First-time Enrollment in Duo Enrollment is the process that registers you as a user in Duo with a device capable of performing two-factor authentication. Duo prompts you to enroll the first time you log into a protected VPN or web application when using a browser or client application that shows the interactive Duo web-based prompt. Follow the on-screen prompts to set up your Duo authentication device. Instead of enrolling when you log in to an application, you might receive an email from your organization's Duo administrator with an enrollment link instead. Introduction You will initially receive the following email for enrollment… Please click on the link to enroll and follow the prompts. The first screen you will see is this.  Click Start Setup. Select Tablet and click Continue.     Select your device type and click Continue. Follow the instructions to download and install the Duo Mobile app on your mobile device. Once complete, click I have Duo Mobile installed.     On your mobile device, open the app, click Use a QR code and then scan the screen. On your mobile device, if you are presented with an option to name your account, type in a friendly name in the Account name field. We suggest using the name of your hospital. Tap Save. Back on your computer screen, your progress will be updated to confirm you scanned and added the account successfully. Click Continue.     Select Automatically send this device a Duo Push and click Finish Enrollment. Congratulations!   You have finished device enrollment and are ready for multi-factor authentication (MFA) logins.

First-time Enrollment in Duo Enrollment is the process that registers you as a user in Duo with a device capable of performing two-factor authentication. Duo prompts you to enroll the first time you log into a protected VPN or web application when using a browser or client application that shows the interactive Duo web-based prompt. Follow the on-screen prompts to set up your Duo authentication device. Introduction Find your email for Duo enrollment in your company email inbox. If you can't find it, then you can create a ticket with the service desk so a new enrollment can be sent.  A partial enrollment is done through the browser as you're signing in for the first time on a company computer. Enrollment is possible through this method as long as you select "I have a tablet" when you see the screen asking for your phone number. Adding your phone number is not necessary. You will see a Microsoft sign-in screen like the one below. If you are outside the hospital, open up a browser on any computer (not your mobile phone), and type https://outlook.office.com. Sign in with your company email and password. If you are using a company laptop, and signing into the browser for the first time, it'll automatically go through enrollment. Going through your company email is a sure way of enrollment. Type in your email address and click Next.     You will be redirected to the Duo Single Sign-On page. Type in your email address again and click Next. Type in your password and click Log in.     You will be redirected to the self-enrollment wizard so that you can enroll your device. Click Next a few times to learn why protecting your identity with two-step verification is important and begin the setup process.   Choose the Duo Mobile option and enroll Click Duo Mobile to continue the enrollment process. In the steps that follow, you will download the Duo Mobile app to your mobile device and then scan a QR code to connect the app and your account.   Duo Mobile is an app that runs on iOS and Android phones and tablets. It's fast and easy to use and doesn't require cell services. Duo pushes login requests to Duo Mobile when you have mobile data or Wi-Fi connectivity to the internet. When you have no data service, you can generate passcodes with Duo Mobile for logging in to applications. Click the I have a tablet link at the bottom of the prompt. **You can enter your phone number here and confirm it in the next step if you choose, but it is not required. You can skip this step if you just click the I have a tablet link.**     Download and install Duo Mobile on your mobile device from the Apple App Store or Google Play Store. We’ve provided QR codes you can scan with your mobile device that take you directly to the app below. Once you have Duo Mobile installed click Next.   Open the Duo Mobile app on your mobile device and add this account by scanning the barcode shown ON YOUR SCREEN (NOT the example below). **You may need to tap the Add button at the top right of the mobile app and then tap on Use QR-code** (Please DO NOT use the sample QR code) In the Duo app on your mobile device, if you are presented with an option to name your account, type in a friendly name in the Account name field. We suggest using the name of your hospital for this friendly name. Tap Practice Now to see how the procedure will work. You will be asked to complete a few tasks that show you how the app will work when you need to use it. If you are prompted to Allow notifications, please allow them. This will make it very easy to approve a login attempt. Keep clicking Next or OK to continue through the process. Back on your computer, when you receive confirmation that Duo Mobile was added click Continue.   You can now log in to Duo-protected applications with Duo Push or with a Duo Mobile passcode. Click the Log in with Duo button. On your phone you will be asked to verify your identity via the Duo application.  Tap Approve. If the Operating System on your phone is old enough that it is no longer supported you will be required to upgrade it. You have now finished enrolling your account with Duo.

