Set up MFA

Setting up MFA

Duo enrolment process

Step one – Install the Duo app

Download and install the Duo app on your mobile phone.

• a) Find the latest version of Duo Mobile in the App Store.
• b) Find the latest version of Duo Mobile in Google Play.

Note: If you cannot install an app on your mobile phone, choose another option during the self-enrolment process. If you require a hardware token, please request one.

Step two – Enrol your second-factor device

1. Open a browser (Google Chrome is recommended) and go to https://www.microsoft365.com/.
2. Enter your UM username and password.
3. Duo will prompt you to add your second-factor device.
4. Click Start setup to begin enrolling your device.
5. Choose the type of device you are adding and click Continue.

If you choose "Tablet," you must install Duo Mobile on your tablet. If you choose "Landline," you must enter a phone number that Duo will call every time you authenticate.

6. If you selected mobile phone, enter (and confirm) your number, then click Continue.
7. Choose the type of phone you are using and click Continue.
8. On your phone, press I have Duo Mobile installed.

Step three – Activate Duo mobile

Activate Duo Mobile to link it to your account. Open the app and scan the barcode with the app's built-in barcode scanner. Press Continue.

Note: If you cannot scan the barcode, choose Email me an activation link instead and follow the instructions.

If you choose, Email me an activation link instead:

1. Enter an email address that you can access on your device.
2. Click Send email.
3. On your device, open the email sent from Duo Security.
4. Tap the activation link provided in the email to add your smartphone or tablet to your Duo Mobile app.
5. Once you see the University of Manitoba set up on the Dup Mobile app, return to your computer and click Continue.

Step four – Configure your device options (optional)

If this is the device you'll use most often with Duo, you may want to enable automatic push requests by changing your When I log in: option.

• In the Configure Device Options window, change the When I log in: option from Ask me to choose an authentication method to Automatically send this device a Duo Push or Automatically call this device and press Save.

Note: If you do not see the Configure Device Options screen immediately after Step 4 - Activate Duo mobile, select My Settings & Devices in the right menu under the UM logo.

Congratulations!

Your enrolment is complete, and your device is ready to approve Duo authentication requests:

1. Click Continue to Login to proceed to the Duo Prompt.
2. Click Send Me a Push or Call me to give it a try. All you need to do is tap Approve on the Duo login request received on your phone.

The next time you log in to the VPN using the Ivanti Secure Access Client:

1. Click Proceed.
2. Enter your username and password.
3. Approve the login request from your second-factor device (mobile phone app, landline or hardware token).

That's it!

Cached credentials are not available in Duo. You will have to enter your username and password every time you log in.

Request assistance with setting up MFA

Create an IT ticket to request assistance with setting up MFA.

Request assistance

Report a problem with MFA

Create an IT ticket to report a problem with MFA. Someone from the IST Service Desk will contact you to ask for more information and assist you.

Report a problem with MFA

What to do when you receive an unexpected Duo authentication request?

When you receive an unexpected Duo request, never approve it if you have not been attempting to log in to a UM service or resource. Duo authentication requests are sent by Duo Push notification, text message or phone call when you try to log in to a university service. 

Duo multi-factor authentication works as another layer of security. If scammers get a hold of your login information through either a phishing email or a security breach, they will try to access your account by triggering a Duo push using your credentials, hoping you will approve it. Once you have approved a fraudulent Duo push, you will not know when your account is being accessed.

What you can do

If you receive an unexpected Duo Push request:

1. “Deny” the request. When you select “Deny,” you prevent the authentication request from being completed.
2. After you deny the request, please report it by selecting “It seems fraudulent” from the list of reporting options. Note: If for any reason you “Deny” a Duo request that your own login activity triggered, select the “It was a mistake” reporting option.
3. Change your password in signUM immediately.

Never approve a Duo authentication request from an unexpected phone call or text message. 

If you accidentally approve an unexpected Duo authentication request, report it to the IST Service Desk (204-474-8600) as soon as possible. The Information Security and Compliance team will work with you to secure your account and investigate the activity.