MFA Self-Service Enrollment Walk-through

This document will quickly walk-through the self-service enrollment process for MFA (Multi-Factor Authentication) available at https://mfa.mines.edu/. The vendor being used to provide this service to Mines is Duo Security – see https://duo.com/ for more details.

Navigate to https://mfa.mines.edu/

This should re-direct you to the Mines’ login page. Login with your regular Mines’ username and passphrase. If you’ve already logged into another SSO (Single Sign-On) site, e.g. canvas, Chrome River, library web-site, etc. then you won’t be presented with the following screen.

If you’re not an employee of Mines or are already enrolled through Duo …

Having authenticated to this service, it checks two things. Firstly, are you an employee of Mines? If you are you will be allowed to proceed. If you are a student, however, you will see a message as shown in figure 2. This is due to our current licensing agreement and we are going to include all students over time. For students who hold a student-worker position, they are allowed to enroll through this program. Unfortunately, at the moment, this will need to be done in a more manual fashion, per the instructions provided through figure 2.

Next, it checks whether you are already enrolled through Duo. If you are then you’ll see what is shown through figure 3. There’s nothing more to be done through this service, it being for self-service enrollment.

One give-away here is that if you go through the login page, per figure 1, and you are MFA-challenged, i.e. you see what’s shown in figure 4, then you will end up at the “Already enrolled notice” in figure 3.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Begin the self-service enrollment process

You are an employee of Mines and have not previously enrolled into the MFA service, you are ready to proceed, per figure 5 shown on the previous page. Click through Start setup.

Enroll First Device

Next, you will choose which device to initially enroll with. Most people will best enroll their mobile phone at this point. Although, as can be seen, there are other options available. The final part of this walk-through will enroll your office phone as a backup device.

For mobile phone and tablet-based enrollments, please ensure that you have the Duo Mobile application installed on your device, as per what is displayed through figure 7. To install this application visit Apple’s App Store or Google’s Play Store and search for “Duo Mobile”. To make sure the correct application is being installed, check that the logo is as shown in figure 7 and the app is created by Duo Security.

 

Next, following through the mobile phone enrollment path through figure 8, you input your phone number and confirm it is correct through the checkbox. Hit continue.

 

Next step, through figure 9 overleaf, is to verify ownership of the phone number. This can be done either through a phone call (Call Me option) that is a fully-automated voice-call wherein your six-digit number is read out to you. Or you can have the number arrive via a text message. Input the six-digit code into the verification field and hit Verify. All being well, this field will show a check-mark and enable the continue button to be pushed.

 

Enrollment completed!

Everything being successful, you should now see the “confetti” screen, figure 10, telling you that your enrollment has been successfully completed. Hit Dismiss to see your summary screen, plus we will walk-through how to add in your office phone, or just another device, to serve as a backup in case, for example, one day you forget your mobile phone (or it gets ran-over, forced through the washing-machine and is currently drying off in a tub of rice (for those non water-resistant models) … etc.)

 

My Settings & Devices

You should now be looking at your, “My Settings & Devices” page, as shown in figure 11. From here you can tinker with your device’s options, as well as configure login actions. However, the defaults are a good baseline. You should only tinker once you are more comfortable with your whole MFA setup.

We are going to add a secondary – backup – device (your office phone) that will give you another way to authenticate if something untoward happens with your primary, just enrolled, device.

Add another device

Click through the “Add another device” link through the “My Settings & Devices” window. This will bring up a screen as shown in figure 6. Select “Landline” this time and hit Continue. Go through the same process as shown and discussed around figure 8, i.e. inputting and verifying your phone number. After hitting Continue, you’ll see a similar page to verify ownership as in figure 9. The only difference between the initial mobile phone and the land-line phone is that the latter only has a “Call me” option. Hit this button, answer your office phone and input the verification code into the Verify field. Once done, hit Continue.

You’ll now be looking at figure 12 overleaf, that is similar to what is shown in figure 11 above, except now it also lists your office phone as a secondary device.

 

Details

Article ID: 74455
Created
Tue 3/26/19 8:54 AM
Modified
Wed 3/27/19 9:51 AM