About multi-factor authentication

Effective June 1, 2022, MFA will be mandatory at the University of Manitoba for all faculty, staff, and students.

Multi-factor authentication or MFA adds an extra layer of security to our university accounts to protect you, your data, and university systems from unauthorized access and phishing attacks.

Verifying your identity using a second factor such as your phone or mobile device prevents others from accessing your accounts, even if they know your password. 

How it works: MFA works by requiring both of the following verification methods to access your account:

  • Something you know (your UM username and password)
  • Something you have (a trusted device – your mobile phone)

MFA-protected services

The range of MFA-protected services is continually expanding. The services that are currently protected with multi-factor authentication include:

Remember to keep your software up-to-date by installing the latest security patches and updates.  

Getting started

Setting up  multi-factor authentication with Duo is easy and only takes a few minutes. Once in place, it takes only seconds to verify yourself when logging in each time!

How to use Duo MFA

You must add a second-factor device using the Duo Prompt to log in to MFA-protected university services like Outlook email.

  1. Enrol your second-factor device - add more than one!
  2. Sign in as usual with your UM email address and password.
  3. When prompted, use an enrolled device to perform the second step. Note: The first time you sign in after your account has been enrolled in Duo, you will be prompted to add your second-factor device.
  4. Make it easy on yourself and tell your browser to remember you for 30 days.
  5. That's it! Check out the videos to see Duo MFA in action.

How to add your second-factor device

You will need your mobile device and a laptop or desktop computer with an internet connection.

  1. Open a browser (Google Chrome is recommended) and go to http://portal.office.com.
  2. Enter your UM username and password.
  3. Duo will prompt you to add your second-factor device. Follow the prompts to complete your setup.

If you did not complete the previous steps, Duo will prompt you to add your second-factor device the first time you log in to an MFA-protected service after your account is enrolled. Follow the prompts to complete your setup.

You may also want to review our guide to adding your device in Duo.

Common issues

Get MFA support from the IST Service Desk.

I just enrolled in Duo MFA, and I can't connect to the VPN

Please use the umanitoba-mfa connection in the Ivanti Secure Access Client to access the virtual private network (VPN). If you do not see this connection listed in your installation of Ivanti Secure Access Client, visit Virtual Private Network (VPN) for setup and configuration instructions or contact the IST Service Desk.

Technical support

Visit Set up MFA for assistance with setting up MFA or to report a problem with MFA.

Using the Duo Prompt

When prompted to verify yourself through Duo, you will have the choice to verify yourself in one of multiple ways.

  • Send Me a Push - Recommended

    Approve a notification pushed to your mobile device.  A push notification to the Duo Mobile app is the most secure authentication method:

    • Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t.
    • The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.

    Call Me

    Answer a call to the number listed in your account. You will receive a phone call from the closest data centre to you. A list of numbers Duo uses for phone call verification is available on their website.

    Keep in mind that you would have to change your authentication number if you are away from your landline.  Using your work phone requires either being on campus, call forwarding or a soft phone setup like Jabber. Visit Using Duo With Any Cell Phone or Landline for detailed instructions.

  • Duo prompt in browser or mobile device.
    Duo prompt in browser or mobile device

    Choose “Remember me for 30 days” in the Duo prompt so you don’t have to log in every time you open a new browser window.

Enter a Passcode

Log in using a passcode, either generated with the Duo Mobile app or sent via SMS text message. If you cannot use Duo Push, a one-time passcode from your Duo Mobile app is the second best option.

    Other options

    Please contact the IST Service Desk for an alternative solution.

    When you will be prompted for a second factor

    You will be promoted to use Duo multi-factor authentication (MFA) whenever you have to log in to an MFA-protected service such as UM Zoom, UM Intranet, the virtual private network (VPN), your UM Microsoft 365 applications and others.

    You will be prompted for a second factor to log in to the university's MFA-protected services on every device at least once. Duo MFA will prompt you when logging in to a protected service both on and off campus.

    On your desktop

    You will be prompted:

    • The first time you open a Microsoft 365 application, UM Intranet or UM Zoom.
    • The first time logging in after changing your UMNetID password.
    • When signing in to the virtual private network (VPN). Note: After you are enrolled in Duo MFA, you must use the "umanitoba-mfa" connection in Pulse Secure to sign in to the VPN.

    In your browser

    You may be prompted:

    • When opening a Microsoft 365 Online tool, UM Intranet site or UM Zoom in a new or private browser window. Note: You can choose to “Remember me for 30 days” in the Duo Prompt.

    On your mobile device

    You will be prompted:

    • The first time you open a Microsoft 365 application, UM Intranet site or UM Zoom.
    • When using the mobile browser to open a Microsoft 365 tool.
    • The first time logging in after changing your UMNetID password.
    • When using a mail app that is not Outlook.
    • When you start using a new device.

    Duo user experience guide (PDF)

    FAQS Multi-factor authentication and Duo

    Accessibility

    Is Duo accessible for people with disabilities?

