General FAQ
What's the difference between Duo MFA and Microsoft MFA?
Duo MFA and Microsoft MFA are similar applications that are used to authenticate to different systems. Our campus uses Microsoft MFA for Microsoft-hosted applications, Buff Portal, MyCUInfo, Grouper, Salesforce/Marketing Cloud, Oracle Identity Manager, Research Computing services, and others. Duo MFA is used for some functions in IndentiKey manager and some other services at CU Boulder.
How frequently will I have to use Duo when logging in?
Duo has an 8-hour time out, per session. So, if you access one service in a web browser and then within the same browsing session and 8 hour time limit you access another service that requires Duo in the same browser you will not be required to authenticate with Duo a second time. If you switch to a different web browser, you will be prompted to authenticate again.
Can I use Yubikeys or other FIDO2 tokens with Duo?
FIDO2 tokens are physical devices that provide a second factor during the multi-factor authentication process. They may be a good option if you are unable to use a mobile phone for MFA. Follow our Register a Yubikey for OTP or Duo - enroll a security key tutorials to enroll one of these devices.
Please note that it is your responsibility to purchase, configure, and keep track of your token. Yubikeys are available for purchase from the CU Bookstore and via CDW-G in the Marketplace.
If you decide to use the DUO security key option for your second factor of authentication and leverage Yubikey or FIDO2 tokens, it is highly recommended to register a backup method, such as a phone, in addition to your token in case you misplace it.
Do I need to enable location services to use the Duo app?
No, location services is not required to be enabled on a phone to use the DUO app.
Are there other languages available in Duo if English isn’t my first language?
While the interface is in English, translation services like Google Translate may assist users in navigating the interface. Duo also has help guides in over a dozen languages at https://guide.duo.com. In the lower left hand corner of the screen (on desktop browsers! Locations may vary for mobile device users), look for the black menu box to select your preferred language from the available options.
New enrollments
How do I enroll in Duo MFA?
Duo has several options available to enroll and authenticate.
- Go to the Duo multi-factor authentication enrollment website and log in with your IdentiKey username and password.
- Select the method you'd like to use to authenticate. Your options include:
- Duo Mobile app (recommended): Get a push notification from the Duo Mobile app on your smartphone or watch.
- Phone number: Set up a phone number then choose between receiving a text message with a code or an automated phone call during which you can approve access by pressing 1 on your keypad.
- Security key: Use a device like a Yubikey to verify your identity.
- Follow the prompts to complete enrollment. When finished you can revisit the Duo multi-factor authentication enrollment website in an incognito window to test enrollment.
What if I do not have an Android or iOS device?
Select the option to enter a phone number then choose between receiving a phone call or text message to authenticate. Follow our Duo enroll and set up with a phone number tutorial to enroll a phone number.
Is it possible to add another device to my Duo account?
- Go to the Duo multi-factor authentication enrollment website and log in with your IdentiKey username and password.
- When prompted, click Other Options
- Select Manage Devices
- You'll have to authenticate with your current device before you can add a new one.
- Click Add a device and follow the prompts to add a new authentication method.
- After adding a new device, we recommend visiting the Duo multi-factor authentication enrollment website with a new browser or with a private/incognito window to force authentication to verify success.
Follow our instructions for managing devices for screenshots of this process.
Troubleshooting
What if I can't log in or if I replace or lose my device?
Visit the Duo multi-factor authentication enrollment website at any time to view your settings, re-register the app, or add a new device.
Troubleshooting tips:
- Go to the Duo Two Factor Enrollment website and log in with your IdentiKey username and password.
- If Duo pushes an authentication request that doesn't show up in your app, click Other options and select a different authentication method.
- If none of the options available work for authentication, contact the IT Service center at 303-735-4357 or oithelp@colorado.edu for a one-time bypass code to change your settings. Please note: To receive a one-time bypass code you will be required to get on a Zoom video call with an IT Service Center analyst and show proof of identity, using your Buff OneCard or a government issued photo ID.
I am already enrolled in Duo, but I can’t seem to get to the Manage My Devices view. It just keeps saying I’m successfully authenticated.
If you previously selected Trust This Device, Duo by default will do exactly that while you have a valid Duo session and not take you into the second-factor screen, which is where you can select to manage devices. As a workaround until your session expires, you can open an Incognito Window then visit https://duo.colorado.edu and you should be able to access the manage devices screen as per usual.
I am getting an error message from Safari when I try to enroll using my iphone. How can I enroll on iOS devices and avoid this error?
If you receive this type of error message, you are likely on an old version of iOS and you don't have the app installed. To successfully enroll, install the app first or update your device to the newest version of iOS. Alternatively, visit the Duo multi-factor authentication enrollment website on a computer and enroll, then test access using your phone.
