Duo has a new look for login verification called Duo Universal Prompt.

Duo will be ending support for their traditional login verification method and upgrading to a new visual interface with enhanced layers of security.  This change requires W&L to upgrade to the new authentication service. Users will notice a different look to the prompt when signing into the W&L MyApps page. Most notably, there will now be a requirement to click a "Verify" button each time, to complete the login process.

What to expect when signing in on-campus?

If the first time you log in to the new verification method through MyApps is on-campus, you will see the following.
  1. Set up security methods. Click the "Set up" button.
  2. Click the "Enroll" button. You are now logged in.

Screenshots that say: Set up security methods. Security methods help protect your Okta account by ensuring only you have access. Duo ODIC MFA used for set up. A clickable button in the screenshot says "set up". The second screenshot has a blue clickable button that says "enroll".

Once you're set up and enrolled, you will simply click the "Verify" button for all subsequent logins on-campus (see screenshot below).

Screenshot that says: Verify with Duo OIDC MFA. You will be redirected to verify with Duo OIDC MFA. A blue clickable button says "Verify".

What to expect when signing in off-campus?

If the first time you log in to the new verification method through MyApps is off-campus, you will see the following.
  1. Set up security methods. Click the "Set up" button.
  2. Click the "Enroll" button.
  3. Duo will default to the most secure authentication method you had previously set up. In most cases, you will see a Verified Duo Push and will be prompted to enter the code visible on your screen into the Duo mobile app.
  4. Once you're set up and enrolled, you will click the "Verify" button the next time you login off-campus (see screenshot above). **NOTE**  When logging in off-campus, you will automatically receive a Duo prompt to verify once every 14 days.

Three screenshots that say 1. set up security methods. Security methods help protect youir Okta account by ensuring only you have access. Redirect to verify with Duo OIDC MFA. A clickable button says "set up". 2. Set up Duo OIDC MFA. You will be redirected to enroll in Duo OIDC MFA. A blue clickable button says "enroll". 3. Enter code in Duo Mobile. Verify it's you by entering this verification code in the Duo mobile app.

What if I have a YubiKey registered with Duo?

Duo will attempt to authenticate with your YubiKey the first time you sign into Duo Universal Prompt while off-campus. You can proceed by using your YubiKey to sign-in, or you can switch to a different method by following the instructions below.

To switch from YubiKey to an alternate sign-in method:
  1. Click "Cancel" in the pop up window.
  2. Select "Other options" after canceling the login.
  3. Choose a different login method and proceed with the enrollment steps as described in the sections above.

Two screenshots. 1. Making sure it's you. Tap your security key on the reader or insert it into the USB port. A clickable button says "cancel". 2. Login canceled. Your login request with security key was canceled. Try again. A clickable link says "other options."

What is Duo Risk-Based Authentication?

Attackers continually exploit a wide range of techniques to compromise accounts and fraudulently authenticate. Duo's Risk-Based Authentication automatically detects and mitigates commonly-known attack patterns and high-risk anomalies. 

  1. Duo Risk-Based Factor Selection analyzes authentication requests and adaptively enforces the most secure factors in response to risk. It continuously adapts its understanding of normal user behavior and identifies patterns of activity consistent with an attack. When a known attack pattern or anomaly is detected, the user is permitted to authenticate using only the most secure factors. This authentication with restricted factors is known as a "step-up authentication".
  2. Duo Risk-Based Remembered Devices adds additional security to Duo's Remembered Devices feature by adapting the duration of remembered device sessions in response to risk. It looks for authentications from anomalous network locations, which may indicate theft of the remembered device token or access attempts from a lost or stolen device. When an anomalous authentication attempt is detected, the remembered device session terminates and users are required to reauthenticate. With Risk-Based Remembered Devices, the remembered device session is established automatically for 14 days, with no prompt to the user.