Using Multi-Factor Authentication (MFA) with Duke’s Virtual Private Network (VPN)
As of February 6, 2018, Duke has implemented a new security policy that requires all users of Duke’s VPN to use Multi-Factor Authentication when logging in. This easy-to-use reference guide will make your transition easier.
Before you begin to VPN: Setting up MFA
There are several options for Multi-Factor Authentication. You can use a smartphone, a tablet, a basic cellphone, an office phone, or a YubiKey (see Duke OIT link below for more information on the YubiKey).
To enroll in MFA, click the following link: Enroll Here
If you need assistance setting up or enrolling in MFA, click the following link: Biology IT Wiki MFA Setup Assistance
Connecting to the VPN using MFA
Once you’re enrolled in MFA, you can follow these steps to connect to the VPN.
- Launch your Cisco AnyConnect VPN client or go to https://portal.duke.edu
- Choose your VPN using the dropdown arrow and click “”
- Enter your NetID and NetID Password and click OK.
- Enter your NetID and NetID Password and click OK.
- You will then see a screen with an ‘MFA option field. Enter the number that corresponds with your preferred MFA option (using the device that you registered above).
- Type ‘1’ to authenticate using the DUO app on your smart device.
- Type ‘2’ to authenticate via phone call. You will receive a call and be prompted to press a number.
Once you press this number, you will be connected to the VPN - Type ‘3’ to receive ten access codes via text message.
Each code can only be used once, and these codes are active for three days.
- If you are using a YubiKey, place your cursor in the ‘MFA Option’ field and touch the gold button on the YubiKey.
The code will automatically be entered and you will be connected to the VPN.
- You should now be connected to the VPN. Verify by seeing if the Cisco AnyConnect icon in your dock has a small lock icon, as pictured here:
