Multi-Factor Authentication with Duo
Multi-Factor Authentication (MFA) adds a layer of security to your authentication process. In addition to your account password, you can add another factor to your login process such as a telephone number, smartphone, physical token, or other device that is similarly unique to you. With a such a device paired to your XSEDE account using MFA, it becomes much more difficult for another person to gain access to your account, files and data than is the case with Single-Factor Authentication.
XSEDE users may currently opt-in to using this security feature on the XSEDE Single-Sign-On Hub. Note that other service providers (e.g. TACC, SDSC, PSC) will certainly be implementing MFA on their resources in the very near future.
XSEDE has chosen Duo as its MFA partner.
Follow these simple steps to begin using MFA with the XUP Single-Sign-On Hub.
- Install the Duo app on your smartphone or other device
- Enroll your XSEDE Portal account in Duo
- Pair your Duo-enabled device with your XUP account
Do not confuse this with Google Duo, which has a blue logo.
- Login to the
Figure 1. Enroll in Duo from XSEDE Profile page
- The "Duo Enrollment Details" form will pop up. If you do not see this form, please ensure your browser settings will allow pop-ups from `xsede.org`. Read the "Duo Enrollment Details" form and click on "Enroll" to continue.
- Enter your XUP password and you will be taken to the "Protect Your XSEDE Account" screen
From this screen, do the following:
- Click on the "Start Setup" button
- Enter your phone number
- Click the checkbox to confirm
- Click "Continue"
Make sure the Duo App is installed on your Android or iOS device. If not, go back to Step 1 and install the app before proceeding.
You will see the "Add a new device" screen in your XUP session.
Select your device type and click "Continue". You will then see the confirmation page where you must indicate that you have Duo Mobile installed on this device.
Click "I have Duo Mobile installed".
On the next screen, point your device camera at the barcode on your web browser. If your device doesn't have a camera, press the "No barcode" button and click "Skip this step" in the portal session.
If you have not opened the app immediately after installing it, you may be presented with a License Agreement on your device. Tap "Accept" on your device to continue and then tap "Continue".
Open the Duo app on your device.
In your XUP session, click "Continue to login". When this is done, you should see a message in the upper right corner of the XSEDE Portal saying "DUO Enrollment" Successful.
Click "Send me a Push"
Tap the green bar at the top named "Request waiting: Tap to respond". You should now be enrolled.
To use DUO to connect to an XSEDE machine, ssh to login.xsede.org as you would normally. After entering your password, you will be prompted by a message presenting several authentication options. Choose Duo Push by entering the corresponding number on your keyboard.
You should receive an update via your app saying "Request waiting: Tap to respond." Tap this, then tap the "Approve" prompt on the next screen.
You should now be logged into the XSEDE Portal and able to GSISSH to an XSEDE system.
Last update: October 3, 2016