Duo is the multi-factor authentication (MFA) solution for both UMD centralized information technology resources (DivIT) and UMIACS local resources. Multi-factor solutions ensure that you have something you know (ie. your password) and something you have (phone/tablet/token). This ensures that phishing and other attempts to secure your password do not result in an account compromise and protect you and your data from unauthorized access.
Enrollment is discrete and must be done for both UMD (if you have a UMD appointment) and UMIACS individually. Users can enroll the same Phone for both of these services however not the same token. The UMIACS Single Sign-On will require Duo authentication starting December 3rd 2018.
Please refer to Duo's Enrollment guide which has comprehensive information on how enroll your devices.
We encourage users to enroll with their smart phone as it provides the most seamless experience for our users. We also support iOS/Android Tablets, landline (costs us credits for each use) and a U2F FIDO authenticator token (does not work with our VPN or MFA SSH services).
We suggest users register using a mobile phone or tablet that is always in your personal possession. If/When you upgrade or dispose of your currently registered phone/tablet please consider enrolling your new device before getting rid of your old device. Activation of your new device will require you to successfully authenticate with a currently registered device. If you no longer have the device but have kept the mobile phone number registered you can select Call Me to have Duo call you to authenticate your session to manage/enroll your devices. If you do not have access to your previous device(s) or the phone number you will need to contact UMIACS staff for assistance.
The following UMIACS services are secured with our Duo MFA solution.
- I can no longer clone HTTPS Git repositories in GitLab
- Since we require more than just your username/password to log into GitLab you can not use your UMIACS credentials directly for accessing HTTPS Git repositories. We encourage users to setup SSH keys instead but if you have a case where you need to use HTTPS you can use a Personal Access Token to accomplish this. Ensure when you create the token that you are selecting it has
APIscope. You would then use your username and then the token as the password. Treat this token as a personal secret as it is sufficient to act as your account within Gitlab.
- How do I authenticate with a Token?
- We only currently support YubiKey tokens for our Duo deployment. You can follow the instructions from Yubico just remember you will need to tap the YubiKey once you select the Enter a Passcode field. It will create a pass code (will look something like kffuastenhldrhfhadafdarivuntddugrvjvllddjjuget) and enter it and send a return.