Multi-Factor Authentication (MFA), Device Management

Step by step guide on how to manage your Multi-Factor Authentication (MFA) devices.

Introduction

If you get a new phone, change your phone number, or get a new device, you can update this information so you can continue to secure your account using MFA.

You can manage your devices via the NetID Center or the Duo Universal Prompt. You can find instructions on using either interface below.

  • If you use the NetID Center (https://identity.uillinois.edu), take a moment to make sure that your recovery information is up to date.
  • If you are at a Duo Universal Prompt, you will need to click Other options to go to the authentication methods screen. On the next screen, click on Manage devices and verify your identity.

Don't Have Your Device?

If your MFA devices are not available and you need to regain access to your account, you can get a temporary bypass code sent using your recovery information. Navigate to the Temporary passcode page (https://identity.uillinois.edu/iamFrontEnd/iam/passcode) and follow the instructions there. If you need additional information, please see this help article: Multi-Factor Authentication (MFA), Troubleshooting.

  • Bypass codes are meant to be used as a temporary means to access your account and can be requested 24 times per year. Each code can be used 100 times and expires after 3 days.

Duo Mobile App and Duo Push

The Duo Mobile app provides the ideal combination of security and convenience. The push notification function of the app is the preferred option to authenticate with MFA. Unlike SMS-based authentication, Duo push notifications do not require your cell phone to have a cellular signal. The app is available in the Apple App Store (link) and the Google Play Store (link). 

Additionally, Duo Mobile can be set up on tablets or other compatible devices that do not have a phone number.

Starting in August 2024, push notifications via the Duo Mobile app will be required when accessing the Remote Desktop Gateway.

Set up Duo Mobile on an existing device

If your current device is set up to only receive SMS/Text messages or if you have a new phone and need to reactivate Duo Mobile, these two sections will help. If you run into any issues, please reach out to your Help Desk.

Reactivate the Duo Mobile app (new phone but same phone number)

NetID Center

  1. Log into the NetID Center
  2. If the Duo prompt automatically sends you a push notification, click on Other options.
  3. Authenticate using the Text meessage option, or via another device
    Duo interface showing push, text me, use a passcode
  4. Click on Manage my 2FA.
  5. Click on your device under My Devices & Settings, then click on Reactivate Duo App
    Reactivate Duo App Button

Duo Universal Prompt

  1. Click on Other options to go to the authentication methods screen.
  2. Click on Manage devices.
  3. You'll need to verify your identity here, so choose an alternative authentication method such as text message.
  4. At the device management screen, click on I have a new phone.
    Highlighting the I have a new phone link at the Universal Prompt

Change your phone type (for example: changing from a basic phone to a smartphone)

NetID Center

If you want to change the type of phone you have registered for MFA (for example if you get a smartphone or you want to add SMS capability), you will want to add a new device with the same phone number.

  1. Log into the NetID Center
  2. Go to Manage my 2FA
  3. Click on Add a new device.
  4. Continue through the setup process. When you are done adding your device, it will overwrite the old entry.
    NetID Center prompt when replacing device with same phone number

Duo Universal Prompt

If you want to change the type of phone you have registered for MFA (for example if you get a smartphone or you want to add push capability), you will want to add a new device with the same phone number.

When you are done adding your device, it will overwrite the old entry.

For Urbana campus users:

  1. Log into an application that uses Shibboleth or Entra ID SSO.
  2. When you get to the Duo MFA prompt, click on Other options to go to the authentication methods screen.
  3. Click on Manage devices.
  4. You'll need to verify your identity here, so choose an alternative authentication method such as text message.
  5. At the device management screen, click on Add a device and follow the instructions. Make sure to choose the Duo Mobile option.

Before:
Universal Prompt device management screen showing basic mobile

After:
Universal prompt window showing smartphone

Set up Duo Mobile on a new device

The section below will assist you with adding a new device to use with the Duo Mobile app.

Add a new device

NetID Center

  1. Log into the NetID Center
  2. Go to Manage my 2FA
  3. Clicking  Add a new device will walk you through a few steps to get a new device added. Make sure to choose smartphone as your device type.
    manage

Duo Universal Prompt

For Urbana campus users:

  1. Log into an application that uses Shibboleth or Entra ID SSO.
  2. When you get to the Duo MFA prompt, click on Other options to go to the authentication methods screen.
  3. Click on Manage devices.
  4. You'll need to verify your identity here, so choose an alternative authentication method such as text message.
  5. At the device management screen, click on Add a device and follow the instructions. Make sure to choose the Duo Mobile option.
    Universal Prompt Add a device (no call option)

Notifications from Duo When Adding/Removing Devices

To help protect your Duo account from unauthorized activity, you will receive a Duo push and an email notification when you add or remove an authentication device in Duo.

If you receive a notification and did not add or remove a device, select "No, this wasn't me", and take immediate action to change your password and review registered devices within Duo. You can use the NetID Center or the Duo Universal Prompt. Additionally, you can reach out to the Help Desk at 217-244-7000 or consult@illinois.edu.

