Tips: Switching from Duo to Microsoft MFA
Getting ready to make the switch from Duo to Microsoft Authenticator? Read through these tips so you know what to expect and what things might need to be dealt with after the switch.
Tips and other things to think about
LIT highly recommends you add a second device - preferrably your desk phone if you have one - as a backup to your mobile phone. See below for instructions.
What if I leave my phone at home?
With Duo, we had the option to generate a one-time passcode at the http://myid.usu.edu website. That no longer works. You must have your phone with you, or a second device, in order to log in. LIT highly recommends that you add a second device.
A second device could be a tablet, a security key, or your desk phone if you have one.
The easiest to set up is your desk phone, so if you have one, go ahead and add it as a second device now and you won’t have to worry about it later.
Setting up your tablet is similar to setting up your phone.
Please contact LIT if you want to set up a security key so we can make sure it will work properly for you.
To add a second device:
Go to https://usu.edu/mfasetup and sign-in. It should default to the Security Info tab, but if not, click on that tab.
Click on Add Sign-in Method
Select Authenticator App if you are going to use a tablet
Select Phone if you want to add your desk phone
Select Security Key if you want to add a security key
Follow the directions to get your second device added.
Duo: Do I save it or ditch it after I move to Microsoft Authenticator?
UPDATE: Duo will no longer work anymore. I hope you’ve switched over already!
It’s probably best to keep Duo on your phone at least through the summer while Central IT irons out any wrinkles that come up before fall semester. Once Central IT announces their deadline for switching over, you’ll know all the wrinkles have been dealt with.
Test any and all sign-in sites you need for your work. If all work great with Microsoft and you feel confident you don’t need Duo anymore, feel free to get rid of it.
Zoom: Do you use Zoom? (Ha!)
You might need to clear the cache in your web browser before using SSO for Zoom so it will let go of your old Duo credentials and use your Microsoft credentials instead.
Also, remember to sign out of Zoom when you are done if you are using a shared computer anywhere in the library.
Phone stuff: Do you use your smartphone to check your email or look things up in Box or Airtable, etc.?
Clear the cache in your web browser on your phone before switching if possible.
It might take a few times of signing into USU sites before your phone recognizes this is going to be a regular thing you do and it relaxes its security stance. There might also be settings on your phone you can change to make things work better, but you might need to figure that part out on your own - LIT is amazing, but we don’t know every smartphone configuration out there and can only help so much.
Apple Watch: Have an Apple Watch and want to use it instead of your iPhone?
Sorry. That option is not available at this time. An Apple update to watchOS made it impossible to keep the Authenticator app compliant with Microsoft security standards so they had to remove the app from the Apple Store earlier this year. There is hope, however - if Apple updates their watchOS to meet security standards again, Microsoft might rebuild their Authenticator app for Apple Watch in the future.
Duo currently still has an Apple Watch option, but rumor has it they will also be dropping that option sometime this year for similar reasons. So, holding on to the Duo app on your Apple Watch won’t help you for much longer.
Security keys (aka fobs): Don’t have a smartphone? Need a security key instead?
LIT has tested some security keys to make sure they will work properly with our systems. If a smartphone is not an option for you, please contact LIT so we can help you get the correct security key.
Need an alternative way to authenticate: Having a hard time authenticating in time? Follow these instructions:
After the authentication in browser/app displays the 2-digit number
Click the first line of blue text: I can't use my Microsoft Authenticator app right now
If the previous windows has already timed out (60 seconds), you can click the Enter a security code instead
Click Use a verification code
Open the Microsoft Authenticator app
Navigate to the Authenticator tab
Click the USU profile
Enter the 6-digit number under One-time password code into your browser/app that asks for Enter Code
Click Verify
Ready to switch?
Go to the Central IT opt-in website and follow the instructions.
If you run into problems, let us know so we can help you.
If you need help, don’t hesitate to contact LIT. We love to help.
Related articles
Verified: Sep 5, 2023