How-To: Signing into Services with Duo Multi-Factor Authentication

When accessing a protected service or system, you will first enter your USC NetID username and password on the USC NetID sign-in page. Afterwards, you will be required to verify your identity through one of the options on the Duo Authentication screen:

  • Duo Push: This involves a notification to your mobile device. Your registered device will receive an alert that someone has attempted to log into a protected system with your credentials. You simply approve the login attempt by accepting the alert on your device. (Note that this option requires you to first install the Duo Mobile app on your mobile device.)
  • Call Me: This involves a call to a registered phone number, be it a mobile or landline phone. The registered number will receive a phone call. Answer the call and listen to the instructions to authenticate. (It is NOT necessary to install the Duo Mobile app on your mobile device to receive a phone call.)
  • Passcode: A code supplied by the Duo Mobile app or sent via text message to your registered mobile phone. Simply type the supplied code into the login screen to complete the login process. (To use this option on a smart phone, you must first install the Duo Mobile app on your mobile device. No app is necessary to receive a passcode via text message.)

Once you have verified your identity for a particular service or system, your login will remain valid for the duration of your session (until you log out or are timed out for inactivity).

For more information about using Duo MFA, see guide.duosecurity.com.

For assistance signing into services with Duo, please contact the ITS Customer Support Center at 213-740-5555 or consult@usc.edu.

For USC STUDENTS ONLY

Information Technology Services (ITS) has now enabled the “Remember my browser for 7 days” feature on MFA (Duo) for all USC students accessing Trojan Check, Blackboard and USC email. Please note, this feature is NOT available for student employees.

 This feature makes MFA (Duo) more convenient by reducing the number of times you’ll be prompted for MFA (Duo) on the same device when accessing the same browser. If you select “Remember my browser for 7 days,” using the same computer, phone and web browser, you won’t have to verify your login request with MFA (Duo) for seven days.

Multi-Factor Authentication (MFA)

USC’s multi-factor (MFA) authentication services you can add an additional layer of security to your existing sign-on. Powered by Cisco Duo MFA Edition, your existing password-based authentication can further be protected against account takeovers.

Follow these simple steps to set up the “Remember” feature for MFA on your trusted device(s):

Multi-Factor Authentication Steps (Trojan Check, Blackboard, Email)

1. Enter your USC NetID (username) and password to enter the application.


2. Click the “Remember my browser for 7 days” box on the MFA (Duo) screen.

3. Select the authentication method (Text, Call or Passcode).

4. Repeat these three simple steps every seven days to authenticate your username and password when using the same computer/phone and web browser.

Considerations

  1. Protect your MFA (Duo) secret keys (skey) like you would your most critical passwords. Your app or system’s security depends on how well you protect the skey.
  2. If your system is USC Single Sign-on (SSO) enabled you may not need to have a separate MFA integration.
  3. The username on the system must match the user’s USC NetID.
  4. The system needing MFA must be supported by Cisco Duo (IAM will confirm compatibility during the onboarding process).
  5. In order to use MFA, users must be already be enrolled in MFA either through USC SSO or through the USC NetID Account Portal.
  6. Each year IAM will work with you to re-confirm your use of MFA (Duo). Systems and apps that are not confirmed in a timely manner may have the relevant Duo integrations disabled.

Supported Authentication Types

The following authentication tokens are supported with USC’s MFA:

  1. Hardware authentication tokens that support the FIDO2 or WebAuthn authentication standard, such as Yubico’s YubiKeys, or any OATH-HOTP compatible tokens.
  2. Phone Call
  3. SMS Passcodes
  4. Duo Mobile smartphone app passcode (iPhoneAndroid)
  5. Duo Mobile smartphone push authentication (iPhoneAndroid)

Contact Us

To get started, open a General Consultation with the Identity and Access Management (IAM) team using ITS ServiceNow. Please include:

  1. Brief description of your needs (i.e., “I want to add MFA to my Windows Servers used by the IT staff.”)
  2. Name of the vendor, system name, and version number (major, minor, and patch) of the IT system you want to add MFA to (i.e., Windows RDP, Linux SSH, Windows Desktop, SalesForce, USC SSO App).
  3. Number and description of users (i.e., “Mostly 70 faculty and 125 staff / employees.”).
  4. Business-friendly name of your app or system. This will show up on the Duo prompt (e.g., “USC Single Sign-on”).