Skip to Content

Duo Two-Step Login Overview

This article is intended to provide an overview of the Duo two-step login service that is currently being used by campus IT staff and Banner users whenever the Shibboleth service is required to authenticate.

The service is now available to all faculty, staff, graduate employees, and student employees via the Duck ID self-service website and through the UO Service Portal.

Recent Messaging

Jessie Minton, the university’s chief information officer (CIO), sent a direct message to all faculty and staff email addresses on the week of February 17, 2020, and similar messaging was published through an article on the AroundTheO Workplace edition website on February 18, 2020.

An excerpt from that messaging describes the service and current availability to it:

“As of Feb. 6, enrollment in two-step login is open to all employees, including student employees and graduate employees. Instructions for getting started are available in the UO Service Portal.

Two-step login — also known as two-factor authentication, 2FA, two-step verification or multifactor authentication — adds a powerful extra layer of security to any login process. After entering a username and password, users must also verify their identity by tapping a button in a mobile app, entering a code or answering a telephone call (emphasis added). The UO is using a simple system designed to allow employees to quickly verify their identity with as little effect on their workflow as possible.”

How Duo works

As expressed above, Duo uses something you know (e.g., your Duck ID and password) with something you have (e.g., mobile app, landline phone, token, etc.) to verify your identity through services that are connected with the Shibboleth single sign-on service.

Two Step Login = something you know plus something you have

Shibboleth is a service that is connected to various campus systems that use your Duck ID and password to verify UO-affiliated persons. At the university, Shibboleth appears as the green-and-yellow screen that is seen nearly every day:

Shibboleth Single Sign-on Screen

When Duo is enabled, you will also see another screen that will present you with some Duo options.

1. Choose a method (push, call, passcode), 2. You can choose Remember me for 7 days (for most cases)

This example screen is from when a mobile device is enabled with the Duo Mobile app

  1. Choose an authentication method
    • Send Me a Push: available through the Duo Mobile app
    • Call Me: available when a phone line is connected (e.g. mobile phone, office phone)
    • Passcode: generated through the Duo Mobile app, SMS text messages, or a hardware token
  2. You can choose the option, Remember me for 7 days, for most cases
    1. Remember me for 7 days will work for every case except for Banner since it requires an incognito or private browsing window to work properly.

For more information on the various ways that you can use Duo, please refer to the UO Service Portal article on Duo.

Links to Additional Content