Overview
This article covers using the University of Idaho VPN with Duo multifactor authentication.
Are VPN connections be protected by Duo?
Yes, VPN connections require that you approve a login attempt. Once you enter your username and password, a Duo Push notification will automatically be sent to your primary device which has the Duo Mobile app installed. Once you approve the Duo Push, your connection will complete. If you do not use the Duo Mobile app, you can use a hardware token, SMS code or a voice call.
Can I use a passcode or hardware token to connect to the VPN?
Yes, passcodes and hardware tokens are supported for VPN connections by using something called "Append Mode". To use Append Mode, enter your username into the VPN connection prompt as you would normally do, then enter your password followed by a comma (",") and then the passcode. If your password was G0Vandals and the passcode you wanted to use was 123456, this would become G0Vandals,123456. When you click "Connect", the VPN will complete the connection process without sending a Duo Push. Passcodes can be obtained from the Duo Mobile app, from SMS backup codes, from a hardware token or a bypass code provided by your TSP, System Administrator or the Student Technology Center.
Can I use a phone call with Duo and the VPN?
If you have not enabled Secure MFA, you can receive phone calls from Duo to complete your authentication when logging in to the VPN. If you have a landline phone or a mobile phone number (not the Duo app) enrolled, Duo automatically dials the phone number when you login. However, if you have the Duo mobile app enrolled from any mobile device, Duo sends a push notification to the mobile app by default. Duo only dials a phone number automatically if you do not have the Duo app enrolled in your account.
If you have enabled Secure MFA, you cannot use a phone call, or SMS code to approve any login attempt.
If you have multiple phones or phone numbers enrolled, Duo will dial the first one by default. If you want to receive a call on a different phone number, you can specify which one using a method similar to "Append Mode". For example, to receive a phone call at the second phone you enrolled, enter your username into the VPN connection prompt as you would normally do, enter your password followed by a comma (",") and then "phone2" without quotes. You can specify the phone using phone1, phone2, phone3, etc, depending on how many phone numbers you have enrolled. The first or oldest phone number currently associated with your account is assigned phone1, the next oldest is phone2, and so on.
| Type... |
To... |
| password,passcode |
Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
Examples: "mypass123,123456" or "mypass123,1456789" |
| password,push |
Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap "Approve" to log in. |
| password,phone |
Authenticate via phone callback. |
| password,sms |
Get a new batch of SMS passcodes.
Your login attempt will fail — log in again with one of your new passcodes. |