Duo Authentication for Mobile Access


Introduction

Cisco has changed the way Duo two-factor authentication (2FA) behaves when logging into protected services on mobile devices, including smartphones and tablets. Different workflows are recommended depending on whether the mobile device where the login is happening also has the Duo Mobile app installed. See example below.

 

Instructions

Example Login Situation: A user is trying to log in to the Tufts Zoom website (tufts.zoom.us) on different mobile devices, one that has Duo Mobile installed on it and the other that does not.

 

Scenario 1: The user is trying to log in on their smartphone (Device A), which has the Duo Mobile app installed

Recommendation: At the verification step, tap the Open Duo Mobile option and follow the on-screen prompts to complete authentication. A simple push will be initiated on that same device and can be completed in the Duo Mobile app.

A screenshot sequence showing a user completing 2FA on a mobile device that has Duo Mobile installed, by tapping Open Duo Mobile > Open > Approve, then returning to the application they were logging into.

 

Scenario 2: The user is trying to log in on their tablet (Device B), which does NOT have the Duo Mobile app installed

Recommendation: At the verification step, tap I don’t have Duo Mobile installed. Duo will initiate a verification step through the user’s default method. In this example, code is displayed and a Verified Push prompt is sent to the Duo Mobile app on the user’s phone.

(Do not tap the Open Duo Mobile on a device that doesn’t have the Duo Mobile app installed. Doing so will cause the login process to fail.)

A screenshot series showing a user completing 2FA on a mobile device that does not have Duo Mobile installed, by tapping I don't have Duo Mobile installed and then completing authentication on another device