Duo Two-Factor Authentication (for University employees)

NOTE: Please follow these instructions IF you are using the built-in Mail/Calendar apps in iOS. If you downloaded the Outlook Mobile App, please see instructions in that section below instead.
 

After Duo is enabled for your account on Office 365, you may have to re-add your account to your device to begin synchronizing mail again.

STEP 1:  Remove your existing account

1. Open Settings from the home screen.
2. Go to Mail > Accounts and tap on your Ship account (may be listed as "Exchange" or "Work").
3. Tap on Delete Account.
4. Choose Delete again to confirm.

STEP 2:  Re-add your account

1. Open Settings from the home screen.
2. Select Mail > Accounts.
3. Tap on Add Account.
4. Select Microsoft Exchange.
5. Enter your Ship e-mail address and password.
6. Tap on Next.
7. Tap on Sign in.
8. Enter your Ship e-mail address and password at the login screen.
9. Select Continue.
10. Choose the services you want to sync to your device.
11. Tap on Save.

Within a few minutes, email should begin to appear in the Mail app on your device, and you should be able to successfully send and receive messages.

NOTE:  Please follow these instructions IF you are using the built-in e-mail/calendar apps on your Android device.  If you downloaded the Outlook Mobile app, please see instructions in that section instead.
 

After Duo is enabled for your account on Office 365, you may have to re-add your account to your device to begin synchronizing mail again.
 

STEP 1:  Remove your existing account

1. Open the Settings app on your device.
2. Select General (if you see a tabbed or sectioned interface).
3. Select Accounts.
4. Tap on your Ship account in the list (may be listed as "Exchange" or "Work").
5. Tap on Remove Account.

STEP 2:  Re-add your account

1. Open the Settings app on your device.
2. Select General (if you see a tabbed or sectioned interface).
3. Tap on Accounts.
4. Choose Add Account.
5. Select Exchange.
6. Enter your Ship email address (i.e.  ab1234@ship.edu).
7. Choose Sign in.
8. Enter your full Ship email address and password when prompted.
9. Follow any additional prompts you may get for security or device permissions, sync settings, and more.

Within a few minutes, e-mail should begin to appear in the Email app on your device, and you should be able to successfully send and receive messages.

IF you are unable to successfully set up your account, please try downloading the Microsoft Outlook app from the Google Play store on your device.  Instructions for setting up the Microsoft Outlook app are below.

NOTE:  Please follow these instructions IF you are using the Microsoft Outlook Mobile app on your iOS or Android device.  If you downloaded the built-in mail and calendar apps, please see instructions in the appropriate section instead.
 

After Duo is enabled on your account in Office 365, the Outlook Mobile app should continue to synchronize mail automatically.  It may prompt you to accept a Duo approval on your device the first time you connect.

If mail is not successfully synchronizing, try following the instructions below:

iOS or Android

STEP 1:  Remove your existing account from Outlook Mobile

1. Open the Outlook mobile app on your device.
2. Tap the Home button in the upper-left corner of the screen.
3. Tap on the Settings gear icon on the bottom-left.
4. Tap on your Ship account (should be listed as "Exchange").
5. Tap on Delete Account.

STEP 2:  Re-add your account to Outlook Mobile

1. Tap on Add Mail Account.
2. Tap on Add Email Account from the options that appear.
3. Enter your full ship.edu e-mail address and tap on Add Account.
4. Enter your Ship email address and password at the login screen.
5. Optionally skip or add more accounts.

Setting Up Duo

The following instructions guide you through the Duo enrollment and device set-up process.

In order to enroll in Duo, you must click on the enrollment link sent to you via your Ship email account.

1. Click Start setup when prompted with the Duo enrollment window.
   (You will get this prompt by either clicking on the link the Duo enrollment email you should have received or when attempting to log into a Duo protected application without being enrolled.)
   
   
   
   
2. Select the type of device you'd like to enroll and click Continue.
   
   
   
   - We recommend using a smartphone for the best experience. If you use a smartphone, you will need to install the Duo mobile app.
   - The following instructions guide you through the smartphone setup (you can also enroll a tablet or landline telephone).
   
