Overview
The University of Idaho VPN service requires using MultiFactor Authentication (MFA). This article covers how to use various Duo MFA authentication methods.
By default, after entering a username and password to sign-in, a Duo mobile "push notification" will be sent to your primary device to approve the authentication. This method is recommended but it is possible to use the alternative methods described below using "append" mode.
Yes, passcodes and hardware tokens are supported for VPN connections by using "Append Mode". To use Append Mode, enter your username into the VPN connection prompt as you would normally do, then enter your password followed by a comma (",") and then the passcode. If your password was G0Vandals and the passcode you wanted to use was 123456, this would become G0Vandals,123456. When you click "Connect", the VPN will complete the connection process without sending a Duo Push. Passcodes can be obtained from the Duo Mobile app, from SMS backup codes, from a hardware token or a bypass code provided by your TSP, System Administrator or the Student Technology Center.
If you have not enabled Secure MFA, you can receive phone calls from Duo to complete your authentication when logging in to the VPN. If you have a landline phone or a mobile phone number (not the Duo app) enrolled, Duo automatically dials the phone number when you login. However, if you have the Duo mobile app on an enrolled mobile device, Duo sends a push notification to the mobile app by default. Duo only dials a phone number automatically if you do not have the Duo app enrolled in your account.
If you have enabled Secure MFA, you cannot use a phone call or SMS code to approve any login attempt.
If you have multiple phones or phone numbers enrolled, Duo will dial the first one by default. If you want to receive a call on a different phone number, you can specify which one using a method similar to "Append Mode". For example, to receive a phone call at the second phone you enrolled, enter your username into the VPN connection prompt as you would normally do, enter your password followed by a comma (",") and then "phone2" without quotes. You can specify the phone using phone1, phone2, phone3, etc, depending on how many phone numbers you have enrolled. The first or oldest phone number currently associated with your account is assigned phone1, the next oldest is phone2, and so on.
| Type... |
To... |
| password |
Use the default Duo mobile push notification. |
| password,passcode |
Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
Examples: "Strong-password,123456" or "Strong-Password1$3,1456789" |
| password,push |
Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS or Android device). Just review the request and tap "Approve" to log in. |
| password,phone |
Authenticate via phone callback. |
| password,sms |
Get a new batch of SMS passcodes.
Your login attempt will fail — log in again with one of your new passcodes. |