Topics Map > GBIT Service Desk Services > Multi-Factor Authentication
Duo - Setup for Employees
This article outlines the procedure for setting up Duo with an employee.
Duo Enrollment Process
Before proceeding to activate Duo, Service Desk technicians must identity proof the employee to ensure security. To be identity proofed, an employee must come to the GBIT Service Desk with two forms of identification or show their forms of identification to the Service Desk through a video chat. For anyone without easy access to campus, we offer a few video chatting options:
- Google Hangouts
- Microsoft Teams
If an employee is unable to access any of these methods, reasonable accommodations can be made. Please email email@example.com to discuss options.
The following are acceptable forms of identification:
- For University confirmation
- Job offer letter from the University
- University ID
- For identity confirmation
- Driver's license
- Military ID
Please have these ready at your scheduled identity proofing appointment.
Activation of Token or Cell Phone
Once an employee is identity proofed, the Service Desk technician will ask whether the employee would like to receive verification codes via token or through their cell phone. Most employees should use the cell phone option as it is unlikely to be forgotten.
To activate a token, the Service Desk technician will take the number off of the back of the device and record it, thereby ensuring the device is registered to the employee. Once the employee receives the token, they are all set to use Duo. Should the token ever be forgotten, bypass codes can be provided. See below for more details.
To activate a cell phone, the Service Desk technician will take the employee's phone number and provide it to a lead or supervisor. Once the lead or supervisor has entered the number into Duo, a verification code will be sent to the employee with a link. The employee must have the Duo app installed prior to receiving the text.
To activate Duo for a cell phone, the employee will select the link from within the text. This link will open the app; if the employee sees a six-digit code at the top, they are good to go.
Note: Some devices may receive an error about security issues with their device. You can select "Fix Later."
Bypass codes are used in the absence of a Duo device (token or cell phone). The code is good for 12 hours (unless a valid reason is given to extend it) and will grant an employee access to their needed applications. It is imperative that the employee select "Remember me for 12 hours" at the Duo screen; if not, they will need another bypass code should they access the application again. By selecting "Remember me for 12 hours," Duo will remember the employee on the computer used to access Duo. If any employee needs to use Duo for another computer, they will need another bypass code.