What is Duo? Duo is a two-factor authentication app that adds an extra layer of security when accessing applications. When properly enrolled, you'll be able to access applications outside the hospital. Applications that use Duo to authenticate: Whenever you attempt to log in to an application that is connected to your Office 365 account for the first time - 8x8, Freshservice (IT Service Desk), mobile Outlook, Teams, and Concur are examples - you will be required to approve the login through Duo. Assuming you have already enrolled in a mobile device to enable you to approve logins, the process is very simple. 8x8 Email Teams Concur VPN VPN will always authenticate through Duo. You must have the VPN security permission as well. Not all job titles get this by default. Most department heads and employees that work outside the hospital with have this access. If you work mostly in the hospital but may have to work from home, you'll most likely have to request VPN permission. You'll need to visit the Service Catalog and look for "VPN." WellSky does NOT use Duo. WellSky has it's own authentication process when working outside the hospital. You can either use VPN or use SMS (texting.) Texting is a permission itself and not automatic. You will need to request this in the Service Catalog of the ticketing system under "WellSky Remote Access." Check your email immediately - You should already have a Duo enrollment email in your inbox. This is time sensitive and will expire. Failure to enroll will result in problems setting up mobile Outlook, and 8x8 on your mobile device. This will require you to open an incident with the IT department so a new Duo enrollment email is sent out. The process to approve through Duo is very simple. With your enrolled mobile device nearby, after you type your username and password into one of these connected applications, you will receive a push notification from the Duo app. You can pull down on the notification banner and tap Approve, or tap on the notification and then tap the Approve button in the app. Related Articles What to expect from enrollment Email enrollment How to authenticate Receiving multiple pushes

Duo Push: The Best Way to Authenticate   Duo Push is an authentication request you’ll receive as a notification on your smartphone. It’s quicker, easier, more secure, and cheaper than receiving text messages or phone calls.   To use Duo Push, you will need to have the Duo Mobile app installed and activated.   Why is push the best authentication method?  It’s quicker than a text or a phone call Authenticating with a text message requires waiting to receive the text, reading a passcode, and then typing it in. Phone calls require actually answering the phone, listening to the recording, and using the dial pad to approve the login. Duo Push is as simple as approving a notification on your smartphone.  It’s more secure Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t. The Duo Push screen displays detailed information about the application and source device that initiated the authentication request. Frequently Asked Questions How much data does a Duo Push use? Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone. Does installing the Duo Mobile app give up control of my phone? No. Duo Mobile has no access to change settings on your phone. Duo Mobile cannot read your emails, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device and you always are in control of whether or not you take action on these recommendations. Why does the Duo Mobile app need to access my camera? Duo Mobile only accesses your camera when scanning a QR code during activation.  What if I don’t have a Wi-Fi connection or cellular reception? No problem. Tap the       icon in the Duo Mobile app to generate an authentication passcode. You do not need an internet connection or a cellular signal to generate these passcodes.  What if my push alerts aren’t coming through? Try these easy troubleshooting steps for iOS, Android, Windows Phone, or BlackBerry. Still not working? Reactivate Duo Mobile or contact your help desk.

We had to add the scanner@nobisrehabpartners.com account to Duo to make the WS-Trust work properly.

