Skip to main content

Multi-Factor Authentication

Scammers are becoming increasingly more sophisticated in their phishing attempts. Recently bad actors tried to impersonate KU Medical Center and The University of Kansas Health System employees with the intent of changing their bank routing numbers in the payroll system so employees' paychecks would be deposited into the scammer's bank account on payday. To defend against these types of cyberattacks, KU Medical Center and the health system will implement a Multi-Factor Authentication (MFA) process to provide an extra level of identification security.

What is MFA? 

Multi-Factor Authentication (MFA) will require you to confirm your identity using your password along with verification from an app installed on your mobile phone (see Duo Mobile app info below) or a code entered from a registered hardware device​​​ before you can access your account. MFA creates friction for attackers with minimal disruption to legitimate users.

MFA diagram

How does Duo Multi-Factor Authentication work?

MFA will be automatically applied to each system for which it is needed. We will communicate in a variety of ways to ensure that everyone is aware of which systems will require MFA starting on specific dates (see implementation schedule). Once MFA is applied, you will have to use MFA to access these systems. Using the free Duo Mobile app on your smartphone is the easiest and most convenient way to confirm your identify for MFA.

Steps to register your device and download the Duo Mobile app (view instructional screenshots)

  1. Registration must be initiated on your computer (not your phone) from the MFA Self-Service page.
  2. When you get to the computer screen "Install Duo Mobile…," search for "Duo Mobile" in your app store on your phone.
  3. Tap "install" to install the app.
  4. Open the Duo Mobile app.
  5. Go back to your computer and click "I have Duo Mobile installed."
  6. From the Duo Mobile app on your phone, the app will use​ your phone's camera to capture the QR code displayed on the computer page "Activate Duo Mobile…"​
  7. Hit "Continue" on the computer screen.
  8. Now that you're enrolled, your smartphone can be set to receive push notifications or codes within the Duo Mobile app.

By enrolling your devices before MFA is implemented, you'll be able to easily log in when MFA is live and required for access.

Once your device is registered and MFA has been applied to application(s), log in as usual. After entering your KU Medical Center or health system credentials, you will be asked to choose an authentication method. The best option is a push notification to your phone. Your phone will show an alert , you will approve, and you'll be allowed to enter the system.

If the Duo Mobile app is not an option for you or if you prefer to use separate hardware devices that generate and display codes, read the FAQs or contact Customer Support at 913-945-9999, option 1 to reach the Health System Service Desk, option 2 to reach the University Service Desk; Wichita users should call 316-293-2605, option 1 to discuss your options.

Register Your Device from Your Computer

Watch instructional video below.

Duo Video screenshot
Guide to Multi-factor Authentication - Duo Security video

When will MFA be implemented? 

Starting in March 2020 and throughout the year, information resources will implement Duo, our new MFA tool, that KU Medical Center and the health system employees, students and affiliates will use to access select applications, including Outlook on the Web, VPN, Workday and specific higher risk or critical applications and systems.

Date

System
​​04/27/2020 ​​Adaptive Insights
​04/27/2020 KUMC VPN
07/01/2020 Workday
07/13/2020 O365 products, including Outlook on the Web and the KUMC intranet

Once MFA has been applied to Workday and Office 365 products, everyone at KUMC, including Faculty, Researchers, Staff, Students, and Affiliates, will be using MFA. We anticipate that many schools and business units will have high risk systems (some small, some large) that need MFA, and Information Resources will work with KUMC Department of Communications when MFA will be applied to large systems that impact a lot of users. 

​What are the benefits of MFA?​

By requiring a second form of identification, MFA decreases the probability that an attacker can impersonate a user and gain access to computers, accounts, applications or other sensitive resources. Even if a bad actor gains access to a password, they won't have the second element required to authenticate.

Collectively as an institution and as individuals, we have a legal and ethical obligation to protect private, confidential, and sensitive data to the best of our ability. In an increasingly complex digital world, usernames and passwords alone are not enough to stop hackers and data thieves. Duo’s MFA process gives KU Medical Center and the health system an affordable and simple way to ensure all employees, students and affiliates can do their part to protect their own data as well as that of colleagues and other stakeholders.

MFA is recognized as an effective security control for preventing data breaches and is now required by the new State of Kansas Information Technology Executive Council (ITEC) policy.

FAQs and troubleshooting

DUO MOBILE APP

What should I do if I receive a push notification in Duo that I didn’t initiate?

Is the Duo Mobile app accessible for people with disabilities?

Why should I use my personal smartphone when KU Medical Center or the health system doesn't pay for it?

I have a limited data plan or I don’t have access to Wi-Fi or cellular coverage. Are there alternatives?

What happens if I change SIM cards in my phone?

What if I don't enroll my device(s) prior to MFA being applied to applications that I use?

How do I install Duo on a new phone or reinstall the app on my current phone if I already use Duo?


DUO MOBILE APP SECURITY AND PRIVACY

Does the Duo Mobile app on my phone give KU Medical Center, the health system, or Duo control or access to my phone?

Does the presence of Duo on my phone make my entire phone’s contents subject to legal discoverability?

What should I do if I receive a push notification in Duo that I didn’t initiate?


ALTERNATIVE DEVICES

Are there alternatives to using my smartphone?

Why should I use my smartphone instead of an alternative hardware device?

Can I use a U2F device? What’s the difference between a U2F device and a hardware device that generates and displays codes?

Can I share my U2F device or hardware device that generates and displays codes with a coworker?

How do I use a hardware device for MFA?


USING DUO

What kinds of applications require MFA?

I work at KU Lawrence/Edwards, but I have a KU Medical Center campus online ID. Will I have to use Multi-Factor Authentication to access those systems?

As a health system user, If I currently use MS Authenticator, will I be required to enroll in DUO?

Will I have to use Duo every time I log in?

I will be using a temporary phone or other communication device while traveling. What should I do?

My smartphone is enrolled with Duo, but I deleted the app or it’s not working. What do I do?

How do I register multiple devices?

I don’t work near the Kansas City campus. What should I do if I need assistance?

If I use Duo at KU-L or another organization, do I need to register at KUMC?

If I log into VPN, will I be prompted to use MFA for other applications on which MFA has been applied within the 12-hour "remember me" session?

What if I forget to bring my mobile device or token?

I'm not getting the prompt for Duo. What do I do?


 

Register Your Device from Your Computer


Contact information

For all questions about multi-factor authentication, please contact Customer Support at 913-945-9999

  • option 1 to reach the Health System ​Service Desk
  • Health System users may also open a ticket through MYIT.
  • option 2 to reach the University Service Desk
  • Wichita users should call 316-293-2605, option 1.​

Last modified: Jun 18, 2020
ID=x27076