Update: Campus MFA Streamlining
As part of phase 2 of the MFA Improvement project, more campus online services will require multi-factor authentication to sign in, and in most cases, Microsoft MFA will replace Duo MFA, creating one standardized MFA sign-in experience across campus services.
Starting on June 3, 2026, you’ll notice that services previously requiring Duo MFA (like Buff Portal and MyCU Info) will now require Microsoft MFA. No changes to how you use Microsoft MFA are required. Learn how to check your settings or set up Microsoft MFA.
Learn more about these changes on the MFA Improvement Project webpage (IdentiKey login required) or in the Microsoft MFA Expansion news story.
What is Duo multi-factor authentication?
Multi-factor authentication (MFA) increases account security by requiring multiple forms of verification to prove your identity when signing in to an application.
OIT requires Duo multi-factor authentication for system administrators and those with privileged access to services or private networks.
How to enroll and use Duo
When you log in to a service that requires Duo MFA, you will be prompted to authenticate using one of the following methods:
- Duo Mobile app (recommended): Get a push notification from the Duo Mobile app on your smartphone or watch.
- Phone number: Set up a phone number, then choose between receiving a text message with a code or an automated phone call during which you can approve access by pressing 1 on your keypad.
- Security key: Use a device like a Yubikey to verify your identity.
If you have a smartphone, OIT recommends the Duo Mobile app for the best experience. You do not need to grant the app access to your location in order to use. Whatever your preferred method, OIT also recommends enrolling more than one device (e.g., the mobile app and a phone number) so you can still authenticate if you lose or replace a device.
Troubleshooting
If you're having trouble authenticating using Duo, log in to the Duo multi-factor authentication enrollment website to view your settings, re-register the app or add a new device.
If Duo pushes an authentication request that doesn't show up in your app, click Other options and you'll be able to select a different authentication method:
- Duo Push will send a push from the Duo Mobile app.
- Duo Mobile passcode uses the code automatically generated for your account in the Duo Mobile app.
- Text message passcode will send a text message with a code to your phone number.
- Phone call will generate a phone call where you can approve access by pressing 1 on your keypad.
- Bypass code can be used if no other authentication methods are working. Contact the IT Service Center to be provided with a one-time bypass code. Please note: To receive a one-time bypass code, you will be required to get on a Zoom video call with an IT Service Center analyst and show proof of your identity (i.e., your Buff OneCard or a government-issued photo ID).
Once authenticated, you will see a success notice and can continue to log in or click Manage devices to change your preferences. Our manage devices in Duo instructions, as well as the mobile app and phone number setup tutorials, show screenshots of this process.
Support
Visit our Duo MFA - FAQ page for additional information about this service. If you need assistance, contact the IT Service Center at 303-735-4357 or oithelp@colorado.edu.
