2FA: Log in to WebAccess Using Two-Factor Authentication - Detailed Instructions

Article Intended For

Penn State faculty, staff, students, and other affiliates currently enrolled in two-factor authentication (2FA).

Introduction

Penn State offers a number of options for completing two-factor authentication. This article includes the following:

• Quick Steps:  Links to brief instructions for each method of authentication
• Detailed Instructions:  Step-by-step instructions and troubleshooting tips for every method.

To learn which methods of authentication can be used with a particular type of device, see knowledge article What Devices and Methods Can I Use for Two-Factor Authentication?

Step-by-Step Instructions

Quick Steps

Click one of the following links for brief instructions for a particular method of authentication:

• Duo Mobile Push     • Duo Mobile Passcode     • Phone Call     • Security Key     • Touch ID     • Texted Passcode     • Duo Token Passcode     • Apple Watch

Detailed Instructions

NOTE:  To enlarge any image in this article, simply click the image. The images reflect the screens you will see as you complete the login and authentication process.

Initial Steps - All Methods:

    On the device (laptop, desktop, phone, or tablet) you're using to log in to the site you want to access:

1. Open your web browser and navigate to the website or service you wish to log in to (LionPath, Canvas, Office 365, etc).
   
   See U2F Security Key Requirements and Touch ID Requirements to learn which browsers support those methods of authentication, as well as which applications do not support Duo authentication with a security key. 
   
   
   
2. When the WebAccess login screen appears, log in to your Penn State Access Account:
   
   
   • Enter your user ID (Example:  abc123) and password and click LOG IN.
     
     
     NOTE:  If you've logged in to WebAccess within the last 15 hours and have no more than 6 hours of idle time, you may not be required to log in and authenticate again in order to gain access to other WebAccess protected sites.
     
     
     
3. What happens next depends on whether you chose Remember me for 24 hours the last time you logged in to WebAccess and whether it's been 24 hours since you did so.
   
   
   • If you chose Remember me for 24 hours the last time you logged in to WebAccess with this device and browser, and 24 hours have not yet passed:
     
     
     • The website you're logging in to appears. Your log in is complete.
       
       For more information about the Remember me feature, see knowledge base article 2FA: How Do I Use "Remember Me" for Two-Factor Authentication?
       
       
   • If you did not choose Remember me the last time you logged in (or it's been more than 24 hours):
     
     
     • The Duo Authentication prompt is displayed. 
       
       If you have more than one device enrolled, a drop-down list shows the devices you have enrolled for 2FA using the nicknames you chose when you enrolled them.
       
       NOTE:  If you've enrolled a U2F security key using the Chrome web browser, and you're using Chrome now, your security key will not show up in the list of enrolled devices.  That's because Chrome allows you to use your security key to authenticate without selecting it from the device drop-down.
4. Next, decide whether to take advantage of the Remember me checkbox:
   
   
   • Do not check Remember me if you're logging in from a shared device. Only check it if you're logging in from a device you own, and you're the only one who uses that device.
     
     To learn more about this feature, see knowledge base article 2FA: How Do I Use "Remember Me" for Two-Factor Authentication?
     
     
     
5. Click one of the following links to navigate to the remaining steps, trouble-shooting resources, and requirements for using each method of authentication:
   
   
   • Duo Mobile Push (requires smartphone, tablet, or Apple Watch)
   • Duo Mobile Passcode (requires smartphone, tablet, or Apple watch)
   • Phone Call (requires smartphone, cell phone, landline, or VOIP)
   • Security Key Tap (requires a USB security key that supports the U2F protocol)
   • Touch ID (requires a MacBook Pro or MacBook Air with Touch ID)
   • Texted Passcode (requires smartphone or cellphone)
   • Duo Token Passcode (requires Duo Token)
     
     

  Duo Mobile Push

     Step-by-Step Instructions Continued:

6. If it's not already selected, select the smartphone or tablet you wish to use to authenticate from the drop-down list of enrolled devices.  
   
   
   
   NOTE: Make sure the screen on that device is unlocked (unless you wish to authenticate using your Apple Watch, in which case your phone must be locked).
   
   
7. Click Send Me a Push. 
   
   A request to approve login is sent to the device you're using to authenticate (your smartphone, tablet, or Apple Watch).  
   
   The notification shows the name of the resource requesting authentication (in this case, WebAccess) and offers the option to Approve or Deny the request.
   
   NOTE:  If Send Me a Push is not displayed as an option, you may need to re-activate Duo Mobile.  For additional information, see knowledge base article Activate or Re-Activate Duo Mobile on My Smartphone to Receive Duo Push and Duo Passcodes.
   
   
   
8. Follow the on-screen instructions to approve the request. 
   
   The website you're logging in to appears as soon as you approve the authentication request.
   
   

Where to Find Help if Duo Push Isn't Working: 

• No Duo Push Option on the 2FA Login Screen
• 2FA: I'm no longer receiving Duo Push Notifiations on My Enrolled Smartphone
  
  
  

  Duo Mobile Passcode

     Step-by-Step Instructions Continued:

6. Open the Duo Mobile app on the device you're using to authenticate (your smartphone or tablet). 
   
   
   • On your Android or iPhone:
     
     
     
     
     • If Penn State is the only account you have linked to Duo Mobile, a Duo passcode is displayed on your screen as soon as you open the app on your Android or iPhone.
     
     
     
     
     
     
     • If you have more than one account linked to Duo Mobile on your Android or iPhone, tap the down-arrow (  ) next to your Penn State account to expand it and show your Duo passcode.
       
       
       
   • On your Windows phone:
     • Tap the green key symbol  or Generate Passcode , depending on your version of Windows.
       
       
       
7. On the device you're using to log in (your laptop, desktop, smartphone or tablet), choose your method of authentication:
   
   
   1. Click Enter a Passcode OR Enter a Bypass Code. (It isn't necessary to select the device you're using.)
      
      
      
      
   2. Enter the six-digit code generated by Duo Mobile in the text box next to the button and click Log In.
      
      
      
      The website you're logging in to appears.
      
      
   3. If the website does not appear:
      • Return to the Duo app on your phone or tablet and tap the refresh symbol (  ) to generate a new passcode. 
      • Enter the new passcode in the box provided, and try again. 
      • If you're not logged in at this point, call the IT Service Desk for assistance.
        
        

Where to Find Help if Duo Passcodes Aren't Working:

• I'm no longer able to use Duo generated passcodes for 2FA Notification
  
  

  Phone Call

    Step-by-Step Instructions Continued:

6. If it's not already selected, select the phone you wish to use to authenticate from the Device drop-down list.
   
   
   
   
7. Click Call Me.
   
   The 2FA service generates a phone call to the phone you selected.
   
   
   
8. Answer the phone call and follow the instructions you hear to approve the authentication request.
   
   The website you're logging in to appears as soon as you approve the authentication request.
   
   

Where to Find Help if the Phone Call Method of Authentication Isn't Working:

• Trouble using Phone Call Method of Two-Factor Authentication (2FA)
  
  

  Security Key Tap

Step-by-Step Instructions Continued:

6. The next step depends on your answer to the following questions:
   
   
   1. Were you using the Chrome web browser when you enrolled your security key for use with Penn State 2FA?
   2. Are you using Chrome to log in and authenticate now?
      
      
      If the answer to either question is "No": you must select your security key from the Device drop-down list.
      If the answer to both questions is "Yes": you do not need to select your security key from the list of devices.
      
      
7. Click Use Security Key.
   
   
8. Insert or tap your security key to validate your log in.
   
   The website you're logging in to appears as soon as you approve the authentication request.
   
   

Where to Find Help if the Security Key Method of Authentication Isn't Working:

• Trouble Using Security Key for Two-Factor Authentication

   Touch ID

Step-by-Step Instructions Continued:

6. If it's not already selected, select the Touch ID device you wish to use to authenticate from the Device drop-down list.
   
   
   
   
7. Click the Use Touch ID button.
   
   A pop-up window says "Waiting for Touch ID to verify you...". 
   It is immediately overlaid by another pop-up that says "Use Touch ID with duosecurity.com", and includes a Cancel button.
   
     
   
   
8. Place your finger on the Touch ID button on the Touch Bar.
   
   The website you're logging in to appears as soon as you approve the authentication request.
   
   

Where to Find Help if the Touch ID Method of Authentication Isn't Working:

• Trouble Using Touch ID for Two-Factor Authentication

  Texted Passcode

     Step-by-Step Instructions Continued:

6. If it's not already selected, choose the phone you want to use to receive SMS texted passcodes.
   
   
7. Click Enter a Passcode.
   
   
   
   
   
8. Request or locate an existing text message containing a passcode:
   
   
   • If you previously requested and received a list of passcodes in an SMS text message, open your cellphone, find the text message you received, and identify an unused passcode.
     
     If you've already used at least one of the 10 passcodes you received via text message, a hint is displayed at the bottom of the Duo Prompt to help you choose a code you haven't used yet. 
     Example:  Your next SMS passcode starts with 2.
     
     
     
     
   • To receive a new list of passcodes,  click the Text Me New Codes button in the blue area at the bottom of the Duo Prompt.
     
     The 2FA service sends a text message with 10 one-time use passcodes to the phone you selected. 
     
     NOTE:  You may use the remaining passcodes for future log-ins.  Each passcode may be used for one log in.  Each time you select the same phone for authentication, a hint in the blue area at the bottom of the Duo prompt indicates which of the remaining passcodes should be used next.
     
     
9. On the device you're using to log in, enter one of the passcodes from the text message in the box provided and click Log in.
   
   
   
   The website you're logging in to appears.
   
   

 
  Duo Token Passcode

     Step-by-Step Instructions Continued:

6. Click Enter a Passcode or Enter a Bypass Code (whichever one is currently displayed). 
   
   
   
   
7. Press and release the button on your Duo Token to display a passcode.
   
   
   
8. Enter the passcode in the box provided and click Log In.
   
   
   
   The website you're logging in to appears.  
   
   

Where to Find Help if the Duo Token Passcode Method of Authentication Isn't Working:

• Trouble Using Duo Token for Two-Factor Authentication