Multi-Factor Authentication (MFA), Device Management

Step by step guide on how to manage your Multi-Factor Authentication (MFA) devices.

Introduction

If you get a new phone, change your phone number, or get a new device, you can update this information so you can continue to secure your account using MFA.

If your MFA devices are not available and you need to regain access to your account, you can get a temporary bypass code sent using your recovery information. Navigate to the Temporary passcode page (https://identity.uillinois.edu/iamFrontEnd/iam/passcode) and follow the instructions there. If you need additional information, please see this help article: Multi-Factor Authentication (MFA), Troubleshooting.

  • Bypass codes are meant to be used as a temporary means to access your account and can be requested 24 times per year. Each code can be used 100 times and expires after 3 days.



You can manage your devices via the NetID Center or the Duo Universal Prompt. You can find instructions on using either interface below.

  • If you use the NetID Center (https://identity.uillinois.edu), take a moment to make sure that your recovery information is up to date.
  • If you are at a Duo Universal Prompt, you will need to click Other options to go to the authentication methods screen. On the next screen, click on Manage devices and verify your identity. 

Topics

Reactivate the Duo Mobile app (new phone but same phone number)

NetID Center

  1. Log into the NetID Center
  2. If the Duo prompt automatically sends you a push notification, click on Other options.
  3. Authenticate using the Text meessage option, or via another device
    Duo interface showing push, text me, use a passcode
  4. Click on Manage my 2FA.
  5. Click on your device under My Devices & Settings, then click on Reactivate Duo App
    Reactivate Duo App Button

Duo Universal Prompt

  1. Click on Other options to go to the authentication methods screen.
  2. Click on Manage devices.
  3. You'll need to verify your identity here, so choose an alternative authentication method such as text message.
  4. At the device management screen, click on I have a new phone.
    Highlighting the I have a new phone link at the Universal Prompt

Change your phone type (for example: changing from a basic phone to a smartphone)

NetID Center

If you want to change the type of phone you have registered for MFA (for example if you get a smartphone or you want to add SMS capability), you will want to add a new device with the same phone number.

Continue through the setup process. When you are done adding your device, it will overwrite the old entry.

NetID Center prompt when replacing device with same phone number

Duo Universal Prompt

If you want to change the type of phone you have registered for MFA (for example if you get a smartphone or you want to add SMS capability), you will want to add a new device with the same phone number.

When you are done adding your device, it will overwrite the old entry.

Before:
Universal Prompt device management screen showing basic mobile

After:
Universal prompt window showing smartphone

New phone number

You'll need to authenticate before you will be able to manage your devices. If you have another MFA device such as a hardware token you can use that, or you can send yourself a temporary passcode here.

  • If you do not have a recovery email address registered - or have access to that email address - you will need to contact your campus help desk.
    • Once you're in, please update your recovery information via the NetID Center.

Instructions on how to use your temporary passcode can be found in this help article: Multi-Factor Authentication (MFA), Troubleshooting.

Add a new device

NetID Center

Clicking + Add a new device will walk you through a few steps to get a new device added.

manage

Duo Universal Prompt

Click on Add a device and follow the instructions.

Universal Prompt Add a device (no call option)

Remove a device

NetID Center

Click the trash can button to delete a device.

Note: You may not remove your device if you only have one set up. If you wish to remove it, first add another then delete the original. You will be given a chance to confirm or cancel the removal of the device. Once the device is deleted, it can no longer be used to approve DUO requests.

Manage Devices

Duo Universal Prompt

Click on the Edit button, then click on Delete.

Note: The delete option will only appear if you have another device listed. If you wish to remove it, first add another then delete the original. You will be given a chance to confirm your selection.

Remove device screen Universal Prompt

Duo Remembered Devices Feature

Duo Remembered Devices Feature

Depending on which Duo Prompt you are seeing, the remembered devices feature will be referred to as one of the following:

  • A prompt asking you 'Is this your device?'
  • A checkbox with the label 'Remember me for 24 hours'
If you choose for Duo to remember you or trust your browser, a trusted session will be created for 24 hours between you, your browser, and the endpoint you are logging into. This involves using a browser cookie. If you have restrictive cookie settings in your browser, you may run into issues utilizing this feature. This Duo documentation page has more details: https://help.duo.com/s/article/2189?language=en_US.

Do not trust the browser when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer.

The screenshots below show how to enable the remembered devices feature so you can minimize the number of times you see the MFA prompt.

If accessing Microsoft365 (Outlook, Word, Excel, etc.) or Shibboleth (Canvas, Box, Zoom, Moodle, etc.) or the NetID Center:

If you're authenticating with MFA for the first time in your browser, you will see the below screen after you authenticate:

Duo universal prompt remembered device

Once the trusted session cookie expires (after 24 hours), you will see the below screen when authenticating. The remembered devices feature is enabled by default, but you can uncheck the checkbox shown below to disable it if desired:

Screenshot showing the trust browser checkbox at a duo prompt after trusted session cookie expires

If accessing some AITS Applications (Banner, HR Reporting, My UI Info, Direct Deposit, etc.):

The remembered devices feature is enabled by default, but you can uncheck the checkbox shown below to disable it if desired:

Remember me

Set your default (favorite) device

NetID Center

If you authenticate with more than one device, you can specify the default by selecting the blue star icon:

Favorite device button in the NetID Center

You can also choose the default behavior when you authenticate via a UI Verify Duo Prompt:

Set default Duo behavior at the AITS Duo iFrame

Duo Universal Prompt

The first time you access the Duo Universal Prompt for a given application, it will evaluate your registered devices and automatically select the most secure option available to you, using this ordered preference (ordered from most to least secure):

  1. FIDO2 Security Key
  2. Duo Mobile push approval
  3. Yubikey passcode
  4. Duo Mobile generated passcode
  5. Hardware token passcode
  6. SMS passcode

If you want to try a different method than the one selected for you, you can click on 'Other options' to get a list of your available authentication methods:

Screenshot showing the 'other options' link at a Duo prompt, to get to your other authentication methods

When you successfully authenticate, the Duo Universal Prompt remembers the authentication method used and defaults to that method for future logins to that application. If you want to try a different method than the one used last, click 'Other options' to get a list of your available authentication methods.

Automatic Duo Push

If you explicitly choose Duo Push authentication or it is automatically selected on your behalf during a first-time authentication, Duo will automatically send the push notification to your device without any action needed by you. During future authentications, Duo will continue to send the push notification automatically if that remains your default authentication method.

Change the display name of your device

NetID Center

Clicking Rename will allow you to change the display name of your phone (tokens can’t be renamed).

  1. Click the plus buttonplus button to open the device settings.
  2. Click Rename
  3. Type in the desired device name and click Save.

Rename device box in NetID Center

Duo Universal Prompt

Click on the Edit link for the device you want to rename, then click on Rename.

Universal Prompt Rename Device Option



Keywords2FA, 2-factor authentication, Two-factor authentication, Duo, Duo Security, Verify, UI Verify, enrollment, multi-factor, multifactor, security, AITS, duo mobile managing devices new phone number device   Doc ID65948
OwnerID M.GroupUniversity of Illinois Technology Services
Created2016-08-10 11:06:12Updated2024-04-02 18:24:52
SitesUniversity of Illinois System, University of Illinois Technology Services
Feedback  4   20