If you have not activated multi-factor authentication (MFA) on your university login, you need to do so by Friday, Nov. 13. Beginning the week of Nov. 16, Workday training will require the use of MFA.
Multi-factor authentication provides an additional layer of protection for your University account in the event that your password is compromised. An intrusion on your Workday account could have real world financial implications for you or the university. Enrollment is simple, and in the most common usage simply requires confirming the login through an app on your smart phone.
Once activated, MFA is active on all systems that use the university’s CAS single-sign on service for authentication. You still need to be careful not to divulge your password since many services are still not MFA protected, but an exposed password will not allow access to services protected by MFA.
To use Duo MFA you will need a smart phone or tablet. Before activation, install the Duo Mobile Security app from the Apple App store (iPhone/iPad) or Google Play store (android).
To activate MFA, login to the website at mfa.latech.edu (login is through CAS using your email/Canvas password). Clicking the YES button at the bottom of the page enables MFA on your account. Click the logout button to end the current session and begin a new one. On the subsequent login, you will be prompted to enroll your phone/tablet as the secondary authentication device.
There is a link on the activation confirmation page with the steps required, or you can review ahead of time at https://guide.duo.com/enrollment. Enroll from a computer, not a smart phone or tablet. For the best operation, be sure and select the “Automatically send this device a Duo Push” option.
Once enrolled, future logins will require confirmation of the login using your smartphone of tablet. You can have the system “remember” a device as safe by canceling a Duo confirmation prompt on the login screen and check the “Remember” box, then send a push to complete the current login. Devices can be remembered for 45 days. Do not do this unless it is your personal office or home system.
Information collected as part of the enrollment process is only used for the MFA process. Device analytics collection is disabled for the service.
The system also supports the use of FIDO U2F compatible USB hardware keys for authentication. U2F keys are the most secure and convenient method of secondary authentication. These are available online from $10-$50 depending on features and construction quality. Note that some services do not work with the U2F token, so a secondary device is still required to avoid being locked out of these services.
If you do not have a smart phone
A limited number of “HOTP” keys are available for checkout through the Help Desk on a first come first serve basis. HOTP keys provide a six-digit code to enter for login confirmation. These keys are reserved for employees without a smart phone.
To request a key be assigned to you, fill out the form at https://forms.gle/yZci5oNxzZcB1Tnd8. After a key has been assigned to you, you will be contacted to pick it up from the Help Desk. You must come in person with photo ID. They will assist you in registering for MFA, completing the setup, and demonstrating how to use the key.