Duo MFA: Initial Set Up

Turning on Authentication

Please have your cell phone handy before starting this process, or alternatively, a phone that you will likely have near you while working. We do not recommend using your work/desk phone.  NMH IT will not share this telephone number with anyone and it will not become part of your NMH profile.

These instructions begin after you log in to Okta and are prompted to set up Duo.

1. Depending on your operating system and device, you may see a slightly different screen. Click Setup or Configure Factor then, on the following screen, click Start setup.

2. Accounts that are linked with Duo may use several ways of authenticating. We recommend using the Duo App on your mobile phone. 

• Users of an Apple MacBook can use Touch ID to authenticate in Duo as well, to do so please follow these directions after you complete the Duo App setup.

3. If you have not already done so, you’ll be asked to enter your phone number. You do not need to add parentheses or dashes. Once you enter your phone number, a message confirming the number will appear underneath. You must click the check box next to the confirming message before you can click Continue.

4. Next, you’ll be asked what type of phone you have. Click whichever one is accurate. Screenshots for Android and iPhone are show as examples.

5. You’ll be prompted to download the Duo Mobile app to your phone.

You’ll be able to find the app in the Google Play Store or the Apple App Store. When downloading, ensure that you’re downloading the correct Duo app. Verify the app logo against the logo on your computer screen if uncertain. Once you’ve downloaded the app, click I have Duo Mobile.

6. [On your phone] If you already have Duo installed because of another institution, or the QR scanner does not come up automatically in the app on your phone, click on the plus sign (+) in the top right.

7. Using the Duo App on your phone, choose  Use QR code at the top of the following screen and point the camera at your computer to activate your account. Note: your phone needs an internet connection for this step to work. You can use mobile data, or, if you're already on an NMH network, be sure you've registered your phone.

Once the QR code has been scanned, the Duo mobile app will ask you to name the account. It will be named Northfield Mount Hermon by default. Congratulations, your phone is now linked to MFA.

Setting up Authentication

8. Duo will now ask how you want to get your authentication notifications. Different devices may have different options, but you will most likely have three: Ask me to choose an authentication method, Automatically send this device a Duo Push, and Automatically call this device.

Ask me to choose an authentication method will give you the option, on every login, to decide how you want to verify your identity. Automatically send this device a Duo Push will send a notification to your phone on every Okta login, where you will open the notification on your phone and confirm that you are logging in to Okta. Automatically call this device means that Duo will call your mobile after you enter your password.
We strongly recommend selecting Ask me to choose an authentication method.

9. The next screen will show you what you’ll see upon login from here on out. Because we told Duo to ask us to choose an authentication method, we’re presented with a choice.

• Send Me a Push will send one of the aforementioned notifications to our mobile phone, where we’d click a button to verify that we’re logging in.
• Call me will tell Duo to call your mobile device after a successful password.
  
• With Enter a Passcode, you’ll have a passcode available in the Duo Mobile app on your phone that you can enter during login if you choose to do so. Just open the app and click Show next to the passcode. This passcode changes regularly, so you’ll have to check it each time you log into Okta.
  

10. Once you’ve logged in here, you’ll be taken back to your Okta settings page. You’ll get a small popup in the bottom right corner telling you that your setup is complete.