, unauthorized access.

IT will be available to assist anyone needing help making the transition. You may submit a ticket for help with the transition here Request IT Help to Transition Duo or to request a token, click here Duo Token Request

Frequently Asked Questions:

What to do when you get a new phone?

Restoring a Duo account on an iOS Device

Restoring a Duo account on an Android Device

How much space does the Duo App use on my device? 

30mb. By Comparison, Facebook app is 498mb. Outlook app is 290mb.  This equates to about 5 medium-sized pictures. 

Do I need a new smart device? 

No.  If the device is running a recent Operating System, you can install and run Duo.  Please see two FAQs below that address the two different kinds of smart devices. If you do not have a device that meets these requirements you can request a token.  See FAQ below about Tokens.

What version of Apple iOS does Duo support? 

Currently iOS 12 and greater. Please visit this link for more information:

Which versions of iOS does Duo Mobile support? 

What version of Android does Duo support? 

Currently Android 8 and greater. Please visit this link for more information:

Which versions of Android does Duo Mobile support? 

How much data does Duo use? 

Duo Push authentication requests require a minimal amount of mobile data – less than 2 KB per authentication. This amount of data usage falls well within a "typical" push notification. While concerns regarding data usage are certainly understandable, the bandwidth consumed by Duo Mobile for many authentication requests every day would have an overall negligible effect on mobile data use. 
 
For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.  That's over 16 authentications per day, which is well above the average authentication threshold of our most aggressive users.  1MB is also the equivalent of loading 1 webpage on your mobile phone. 

As with any other app, Duo Mobile utilizes WIFI whenever the user is connected to it, so no mobile data would be used at all under those circumstances. 

What outside access to my device does Duo allow? 

Duo Mobile has no access to change settings on your phone.  Duo Mobile cannot read your emails, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone.  The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc.  We use this to help recommend security improvements to your device and you always are in control of whether or not you act on these recommendations. 

Much more in-depth information may be found here: 
Duo Mobile Privacy Information 

What is the process to acquire a Duo Token? 

The college understands that not all users have smart devices that will support Duo.  It is to these users that the college will loan a token.  Token use requires the user to carry it at all times and is about the size of a lighter.  Should the token be lost or damaged, the user will be responsible for the replacement cost. 

Tokens may be requested only by using a ticket type specified in the Duo Communications.  When a request is received, a workflow immediately sends a Team Dynamix Ticket to the requestor’s manager.  The manager must respond using the ticket to approve or deny the request.  Manager approval is required for IT to begin the fulfillment process.  IT will contact the requestor to determine whether token pickup is possible or whether the token must be sent via FedEx due to the requestor working remotely.  If the requestor is on campus, the token should be picked up as directed by IT.  Step-by-step authentication instructions are included when a token is picked up or sent out. 

While IT will do our best to ensure timely delivery, there will be a lag for remote users.  During that time, IT will place the requestor on bypass status so that system access is not denied in the interim.  Once the token is received, the requestor must contact IT to confirm receipt.  The maximum time for a bypass is 7 days from the manager’s approval to allow for token receipt and authentication. Alternatively, single-use bypass codes may be acquired from Client Services. 

Columbia College Chicago apps will not be accessible from a smart device that is not protected by Duo so if you opt to not use your smart phone and obtain a token, access will be removed.

Details

Article ID: 128746
Created
Thu 2/25/21 11:04 AM
Modified
Tue 9/6/22 12:27 PM