Push Notification from the Duo Mobile App Email Notification
Device Change Notification from Duo Mobile Device Change Email Notification

Other Topics

Remove a device

NetID Center

Click the trash can button to delete a device.

Note: You may not remove your device if you only have one set up. If you wish to remove it, first add another then delete the original. You will be given a chance to confirm or cancel the removal of the device. Once the device is deleted, it can no longer be used to approve DUO requests.

Manage Devices

Duo Universal Prompt

Click on the Edit button, then click on Delete.

Note: The delete option will only appear if you have another device listed. If you wish to remove it, first add another then delete the original. You will be given a chance to confirm your selection.

Remove device screen Universal Prompt

New phone number

You'll need to authenticate before you will be able to manage your devices. If you have another MFA device such as a hardware token you can use that, or you can send yourself a temporary passcode here.

  • If you do not have a recovery email address registered - or have access to that email address - you will need to contact your campus help desk.
    • Once you're in, please update your recovery information via the NetID Center.

Instructions on how to use your temporary passcode can be found in this help article: Multi-Factor Authentication (MFA), Troubleshooting.

Duo Remembered Devices Feature

Duo Remembered Devices Feature

Depending on which Duo Prompt you are seeing, the remembered devices feature will be referred to as one of the following:

  • A prompt asking you 'Is this your device?'
  • A checkbox with the label 'Remember me for 24 hours'
If you choose for Duo to remember you or trust your browser, a trusted session will be created for 24 hours between you, your browser, and the endpoint you are logging into. This involves using a browser cookie. If you have restrictive cookie settings in your browser, you may run into issues utilizing this feature. This Duo documentation page has more details: https://help.duo.com/s/article/2189?language=en_US.

Do not trust the browser when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer.

The screenshots below show how to enable the remembered devices feature so you can minimize the number of times you see the MFA prompt.

If accessing Microsoft365 (Outlook, Word, Excel, etc.) or Shibboleth (Canvas, Box, Zoom, Moodle, etc.) or the NetID Center:

If you're authenticating with MFA for the first time in your browser, you will see the below screen after you authenticate:

Duo universal prompt remembered device

Once the trusted session cookie expires (after 24 hours), you will see the below screen when authenticating. The remembered devices feature is enabled by default, but you can uncheck the checkbox shown below to disable it if desired:

Screenshot showing the trust browser checkbox at a duo prompt after trusted session cookie expires

If accessing some AITS Applications (Banner, HR Reporting, My UI Info, Direct Deposit, etc.):

The remembered devices feature is enabled by default, but you can uncheck the checkbox shown below to disable it if desired:

Remember me

Set your default (favorite) device

NetID Center

If you authenticate with more than one device, you can specify the default by selecting the blue star icon:

Favorite device button in the NetID Center

You can also choose the default behavior when you authenticate via a UI Verify Duo Prompt:

Set default Duo behavior at the AITS Duo iFrame

Duo Universal Prompt

The first time you access the Duo Universal Prompt for a given application, it will evaluate your registered devices and automatically select the most secure option available to you, using this ordered preference (ordered from most to least secure):

  1. FIDO2 Security Key
  2. Duo Mobile push approval
  3. Yubikey passcode
  4. Duo Mobile generated passcode
  5. Hardware token passcode
  6. SMS passcode

If you want to try a different method than the one selected for you, you can click on 'Other options' to get a list of your available authentication methods:

Screenshot showing the 'other options' link at a Duo prompt, to get to your other authentication methods

When you successfully authenticate, the Duo Universal Prompt remembers the authentication method used and defaults to that method for future logins to that application. If you want to try a different method than the one used last, click 'Other options' to get a list of your available authentication methods.

Automatic Duo Push

If you explicitly choose Duo Push authentication or it is automatically selected on your behalf during a first-time authentication, Duo will automatically send the push notification to your device without any action needed by you. During future authentications, Duo will continue to send the push notification automatically if that remains your default authentication method.

Change the display name of your device

NetID Center

Clicking Rename will allow you to change the display name of your phone (tokens cant be renamed).

  1. Click the plus buttonplus button to open the device settings.
  2. Click Rename
  3. Type in the desired device name and click Save.

Rename device box in NetID Center

Duo Universal Prompt

Click on the Edit link for the device you want to rename, then click on Rename.

Universal Prompt Rename Device Option



Keywords:
2FA, 2-factor authentication, Two-factor authentication, Duo, Duo Security, Verify, UI Verify, enrollment, multi-factor, multifactor, security, AITS, duo mobile managing devices new phone number device, bypass code 
Doc ID:
65948
Owned by:
Identity and Access Management in University of Illinois Technology Services
Created:
2016-08-10
Updated:
2024-09-06
Sites:
University of Illinois System, University of Illinois Technology Services