Duo - two-factor authentication

Duo two-factor authentication at Wellesley College

Wellesley College uses Duo for both Single-Sign-On (SSO), and Two-Factor Authentication (2FA). When you login to most Wellesley websites, such as Google, Workday, Portal, and Sakai, you will first get Duo SSO prompts for your email address and password. Then, if Duo 2FA is enabled on your account, you will be prompted to authenticate with a phone call, Duo Push, text message or Duo token, and given the option to trust the browser for 30 days.

Duo SSO is our new domain-wide login system where you only have to login once to access most of our systems.  This provides securiy as well as ease of use across our systems.

Duo 2FA adds an extra layer of security for active and recent faculty, staff, and students. It protects your account based on the premise of something you know (your password) and something you have (Duo with your phone or mobile app) to protect your account in case your password is compromised.

Duo 2FA is enabled on all faculty, staff, and student accounts, and remains on student accounts as they graduate and become alumnae.  Other members of the College community with an active Wellesley login account can request Duo 2FA for their account via the link in the Duo Enrollment Request form.

If you have Duo 2FA and receive an unexpected prompt to authenticate with Duo 2FA, report it as fradulent and contact the Computing Help Desk as soon as possible.
 

• NEW January 2022! Updated login process for Duo SSO
  • ​Tips for using the new Duo SSO
     
• Setting up Duo 2FA as a new user
  • Requesting Duo 2FA if you don't already have it enabled.
     
• Adding multiple phones & devices
  • Switching to a new phone
     
• Setting the "Trust this browser for 30 days" option
   
• Traveling with Duo 2FA
  • Enrolling in Duo when you're currently outside the US
     
• If you don't have a mobile phone, request a Duo USB Token
   
• Using Apple Mail, Thunderbird, or Outlook with Duo 2FA

Updated login process for Duo SSO, with Duo 2FA if enabled.

On January 19th, 2022, Duo SSO replaced our previous single-sign-on login pages for most Wellesley websites, and we also updated our Duo 2FA to Universal Prompt. Below is a screenshot of the new login:

After entering your Wellesley email address and password, if you have Duo 2FA enabled on your account, you will see the Verify your Identity screen. Duo will use the most secure 2FA method that is configured on your account (Duo USB Token, Duo Push, Passcodes, then Phone Call).  If you prefer to use a different method than the one that was chosen, click More Options and then choose the method you prefer.  Duo 2FA will remember your last used method the next time you are prompted for Duo 2FA.  

When you have verified your identity with Duo 2FA, currently you will see a Success screen and then a prompt to Trust this browser for 30 days. Between January 27th and February 3rd, Duo will be updating this sequence by combining both of those screens into one, and it will look similar to this:

At this screen, if you are on a computer that is only used by yourself, you can check the Trust this browser box and then click Continue to application.  If you are on a public computer or a computer used by many people, we recommend not trusting it for 30 days.

Tips for the new Duo SSO

Trusting your browser for 30 days

You can set your browser to remember your Duo 2FA authentication for 30 days on a personal computer (i.e., not a shared or public device). This is a per-device, per-browser setting. For example, if you use both Chrome and Firefox on the same computer, you will have to follow these steps in both Chrome and Firefox.  It's important to quit or close your browser, and not sign out, or your browser may delete the trust setting.  If you cannot stay logged in (e.g. a shared computer) this is not appropriate for the trust setting.

1. Login to a Wellesley website that is proteted by Duo - Portal, Workday, Google, Sakai, etc.

2. When you have completed the Duo SSO and Duo 2FA authentication process, the last Duo screen will ask if you want to trust your browser for 30 days.

3. Check the “Trust this browser” checkbox then click Continue to application.

4. When you are done using a Wellesley website protected by Duo, close the browser tab, then quit the browser completely to save your Trusted status. If you sign out of a website instead, you may lose the Trusted status and need to authenticate with Duo 2FA again.

Choosing a different device to authenticate Duo

If you setup multiple devices for Duo 2FA and you want to use a different method than the default one, when the Duo 2FA screen appears, click More Options at the bottom of it.  You will then be given a list of other ways to authenticate with Duo 2FA.  Duo SSO will default to the last used method.

Using other mobile apps (e.g. Gmail app)

When setting up your Google account in a mobile app, choose the Google login option and at the Google login window, enter your login username with @wellesley.edu (eg zz100@wellesley.edu).  You will then get directed to the Wellesley Duo SSO login window, where you enter your Wellesley email address and domain password, and Duo 2FA if it's enabled on your account.

Saved email address in Duo SSO

Duo SSO will remember the last email address entered into the Email Address field. To change the email address listed, click the Edit link next to the email address.