Register and using 2FA service for departmental, project and contractor account

Available to:

Staff (Custodians, Departmental Account users, contractor coordinators)

The custodian should register his/her mobile device with 2FA service in order to manage the 2FA services and devices for the departmental/project/contractor account. 

Register 2FA service for custodian

1. Custodian can follow the steps in "Register for 2FA Service" webpage to register his/her mobile device by logging in using the departmental/project/contractor account.

2. Custodian can follow the steps in "Change Device Name" on the "Manage Devices for 2FA" webpage to change the device name with their name for easier identification of the device.

Register and using 2FA services for departmental/project/contractor accounts

2FA is required if the department/project/contractor account needs to be shared with other colleagues or contractors for accessing critical systems outside of the campus network. The 2FA approval can be operated with 2 different options:

• Option 1 - The 2FA request for the departmental/project/contractor account accesses is approved by the contractors themselves. (i.e. contractor can manage their own login - Login by contractor and approve 2FA by contractor).
• Option 2 - The 2FA request for the departmental/project/contractor account accesses is approved by the custodian/supervisor (i.e. User login needs approval by custodian/supervisor - Login by contractor and approve 2FA by the custodian/supervisor)

Please see the following description on how to register 2FA services and approve the login requests in different options:

Option 1 

For this option, the users/contractors can approve their own 2FA login request when accessing critical systems/services outside of the campus network. All users/contractors should register the 2FA service with their mobile devices.

Steps to register the users/contractors' mobile devices for option 1

1. Users/contractors access the Two-Factor Authentication (2FA) Self-Service website and log in using the departmental/project or contractor account.

2. When prompted for 2FA, click "Send Me a Push" and send a request to the custodian. Contact and ask the custodian to approve the login.

3. Click the "Manage Device" button on the Two-Factor Authentication (2FA) Self-Service website.

4. User/contractor can follow the steps in "Add a New Device" on the "Manage Devices for 2FA" webpage to add their mobile device for 2FA.

5. User/contractor can follow the steps in "Change Device Name" on the "Manage Devices for 2FA" webpage to change the device name with their name for easier identification of the device.

How to login to a critical system outside the campus network using departmental/project account for option 1

1. Login to the target system using the departmental/project/contractor account.

2. When the system prompts for 2FA, the user/contractor can choose his/her own device in the "Device" drop-down box and press the "Send Me a Push" button.

3. The user/contractor’s mobile device will receive a push request on the Duo Mobile Apps. Approve the 2FA request on the user/contractor's mobile device.

Option 2

For this option, only custodians and registered supervisors can approve the 2FA request when the users/contractors log in to critical systems/services outside of the campus network. All supervisors should register the 2FA service with their mobile devices.

Steps to register the supervisor's mobile device for option 2

The custodian should have registered the 2FA services. If additional supervisors are needed for the approval of 2FA requests, follow the steps below to register 2FA service for the supervisors.

1. Supervisor access the Two-Factor Authentication (2FA) Self-Service website and log in using the departmental/project or contractor account.

2. When prompted for 2FA, click "Send Me a Push" and send a request to the custodian. Contact and ask the custodian to approve the login.

3. Click the "Manage Device" button on the Two-Factor Authentication (2FA) Self-Service website.

4. Supervisor can follow the steps "Add a New Device" in the "Manage Devices for 2FA" webpage to add their mobile device for 2FA.

5. Supervisor can follow the steps "Change Device Name" in the "Manage Devices for 2FA" webpage to change the device name with their name for easier identification of the device.

How to login to a critical system outside the campus network using departmental/project account for option 2

1. Login to the target system using the departmental/project/contractor account.

2. When the system prompts for 2FA, the user/contractor can choose a custodian/supervisor device in the Device drop-down box and press the "Send Me a Push" button. Contact the custodian/supervisor to approve the 2FA request.

3. Approve the 2FA request on the custodian/supervisor's mobile device.

Manage Departmental, Project and Contractor Accounts

• Manage Departmental, Project and Contractor Accounts
• Apply for new departmental, project and contractor account
• Activate new departmental, project and contractor account
• Renew account expiry date / update administrator or custodian information
• Expiry Accounts / Staff movement / Account Disabling handling for departmental, project and contractor accounts