How can I enroll in MFA / 2FA?

Instructions

1. Navigate to the NetID Center (https://identity.uillinois.edu) and log in.
   1. If your account is already enrolled in MFA, you will need to authenticate with one of your existing devices. If you run into issues or do not have your device, please see this help article for more information: How can I troubleshoot MFA / 2FA problems?
2. Once you're logged in, make sure that the email address listed under Recovery Settings is still correct. This email address can be used to get bypass codes in case you cannot authenticate using your devices in the future.
3. Select 'Set up 2FA'.
4. If you are not on campus and connected via the campus network: You will be shown a screen with the heading “(!) Must be connected to the University network to register” – you will still be able to enroll, but you will need to confirm your identity by way of one of your recovery options:
   1. Select the blue “Get registration code” button below the ‘Option 2’ heading.
   2. Select one of the presented pieces of contact information, which should match the password recovery options confirmed in step 2.
   3. You will receive a 6-digit “UI Verify Registration Code” there. Enter the numbers at the “Enter registration code” box on the next screen.
5. You will be taken to the “Device Setup: Add a Device” screen. Select the type of device you are intending to use for authentication:
   1. Smartphone (recommended) should be selected for any device with a phone number
   2. Tablet should be selected for devices that do not have a phone number but can install the Duo Mobile app.
   3. Hardware token should be selected for MFA token devices purchased from the University WebStore; more detailed instructions here: What are MFA / 2FA Security Keys?
6. Device dependent instructions below.

   Smartphone

   1. If enrolling a phone, enter your phone number and select Yes you want to use the Duo Mobile App, then Continue.

      If you do not want to provide your phone number when configuring your smartphone, you can hit the back button and set it up as a tablet. With this option you will only be able to receive push notifications or generate passcodes via the Duo Mobile App.

      
   2. Type of Device Platform (if applicable)

      Select your device platform, then select Continue.

      
   3. Installing and Activating Duo Mobile

      Duo Mobile is an app that runs on your smartphone or tablet and helps you authenticate quickly and easily. You can still authenticate via text message without it, but for the best experience we recommend Duo Mobile.

      • Search for Duo Mobile in your app store.
      • Download the app.
      • Select "OK" when asked if Duo Mobile can send push notifications.
      • Select Add Account
      • Once the app is installed, select I have Duo Mobile installed.
      
   4. Activate Duo Mobile

      A)  Using phone camera for Activation

      Follow the instructions shown on the screen to open Duo Mobile on your device, tap the '+' button, and scan the barcode on your screen with your camera.

       

      You are now successfully enrolled.  If you have more than one device enrolled, you will be asked if you would like to make this device your favorite.  If it is your favorite, it will show first when authenticating.

      B)  If you opt not to use your phone's camera for activation

      1. Select "Or have an activation link email to you instead"
         
          
      2. Enter your email address and select Send email
         
          
      3. Below is an example of the email you will be sent.  You should open this email on your smartphone by selecting the link or pasting/typing the link in to your smartphone browser URL bar.
         
         
          
      4. Select Open
         
         
      5. Tap Save on the next screen.
      6. University of Illinois should appear under the Duo Mobile App
         
         
          
      7. You are now successfully enrolled.  If you have more than one device enrolled you will be asked if you would like to make this device your favorite.  If it is your favorite it will show first when authenticating. 

   Tablet

   1. Choose the type of tablet you are adding.

      Tablets will be iOS or Android.

      
   2. Installing and Activating DUO Mobile

      Duo Mobile is an app that runs on your tablet and helps you authenticate quickly and easily.

      • Search for Duo Mobile in your app store.
      • Download the app.
      • Select "OK" when asked if Duo Mobile can send push notifications.
      • Select Add Account
      • Once the app is installed, select I have Duo Mobile installed.
        
         
   3. Activate Duo Mobile

      A)  Using tablet camera for Activation:

      Activate Duo Mobile by scanning the barcode with the app’s built-in barcode scanner using your tablets camera.

      

      You are now successfully enrolled.  If you have more than one device enrolled you will be asked if you would like to make this device your favorite.  If it is your favorite it will show first when authenticating.

      B) If you opt not to use your tablet camera for Activation

      1. Select "Or have an activation link email to you instead"
         
         
          
      2. Enter your email address and select Send email
         
          
      3. Below is an example of the email you will be sent.  You should open this email on your tablet by selecting the link or pasting/typing the link in to your table browser URL bar.
         
         
          
      4. Select Open
         
         
          
      5. Tap Save on the next screen.
      6. University of Illinois should appear under the Duo Mobile App
         
          
      7. You are now successfully enrolled.  If you have more than one device enrolled you will be asked if you would like to make this device your favorite.  If it is your favorite it will show first when authenticating. 

   Security Key

   Type in the serial number of your device which can be found on the back of the hardware token.

   For the Yubikey, you can also find the serial number in your WebStore account (Log into  WebStore  with your NetID, under Order History select your order number.   The serial number will be listed under the Installation Key/Code).

   

   After you select Continue, you will need to confirm your token.

   For Yubikey:

   Insert the Yubikey in the USB port of your computer with the gold button facing up. It will take a few seconds to register the first time. Press the gold button on the Yubikey and it will generate the passcode and log you in. Make sure CAPS LOCK is off when registering a Yubikey.

1. If you are accessing an application protected by the Duo Universal Prompt, it will walk you through the enrollment process after you authenticate with your username and password:
   
    
2. Next, you will be presented with a list of enrollment options.
   
   We highly recommend using the Duo Mobile smartphone app, as it offers the best combination of security and convenience:
   
   
    

   Duo Mobile

   1. If you choose the Duo Mobile option, you will be asked to enter your phone number on the next screen. If you have a tablet you can select that option:
      
       
   2. A text message will be sent to your phone number to verify ownership:
      
       
   3. After ownership of the phone is verified, you will be instructed to download the Duo Mobile app, available for iOS and Android:
      
       
   4. Once Duo Mobile is installed on your phone, open it. Make sure to enable notifications for the app.
      
      Select Next in the prompt on your computer, and either scan the QR code provided, or choose to have an activation code emailed to you:
      
       
   5. Your enrollment is complete! You have the option of adding a backup authentication method. If you choose to skip for now, you can select the "Log in with Duo" button to proceed with the login process:
      

   WebAuthn/FIDO2 Security Key

   The Duo Universal Prompt supports the use of a WebAuthn/FIDO2 Security Key for authentication. Please make sure your security key and browser meet the requirements listed here. The dialog boxes you see outside of the Duo Universal Prompt can vary between browsers and operating systems.

   NOTE: The NetID Center and AITS Duo Prompts do not support WebAuthn. Because of this, you will want to add another authentication method such as the Duo Mobile app as a backup.

   1. Once the Security Key option is selected, select Continue. You may see a dialog box from your browser next. If the security key is already recognized by your browser, you can skip to step 2. Otherwise, select the option for 'External security key or built-in sensor':
      
       
   2. You will then see a dialog box from your operating system. Once you proceed you will be asked to set your security key PIN. If you have not set a PIN yet you can create one.
      
       
   3. Once your security key is verified and authorized you will be asked to touch your security key to complete the authentication.
      
       
   4. You're done! As previously mentioned, you will want to have an additional authentication method as a backup in case you encounter an application protected by the AITS Duo Prompt such as Banner or the NetID Center.