What is MFA?
Multifactor authentication (MFA) is a way to confirm that a username and password are being entered by an authorized person, and not someone who obtained the login through a data leak or phishing attack. Examples of MFA include:
- Sending a confirmation prompt to your phone or mobile device
- Requiring a code from a text message or a previously generated list
- Using a card or hardware token on the computer/system
Duo is already being used at Columbia University for many online systems, however any existing CU account in Duo cannot be used with CUIMC systems; a separate CUIMC account must be set up.
When do I need to use MFA at CUIMC?
CUIMC requires MFA via a program called Duo for the services listed below. After setting up your CUIMC Duo account, simply sign in to the program as usual and use your selected method for MFA.
CUIMC Duo is required when signing in to:
- CUIMC email and Microsoft Office 365 apps from off campus.
If you are already enrolled in CUIMC Duo, see Using MFA with Email and Office 365. Otherwise you will be prompted to enroll when you first sign in to email or an Office 365 app. - CUIMC VPN - Enroll for Duo here
- Some CUIMC department specific Citrix environments - Enroll for Duo here
How Duo Works
If you need to use Duo with all required CUIMC services including VPN, sign in to the CUIMC Duo enrollment form with your UNI account and password.
TIP: Your UNI account is the same one used to login to myColumbia or CourseWorks.
If you only need it for CUIMC email and Office 365, you will be prompted to enroll in CUIMC Duo when you first sign in to email or an Office 365 app/portal, see instructions here. You do not have to enroll again if you already use CUIMC Duo for VPN.
The form walks you through selecting your preferred authentication method and any other steps to complete set up. A list of the methods and instructions are on the enrolling for VPN or email and Office 365 pages. Methods include:
- Preferred method: Push Notification - via the Duo app installed on a smartphone or tablet. When you need to authenticate, your cell or wifi connected device will prompt for approval within the app.
- SMS/Text Message - one-time use passcodes are sent by text message to enter when needed.
- Phone call - Duo service can call a landline or cell phone number to prompt for authentication approval.
- Passcode - the Duo app can provide a one-time passcode even if the mobile device is not connected to wifi or cell service.
Devices that can be used with Duo include:
- Smartphones - iPhones, Android devices, and Windows phones.
- Tablets - iPads and Android devices
- Basic cell phones - with or without text capability
- Landlines - a work/desk or even home phone
Detailed help can be found on the How to Enroll in Duo for VPN, Using CUIMC VPN with Duo, How to Enroll in Duo for Email and Office 365, Using CUIMC Email and Office 365 with Duo, and FAQ pages, as well as Duo's generic Enrollment Guide.