Summary
Beginning March 21, 2023, clients began seeing the new Duo Universal Prompt when accessing certain web resources. These include Microsoft 365 (Outlook, Word, Excel, etc.) and Shibboleth (Box, etc.) applications.
Body
Overview
The Duo Universal Prompt is the next-generation version of Duo's interactive, web-based authentication. The new prompt is more adaptive and contextually aware, providing additional security, while being easier to use and more accessible for clients. Other than a visual change, the most obvious difference that clients will experience is that instead of showing the Duo prompt within the sign-in page, clients will be redirected to a page hosted by Duo at duosecurity.com
to show the Duo prompt, and then redirect back to the protected application after two-factor authentication is completed.
- The new Duo Universal Prompt will live alongside the existing AITS Duo iFrame, which will be presented when accessing AITS applications (Banner, HR Reporting, My UI Info, NetID Center, Direct Deposit, etc.).
- Clients can enroll in 2FA for the first time via the Duo Universal Prompt, even while off-campus.
- The Duo Universal Prompt helps keep clients secure by automatically choosing the most secure authentication option by default.
- Clients can manage devices from a Duo Universal Prompt window, avoiding the need to visit a different page. In addition, the Duo Universal Prompt enables clients to enroll and use more secure authentication devices such as WebAuthn/FIDO2 security keys.
Note:
-
- Hardware tokens purchased from the Webstore must be initially enrolled in the NetID Center. The tokens can then be used at either Duo prompt.
- Clients bringing their own compatible WebAuthn/FIDO2 Security Key can only enroll and use the device via the Duo Universal Prompt.
- Yubikey 5 NFC devices sold through the Webstore can be set up as a hardware token through the NetID Center and as a WebAuthn/FIDO2 key via the Universal Prompt.
- The Remember Me function of Duo is functionally the same as before, but now it will ask you 'Trust this browser?'.
- This will reduce the amount of times you have to authenticate with Duo.
- Do not trust the browser when using a public or shared computer! Trust the browser only when you access applications from your own computer.
- You'll see this prompt when logging in via desktop apps such as Outlook or Teams as well.
- More information can be found here: MFA, Remember Me
2FA Topics
Visual Difference |
(New) Duo Universal Prompt |
AITS Duo iFrame |
|
|