    According to Duo:

    "We test for accessibility in a number of ways. For our visually impaired users, we test our software manually by using both magnification and screen readers, specifically Nonvisual Access’ NVDA screen reader and Apple’s VoiceOver. We also ensure users can successfully authenticate only using a keyboard by testing font colors and backgrounds against contrast checkers and improving contrast for keyboard focus."

    From: https://duo.com/docs/accessibility#what-standards-does-duo-use-to-measure-accessibility?

    If you have questions or concerns about accessibility or need an accommodation, please contact the IST Service Desk at 204-474-8600.

    Read more about Duo's accessibility options:

    I can't use the mobile app. Are there other authentication options?

    Yes. Other authentication options include:

    Text message

    Phone call to a number

    • You also have the option of using a landline for authenticating.  However, keep in mind that you would have to change your authentication number if you are away from your landline.  Using your work phone requires either being on campus, call forwarding or a soft phone setup like Jabber.

    Other options

     

    Duo on your mobile phone

    Is the Duo app free?

    Yes. It is available in the Apple App Store and Google Play.

    Why should I use my personal phone for this?

    Mobile phones are the most popular choice for multi-factor authentication because of the convenience. Most people seldom go anywhere without one. If using a mobile phone isn’t an option for you, please contact the IST Service Desk to discuss other options or read about the other options available in the "Getting started" section.

    General concerns about the use of a mobile phone for your job, should be discussed with your supervisor.

    Will multi-factor authentication work on my cell phone if I don't have cellular coverage or Wi-Fi access?

    Yes. You won't be able to receive push notifications so when you are logging in choose, Enter a Passcode in the Duo Prompt. Then open your Duo app and select Show under Passcode. It will give you a six-digit code to enter for authentication. You do not need an internet connection or a cellular signal to generate these passcodes.

    What happens if I change SIM cards in my phone?

    SIM card with same phone number:
    If the Duo app is already installed on your phone and the new SIM card uses the same phone number as the previous SIM card, Duo will work as normal.

    SIM card with different phone number:
    If you have the Duo app on your phone and change to a SIM card with a different phone number:

    1. Push notifications in the app — Changing SIM cards should not have any effect.
    2. Text (or call) notifications – You will need to register the phone number corresponding to the new SIM card, and then select which number to use when logging in.

    More information is available in this Duo help guide.

    If you encounter any difficulties when changing phones, please contact the IST Service Desk for advice.

    What happens if I lose or forget my phone?

    If your phone is lost or stolen, contact the IST Service desk immediately for assistance.

    Devices can be added or removed in the Duo management portal. Visit Adding a new device for detailed instructions.

    How much data does a Duo Push use?

    Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

    What if my push alerts aren’t coming through?

    Try these easy troubleshooting steps for iOSAndroidWindows Phone, or BlackBerry.  Still not working? Reactivate Duo Mobile or contact the IST Service Desk.

     

    Alternate or multiple devices

    Can I have Duo on multiple devices?

    Yes, you can configure several devices on your Duo account from the Duo prompt by selecting Add a new device. As well, multiple devices of the same type can be added.

    For detailed instructions visit: Adding a new device

    I’ve switched devices and/or need to reactivate Duo mobile.

    If you get a new phone, or if you’ve re-installed the Duo Mobile app, you'll need to re-activate Duo Mobile. You may enrol your new device yourself from the Duo prompt.

    You will need to log in using an MFA device already configured to your account. If the device you are replacing is your only MFA device and you no longer have access to it, contact the IST Service Desk at 204-474-8600. 

     

    Duo app security and privacy

    What should I do if I receive a push notification in Duo that I didn’t initiate?

    Assume that someone is trying to illegally access your account:

    • First, choose “Deny” in the Duo app to block the request.
    • After you deny the request, please report it by selecting “It seems fraudulent” from the list of reporting options. Note: If for any reason you “Deny” a Duo request that your own login activity triggered, select the “It was a mistake” reporting option.  
    • Change your password in signUM immediately.  
    • Call the IST Service Desk at 204-474-8600 and report the attempt!

    Does the Duo app on my phone give UM or Duo control or access to my phone?

    The Duo app does not give the university access to your mobile device and does not provide any control over the mobile device. During the multi-factor authentication process, the only information provided to the University is that the authentication was completed. For more information, see Duo’s privacy policy.

    Where can I find Duo’s privacy and security information?

    Please see Duo's Privacy Data Sheet.

    Contact us

    Call or chat
    Monday to Friday, 8 a.m. to 8 p.m.
    Call 204-474-8600 or Chat now
    To report a critical system outage after hours or on weekends and holidays, call 204-474-8600 and press 2.

    IST Service Desk walk-in service
    123 Fletcher Argue
    University of Manitoba, Fort Garry
    Hours: Monday to Friday, 8 a.m. to 6 p.m.
    Join the queue: Fort Garry WaitWell or text your name to 431-631-0844

    230 Neil John Maclean Library
    University of Manitoba, Bannatyne
    Hours: Monday to Friday, 8 a.m. to 4:30 p.m.
    Join the queue: Bannatyne WaitWell or text your name to 431-631-6555