Duo logo

MFA on Duo

Duo Security provides Multi-Factor Authentication (MFA) service to protect users against account takeover and data theft. This additional identification step blocks hackers from logging in your account even when your password is compromised or leaked. You will also be notified when someone tries to log in with your password, providing an additional level of protection to secured login. At EdUHK, most critical information systems are covered by Duo. It complements MFA on O365 introduced earlier to protect staff emails, OneDrive and etc.


How can I enable MFA on Duo via the Duo Mobile app?

Setting up of Duo on your mobile device is quick and easy with just a few clicks. The steps below will guide you through the process. Nonetheless, you are always welcome to contact IT Help Desk at 2948 6601 should you have any problems. (For new staff, please refer to the FAQ - Setting up Duo mobile app for MFA for the detailed procedures.)


1. System requirements

 

Note: If you don't have a compatible device to install the Duo app, please refer to the user guide "How to Enrol Duo without the Duo app".

 



2. Install and configure Duo Mobile App

Install the Duo Mobile app and allow notification for this app:

 


Get the Duo Mobile App for your device: Apple App Store Google Play Store

For android devices without Google Play store, please download the APK file here.


3. Register your mobile device for Duo

Register your mobile device for Duo via the self-service portal at https://selfservice.eduhk.hk/duo_ss/. (For new staff, please refer to the FAQ - Setting up Duo mobile app for MFA for the detailed procedures.)

Register your mobile device for Duo: (Click to expand)

You can follow the video below: (If you cannot view the video, please click here to open the video.)

  1. Open a web browser and visit https://selfservice.eduhk.hk/duo_ss/.
  2. Log in with your EdUHK username, password and Date of Birth (mm-dd) and click "SUBMIT".
    Duo self-service portal login

  3. Click "Set Active User".
    Set active user

  4. Click "Manage Your Duo settings".
    Choose manage your duo settings

  5. Click "Start setup".
    Start to setup

  6. Choose “Mobile phone” as the primary verification device. Then click "Continue".
    Choose device type

  7. Choose Hong Kong for country code and enter your mobile phone number. Tick the check box to confirm the phone number is correct. Then click "Continue".
    Enter your phone number

  8. Choose the type of your phone (e.g. iPhone) and click "Continue".
    Choose phone type

  9. Click "I have Duo Mobile installed". (Note: Make sure you have the Duo mobile app installed on your device. If not, please install it before you proceed to the next step. Please visit Install Duo Mobile app for details.)
    Prompt user to launch the Duo Mobile app

  10. When you see the following screen, open the Duo Mobile app on your mobile.
    Prompt user to scan the QR code

  11. Click “+” to add an account on your mobile device.
    Add account on Duo Mobile app

  12. Scan the QR code you get from step 10.
    Scan QR code from Duo Mobile app

  13. A six-digit passcode will be shown and your account is added successfully.
    six-digit passcode will be shown

  14. Then switch back to your computer and click “Continue”.
    QR code scanned, continue on the computer

  15. Choose "Ask me to choose an authentication method" and click "Continue to Login".
    choose an authentication method

  16. Click "Send Me a Push" to trigger the login approval process.
    Trigger login process

  17. You will then receive a notification on your mobile. Tap on the notification
    Authenticator app icon

  18. Click “Approve” on the app as the second step of verification.
    Prompt for login in approval

  19. Congratulations. Your device will be ready to approve authentication requests within 5-10 minutes and you can click "logout" or close your web browser. (Note: Please do not un-install the Duo Mobile App on your mobile device as you will need to use it for login approvals.)
    Trigger login process



Applications currently covered by Duo

Currently, most of the critical information systems, VPN and cloud services (e.g Qualtrics, Zoom) are covered by MFA on Duo. Moodle will be enabled in the next phase.


Do I need to approve every time I log in?

You will be prompted to approve every time when you log in a system covered by Duo like The Portal. You can also tick the option "Remember me for 30 days" to trust the browser and computer you are using. Then, you will not be prompted for approval for 30 days accessing the same system on the same browser on the same computer.

Remember me 30 days option

However, this "trust" feature is applied on the browser only. If you access the system with another browser, Duo will prompt for approval again.


- What if I do not have my mobile with me during log in?

If your registered device is not with you, you can apply for a "Bypass Code" on the Duo Security Self-Service Portal. The code is valid for 60 minutes only. For details, please visit FAQ: : How can I verify my identity when I do not have my registered device with me?


- Can I register more than one device for Duo?

Yes, you can register multiple devices on the Duo Security Self-Service Portal". For details, please visit FAQ: How should I reconfigure Duo when I have my mobile device replaced?.



If you have other questions about Duo, please visit the FAQ: MFA on Duo or Guide to Two-Factor Authentication by Duo , or contact IT Help Desk for assistance.