Table of Contents:
Will my application work with Duo?
Why can’t I use my preferred email program anymore?
I am not getting phone call prompts on my device. How do I fix this?
I am not getting app prompts on my device's app. How do I fix this?
I got a new phone (same phone number); how do I get Duo working on the new phone?
I got a new phone number. How do I get back into my account and change my settings?
I lost my device, or my device broke. What should I do?
Why can't I use text messaging for MFA?
I set Duo up with an Apple Watch, and I am getting "session time out" errors when I try to log in to apps on my phone.
Why do I get so many prompts to approve my login to Office 365 applications?
Should I always approve/accept/allow the login prompt?
Why do I still get phishing messages?
Do departmental or student organizational email accounts require MFA?
I'm a retiree or alumni. Do I have to use Duo MFA?
What is the difference between Duo MFA and Microsoft MFA?
I am getting the message "Your account access has been blocked". What do I do?
Steps to remove and re-add on iOS default mail app.
Steps to remove and re-add on Microsoft Outlook mobile app
Will my application work with Duo?
Below is a compatibility chart that lists some of the more common applications that are used with office 365, if your application is not listed you can check to see if it supports Microsoft's "Modern Authentication" or contact the Service Desk for more information.
| |
Windows |
MacOS |
iOS |
Android |
| Supported |
Office 365 Web Access |
| Office 2016 Suite |
Microsoft Office apps |
| Compatible but Unsupported |
Blue Mail |
| Office 2013 Suite |
Apple Mail (MacOS Mojave) |
iOS Mail 11 & newer |
Aqua Mail |
| Windows 10 "Mail" app |
|
Nine |
| |
|
TypeApp |
| Incompatible |
Thunderbird |
Edison Mail |
| Postbox |
Gmail |
| |
Office 2011 Suite |
iOS Mail 10 & older |
|
Why can’t I use my preferred email program anymore?
Outlook and Outlook on the Web are the supported email clients at Ithaca College. They are available for all common platforms. Some other email programs do not support various features and add-ons used by the College, including security architecture that Duo relies on for integration with Office 365. This is a limitation of those email programs, and not a limitation of Duo or IC. That security architecture, called Conditional Access, provides other benefits - in addition to support for Duo - and is a necessary protection for our accounts and the data our community has entrusted to us.
I am not getting phone call prompts on my device. How do I fix this?
If you have alternate devices, use those to authenticate instead and re-configure your device(s) by logging in to the Duo Device Page on a web browser and following the instructions in the Duo Multi-Factor Authentication Configuration Guide. Please contact the IT Service Desk if you do not have any alternate devices capable of receiving a push or generating a code registered to your account, or if this issue persists.
I am not getting app prompts on my device's app. How do I fix this?
Log in to the Duo device page on a web browser. When it asks you to choose an authentication method, select the call option to receive a phone call to your registered phone number, accept the call, and press any key on your phone's keypad to authenticate. Alternatively, use another authentication device, e.g. a token or other device with the Duo Mobile app configured.
Once you have successfully entered your account, you can follow the instructions in the main Duo Multi-Factor Authentication Configuration Guide to re-activate the app on your phone. You can do this by proceeding with the "add another device" feature.
If you are still having a problem, these troubleshooting guides from Duo for iOS and Android may also be helpful.
I got a new phone (same phone number); how do I get Duo working on the new phone?
Go to Duo Device Registration Portal in a web browser and log in. When it asks you to choose an authentication method, select the 'Call Me' option. When your phone rings, accept the call and press any key on your phone's keypad, then hang up.
Once you are on the My Settings & Devices page, you can follow the steps for "Adding an Additional Device" in the main Duo Multi-Factor Authentication Configuration Guide to re-activate the Duo app on your new phone. You can also remove old devices here.
If you no longer have access to the old device and do not have your account linked to any others, please fill out the Security Help Request with the details of your old and new device, and leave contact information (other than email) for us.
I got a new phone number. How do I get back into my account and change my settings?
If your device is the same, but has a new phone number, you can update your device settings. Log in to Duo Device Registration Portal on a web browser. When it asks you to choose an authentication method, choose passcode or Duo push and follow the instructions in the main Duo Multi-Factor Authentication Configuration Guide to change your settings. If you no longer have access to the old phone number or device, or it does not work, please contact the IT Service Desk.
I lost my device, or my device broke. What should I do?
If you no longer have access to the old device and do not have your account linked to any others, please contact the Service Desk.
Why can't I use text messaging for MFA?
