Step 3: Manage Duo on your Devices
Duo Getting Started
After you set up your security verification methods for your work or school account, you can update any of the related details, including, but not limited to:
- Adding new devices
- Changing devices
- Generating Bypass Codes
To manage Duo and your devices, please visit the Duo Portal.
To enable Duo on G Suite, go to the following and login. Select Enable Duo for G Suite and then the Update button.
For further information, please visit the Enable Apps page.
Duo Bypass Codes can be used to access resource protected by Duo when your device is unavailable. You may also need to use Bypass codes if your device is lost, stolen or replaced. Bypass codes should be placed in a secure location.
You will need to log into to Duo Portal to manage your Duo devices. Click Bypass Codes. Click Generate to create 10 new Bypass Codes. Any existing codes will no longer work. You must write down or print the Bypass Codes. They will only be displayed once and each code can only be used once.
If no other authentication method exists, please contact the Support Center. Note: Sending an email will resolve your issue faster than a phone call. The Support Center can verify you quickly through your email account. The Support Center can provide a temporary one-time passcode.
It is strongly recommended that you add an additional device to your MFA account to serve as a backup. This device could be a desk/landline, tablet, token or trusted family/friend phone number.
You can always change your preferred authentication method after enrollment by logging into Duo Portal to Manage Devices.
Please visit the Device Management site for further information.
Duo Authentication will include the following methods:
- Push Notification: via Duo Mobile App: If the Duo Mobile App is installed on a smartphone or tablet, a push notification is received to either approve or deny the authentication attempt. No manual entry of a passcode is required at login. * This is the most popular method using only a single button to MFA (vs. typing a passcode per login).
- Text Message (SMS): A batch of one-time use passcodes is sent via text message.
- Phone Call: A telephone call to any cell phone or landline will prompt approval or denial of the authentication attempt.
- Passcodes: via Duo Mobile App: If the Duo Mobile App is installed on a smartphone or tablet, a single passcode is retrieved by tapping the key image next to "San Diego State University" in the mobile app. This passcode is entered into the ‘Enter a Passcode’ field on the Duo Authentication page.
- Physical Token: A small lightweight keyfob that can be attached to your keychain. Pressing the button on the keyfob will generate a passcode for you to use with MFA. Tokens can be obtained by contacting the ITCS Help Desk.
Review the Device Overview and Recommendations page to determine which authentication method works best for you.
A variety of devices can be used for Duo. These include the following:
- Mobile phones
- Tablets
- Landlines
- Security Keys (physical tokens)
Review the Device Overview and Recommendations page to determine which authentication method works best for you.
You can set up an unlimited amount of devices. We encourage you to set up as many as you need.
Most users with smartphones prefer to use the Duo Mobile Push Notification authentication method as it requires a single touchpoint rather than retyping a passcode to login.
There are several other options including text messages (SMS), phone calls, and more. Remember, you can always change your preferred authentication method after enrollment by logging into Duo Portal to Manage Devices or elect to use different phone numbers.
Review the Device Overview and Recommendations page to determine which authentication method works best for you.
Search for “Duo Mobile” in your smartphone’s application store and then install it using standard app installation instructions. App size varies by platform.
Yes, you can enroll a basic cell phone. This will allow you to receive passcodes on your smartphone via SMS and allow you to authenticate via a phone call.
SMS passcodes are sent via text message. With the proper prompt, a text message is sent containing 10 one time use passcodes. A user can only have 10 valid passcodes at a time. Each new batch of 10 passcodes voids any remaining passcodes from the prior batch.
You must completely remove your device and then re-enroll it as a smartphone.
If you are having problems, please submit a ticket through SDSU ServiceNow.
You can also contact the Help Desk if you need immediate assistance.
Duo's Remembered Devices functionality allows a device to be deemed trustworthy and thereby require two-factor authentication in a less-frequent manner. With the remembered devices feature enabled, the user will be offered a “Don't prompt me again on this device” checkbox during login. When users check this box, they will not be challenged for secondary authentication when they log in again from that device for a set period of time. This setting only works with applications that show the Duo Prompt in a browser.
SDSU Duo allows devices to be "remembered" for a maximum of 7 days.
To have devices "remembered," users can enable at the Duo Prompt. Check the box for "Remember me for 7 days."
Get Help
To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”.
https://it.sdsu.edu/get-help
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: