Get Started: Register and Use 2fa
Effective April 20th, 2017, faculty, staff and student employees are required to use Two-Factor Authentication (2fa). Any student or sponsored account holder may optionally register for the service to add an additional layer of security to their Andrew userID and password.
2fa is used as an extra layer of security on any service using Single Sign-On through WebLogin (login.cmu.edu). Some examples of these services include, but are not limited to: Box, Lynda, Workday, SIO/S3, Sparcs, GSuite, Taleo, ServiceNow.
Note: 2fa is not available for VPN (General / Libraries), Clusters, and Email Clients (e.g. Outlook) at this time.
How do I register for 2fa?
IMPORTANT! Before registering for the 2fa service, ensure you have your CMU card number (for staff, faculty and students) OR a one-time token AND the device you will be enrolling to authenticate with Duo (e.g. iphone, tablet).
- Visit https://2fa.cmu.edu from a laptop and/or desktop.
Note: Once you start registration, you must complete the process.
- Register using one of the following:
- CMU card number (staff, faculty and students)
- One-time token issued by DUO on request (sponsored affiliates)
- Follow the instructions to complete registration for DUO.
Note: Ensure you install the application on your device when prompted.
What devices can I use for 2fa?
2fa at CMU supports mobile devices that allow apps (e.g. smart phones, tablets) and Help Center provided tokens.
Examples of supported devices:
- Smart phone (iOS, Android)
- Tablet (iPad or Android)
- Hardware token (available from the Help Center)
- U2F (e.g. Yubikey)
How do I use 2fa with WebLogin (login.cmu.edu)?
After registering to use 2fa with Duo, whenever you access a service using Single Sign-On you will also need to authenticate using your additional token from your device.
- Log into any application protected by Web Login.
- Sign in with Andrew credentials at login.cmu.edu.
- When prompted, select Send Me a Push OR Enter the Passcode.
- Approve the push from your device or retrieve and enter a one-time passcode from either your hard token or smart device.