Although better than just relying on passwords alone, text message based multi-factor authentication has been defeated by attackers who are able to redirect your text messages to their phones. Because of this, we chose not to use it at IC.
I set Duo up with an Apple Watch, and I am getting "session time out" errors when I try to log in to apps on my phone.
At this time, if the Duo Mobile app is set up to send push notifications to your Apple Watch, you will have to use the Call Me option to authenticate to apps on your phone. If you have set up automatic push notifications, you can click Cancel and then click Call Me.
Why do I get so many prompts to approve my login to Office 365 applications?
Duo requires that you approve the login whenever you sign in differently than you did last time. Differently could mean from a different device (mobile phone, home computer, office computer, etc.), a different Web browser, a different Office 365 application (OneDrive, Outlook, etc.), or even a different location. Even if you have checked the "Remember me for 90 days" option, the 90-day grace period only applies to that particular device, application, and browser.
Note that if you do not see the "Remember me for 90 days", it may be because your settings automatically send an authentication request. Like the "Remember me" tick box for logging into accounts on a browser, the "Remember me for 90 days" option must be checked before logging in/authenticating for it to work. You can hit the 'x' on the blue bar at the bottom of the Duo screen, and the "Remember me for 90 days" tick box should be visible.
Should I always approve/accept/allow the login prompt?
No. If you are prompted for Duo authentication when you don't expect it, it may be that someone else is attempting to access your account. If you are ever unsure, click Deny and contact the IT Service Desk with any questions or concerns regarding your account.
Why do I still get phishing messages?
Using Duo cannot prevent you from getting phishing messages. Its purpose is to prevent someone from getting into your account in the event that they obtain your username and password via a phishing message or other method. Of course, there are measures in place to prevent you from receiving as many spam/junk/phishing messages as possible, but some still get through.
Do departmental or student organizational email accounts require MFA?
New accounts require duo unless there is a substantial reason that it can not use Duo, we are working through existing accounts to enable it as well.
I'm a retiree or alumni. Do I have to use Duo MFA?
Yes, all retirees and alumni are required to use Duo to access Ithaca College services.
What is the difference between Duo MFA and Microsoft MFA?
Duo and Microsoft each have their own "brand" of multi-factor authentication product (as do Google and other companies). In December 2017, it was not yet technically feasible to integrate Duo with Office 365; for this reason, IC required ~300 staff who most regularly deal with sensitive data to use Microsoft MFA for Office 365. Once Duo for Office 365 became feasible, we chose it over MS MFA for the following reasons:
- Duo licensing is inclusive of the entire IC community, including alumni, retirees, and IC affiliates.
- Duo provides more user-friendly enrollment and self-service capabilities.
- Duo is already in use for access to our VPN and a few other applications, and is compatible with our single sign-on. Duo can be our single MFA solution, instead of having to use multiple products for different IC services.
- Microsoft MFA does not support any kind of hardware token for authentication. This means that dozens of IC people who do not have cell phones, and who do not work from fixed locations with landlines, would have no way to access their accounts.
I am getting the message: "Your account access has been blocked". What do I do?
If your email account was added to a mobile mail app before enrolling in Duo, your mail application security settings may have been incompatible with Duo MFA when you initially signed in. The fix for this is to remove and re-add the email account to automatically configure the correct settings. Note that your phone must be on iOS 11 or higher (iOS) or be using the Outlook mail app (android) or in order to work with Duo. If you are on an older version of iOS or Microsoft Outlook Mobile, you will either need to update your phone or you can download the Microsoft Outlook Mobile app which will work on any operating system and will always continue to work with Duo.
Steps to remove and re-add on iOS default mail app
- Go to Settings
- Select Passwords & Accounts
- Select your IC Exchange email account. Its default descriptor is "Exchange", but you may have designated it as "Ithaca," "IC Email," "School Email," etc.
- Select Delete Account
- Review the steps to re-add the account on our main email article here.
Steps to remove and re-add on Microsoft Outlook mobile app
- Open the Outlook app.
- Click the 3-lined Menu icon at the top left-hand corner of the screen, or the Inbox header at he top of the screen.
- Press the Gear icon at the bottom left-hand corner of the screen.
- Once you press that, the accounts you have currently in the app will show up. Press the account you wish to update.
- Once you press the account, an option button with red text will come up saying "Delete Account." Press that button. This will delete it from the local application, not deleting your data on the server.
- Press Add Account and follow the steps on screen to add your account.
Note: If this is the only account you have set up with your Outlook app, it will automatically prompt you to re-add an account.