   
   
3. Enter the number of the smartphone that you'll have with you when logging in to Ship applications.
   
   
   
   
4. Select the type of phone you are registering.
   
   
   
   
5. Install the Duo Mobile app from the Apple or Android app store. Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily.
   
   
   
6. After installing the app, return to the Duo enrollment window and click I have Duo Mobile installed.
   
   
   
   
7. Open the Duo app on your smartphone, tap the + button, and use your smartphone to scan the barcode on the computer screen.
   (The app will automatically open its built-in scanner when you click on +)
   
   A green checkmark indicates that your account has been properly linked on your phone.
   
   
   
   
   Can't scan the barcode? Click Email me an activation link instead and follow the instructions.
   
   
8. Select the option for the default authentication method that you'd prefer upon log in from the drop down.
   
   
9. Click Finish Enrollment.
   
   
   
   
10. When Duo Mobile is activated, click Continue. You should see this confirmation screen:
    
    

An additional layer of authentication beyond a username and password. 2FA involves something you know (password) plus something you have with you (like Duo Mobile on your smartphone) to prevent someone from logging in with only your password. With Duo 2FA, you still enter your username and password. The second factor provided by Duo is simply an added layer of security on top of your existing credentials. We recommend using Duo Push via the Duo Mobile app to perform 2FA.

This interactive prompt lets you choose how to verify your identity each time you log in (e.g. “Duo Push” or “Call Me”) to a web-based application. The Duo Prompt allows you to enroll and authenticate.

These are numeric codes that can be generated either via the Duo Mobile app, SMS (text message), or a hardware token. Passcodes may be used at any time and are particularly handy for authenticating when your 2FA device doesn't have internet or cellular service.

A push authentication request that is sent to the Duo Mobile App on an enrolled device. Push notifications include information like the geographical location of the access device, IP address of the access device, and the application being accessed so you can verify whether the push is real or fraudulent.

Self-service portal where you can click “My Settings & Devices” to add additional devices or update authentication method settings right from the Duo Prompt.

Click here to access the Duo Management Portal

No. Having a smartphone makes for an easier and more secure experience with Duo Push. However, it is also possible to enroll a non-smartphone mobile device or landline to receive SMS (text) passcodes or phone calls. If you are in need of an alternative authentication option, please contact the Technology Help Desk.

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.

If you are a user of a system which requires Duo two-factor authentication, you will receive an enrollment email. Follow the direction in the email to complete your enrollment. If you have not received the email, please contact the Technology Help Desk for assistance.

If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video.

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

There are several reasons this could be happening. Please try the following to troubleshoot:

1. Make sure your enrolled device has a cellular network or WiFi connection.
2. Have the Duo Mobile app open when you authenticate.
3. Try these additional push troubleshooting steps:
   • iPhone
   • Android
4. If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.
5. Contact the Technology Help Desk for further assistance.

See this Duo Knowledge Base article for information on authenticating without cell or internet service.

1. Open the Cisco AnyConnect client and click on Connect.
2. In the Group field, choose Split.
3. Enter your username (not email address) and password.
4. In the Duo auth method field, enter "push", "sms", "phone", or the passcode.

 - "push" using the Duo Mobile app is the fastest

 - "sms" will require you to re-enter your password and the texted passcode

If you are currently able to authenticate with a device, you may log in to the Duo Management Portal.

Log in at Ship's Intranet page:

Authenticate with Duo using the Duo app (push), passcode (SMS/text or hardware token), or phone call:

Once in the portal, you may:

• Add additional devices
• Designate your "default" device that receives authentication requests in addition to your preferred authentication method
• Deactivate Duo Mobile if you got a new phone but kept your number
• Change the name of your device (ex. "Personal Cell" or "Work Phone")
• Remove a device

Learn more about managing your devices.

Please contact the Technology Help Desk at 717-477-HELP (x4357) or helpdesk@ship.edu immediately.

No. Your password is only verified by Shippensburg University systems and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.