When accessing a protected service or system, you will first enter your USC NetID username and password on the USC NetID sign-in page. Afterwards, you will be required to verify your identity through one of the options on the Duo Authentication screen:
- Duo Push: This involves a notification to your mobile device. Your registered device will receive an alert that someone has attempted to log into a protected system with your credentials. You simply approve the login attempt by accepting the alert on your device. (Note that this option requires you to first install the Duo Mobile app on your mobile device.)
- Call Me: This involves a call to a registered phone number, be it a mobile or landline phone. The registered number will receive a phone call. Answer the call and listen to the instructions to authenticate. (It is NOT necessary to install the Duo Mobile app on your mobile device to receive a phone call.)
- Passcode: A code supplied by the Duo Mobile app or sent via text message to your registered mobile phone. Simply type the supplied code into the login screen to complete the login process. (To use this option on a smart phone, you must first install the Duo Mobile app on your mobile device. No app is necessary to receive a passcode via text message.)
Once you have verified your identity for a particular service or system, your login will remain valid for the duration of your session (until you log out or are timed out for inactivity).
For more information about using Duo 2FA, see guide.duosecurity.com.
For assistance signing into services with Duo, please contact the ITS Customer Support Center at 213-740-5555 or email@example.com.
For USC STUDENTS ONLY
Information Technology Services (ITS) has now enabled the “Remember my browser for 7 days” feature on 2FA (Duo) for all USC students accessing Trojan Check, Blackboard and USC email. Please note, this feature is NOT available for student employees.
This feature makes 2FA (Duo) more convenient by reducing the number of times you’ll be prompted for 2FA (Duo) on the same device when accessing the same browser. If you select “Remember my browser for 7 days,” using the same computer, phone and web browser, you won’t have to verify your login request with 2FA (Duo) for seven days.
Multi-factor / Two-Factor Authentication (MFA / 2FA)
USC’s multi-factor (MFA) and two-factor (2FA) authentication services you can add an additional layer of security to your existing sign-on. Powered by Cisco Duo MFA Edition, your existing password-based authentication can further be protected against account takeovers.
Follow these simple steps to set up the “Remember” feature for 2FA on your trusted device(s):
2-Factor Authentication Steps (Trojan Check, Blackboard, Email)
1. Enter your USC NetID (username) and password to enter the application.
2. Click the “Remember my browser for 7 days” box on the 2FA (Duo) screen.
3. Select the authentication method (Text, Call or Passcode).
4. Repeat these three simple steps every seven days to authenticate your username and password when using the same computer/phone and web browser.
- Protect your 2FA (Duo) secret keys (skey) like you would your most critical passwords. Your app or system’s security depends on how well you protect the skey.
- If your system is USC Single Sign-on (SSO) enabled you may not need to have a separate 2FA integration.
- The username on the system must match the user’s USC NetID.
- The system needing 2FA must be supported by Cisco Duo (IAM will confirm compatibility during the onboarding process).
- In order to use 2FA, users must be already be enrolled in 2FA either through USC SSO or through the USC NetID Account Portal.
- Each year IAM will work with you to re-confirm your use of 2FA (Duo). Systems and apps that are not confirmed in a timely manner may have the relevant Duo integrations disabled.
Supported Authentication Types
The following authentication tokens are supported with USC’s 2FA:
- Hardware authentication tokens that support the FIDO2 or WebAuthn authentication standard, such as Yubico’s YubiKeys, or any OATH-HOTP compatible tokens.
- Phone Call
- SMS Passcodes
- Duo Mobile smartphone app passcode (iPhone, Android)
- Duo Mobile smartphone push authentication (iPhone, Android)
To get started, open a General Consultation with the Identity and Access Management (IAM) team using ITS ServiceNow. Please include:
- Brief description of your needs (i.e., “I want to add 2FA to my Windows Servers used by the IT staff.”)
- Name of the vendor, system name, and version number (major, minor, and patch) of the IT system you want to add 2FA to (i.e., Windows RDP, Linux SSH, Windows Desktop, SalesForce, USC SSO App).
- Number and description of users (i.e., “Mostly 70 faculty and 125 staff / employees.”).
- Business-friendly name of your app or system. This will show up on the Duo prompt (e.g., “USC Single Sign-on”).