Summary You may experience multiple push notifications from Duo that may have queued up. This may happen because you were trying to connect on VPN or were on VPN. Push notifications could also queue up from not responding to the push notifications. You will notice that if you keep on clicking on "Approve" nothing happens right away. Past "Approve" notifications will generally expire, so it's possible you're approving an older approval. Instructions Make sure it is you trying to log in. If you blindly choose to approve the push notification, you can potentially allow a hacker access to the system. Duo verification will make you verify when using certain applications linked to our network. Outlook, Landing, 8x8 will be every 90 days since these are applications using Single Sign-On (SSO). VPN will make you use Duo every time you try to connect. This is the most likely scenario you are experiencing with the multiple push notifications. 1. To help prevent multiple push notifications, log off of VPN when not in use. If you lose connection while on VPN, the VPN application will try to reconnect, and Duo will send out a push notification. If you don't respond after a certain amount of time, Duo will lock the account. It will auto-unlock after 15 minutes. 2. Ensure your mobile device is getting a signal. WiFi is preferred since it's a little quicker than the cell towers.  3. Be ready for the push notification. You can have the Duo app open on the phone, or just wait for it to pop up on your mobile device's screen. If you use an Apple phone along with an Apple watch, you can approve through the watch. Troubleshooting 1. If you want to help prevent multiple push notifications from queuing up. Disconnect from the VPN when you are done with it. If you don't, you could potentially received multiple push notification if you lose VPN connection. 2. If you received multiple push notifications already. Reboot your computer and start fresh. Related Articles VPN Q&A

Summary If you are in the process of transferring to a new phone or mobile device, there are a couple of scenarios that could affect you. You bought a new phone and transferring your old phone to your new phone. You are transferring your phone to a new number. Apple IOS - if you had Duo installed on your old phone and it was backed up, it should sync with your new iPhone, but it's not always guaranteed success. You may need to re-enroll by creating an incident with IT. Android - It seems to fail every time. We have not encountered an upgrade where Duo works on the new phone. You will need to create an incident with IT for Duo enrollment. Instructions 1. Create an incident explaining that you purchased or are transferring to a new phone and need to re-enroll in Duo. 2. Once a ticket is created with IT, our Service Desk will send a new Duo Enrollment email. Follow the prompts. During enrollment, please make sure you select "I HAVE A TABLET." Instructions are found here. Note: You cannot enroll from the mobile device itself. You must enroll from a computer because you need to scan the QR code from your phone. Please be advised that a new phone will break your email on your phone. See article below. Related Articles My Outlook on my phone shows blocked

Summary If you're attempting to access an application like Outlook, Teams, 8x8, or anything that interacts with our network using your computer login, you may encounter the "Bypass code" prompt. This prompt typically appears when attempting to access applications outside of our network. If you happen to be in a hospital, enrolling in Duo is not an issue as it is whitelisted on our network. This helps to minimize work disruption. In the past, enrolling was a significant challenge because it wasn't being done, and it affected the Agency personnel who lacked the necessary license. This hindered their ability to enroll. The Bypass Code message happens because you're accessing an application outside of our network but past the enrollment window. You'll need to create a ticket. There is NO bypass code to be given. The system relies on the user enrolling in Duo. Please create a ticket for enrolling in Duo. When you create an incident for this issue, your ticket will be escalated to our System Admin. Expect a Duo enrollment email. The enrollment process will look similar to this solutions article: https://nobis.freshservice.com/support/solutions/articles/16000052919

First-time Enrollment in Duo Enrollment is the process that registers you as a user in Duo with a device capable of performing two-factor authentication. Duo prompts you to enroll the first time you log into a protected VPN or web application when using a browser or client application that shows the interactive Duo web-based prompt. Follow the on-screen prompts to set up your Duo authentication device. Instruction When employees are onboarded, Duo is automatically part of a permission that is granted. You should already have a Duo enrollment in your company email inbox. The link within the email does have an enrollment time before it expires. We have found out that the enrollment email will sometimes fail to send to the user. If this happens, a ticket will be required for IT to resend the enrollment. Try to enroll immediately if you're new or assisting a new hire. Not everyone requires Duo, but if you use Microsoft Teams or use company email outside the hospital, you will need Duo. WARNING: It's not advisable to enroll for the first time outside the hospital as this seems to cause confusion to most. If you're new to the company and work in a hospital, please enroll from the hospital by checking your company email. If you don't find a Duo enrollment email in your inbox, please create a ticket with your IT department asking for a new Duo enrollment. Ensure you've signed into the computer at the hospital first before proceeding. You will have to visit the hospital if you don't do this. 1. To enroll in Duo outside of the hospital, you'll need access to a computer. Please do not use a mobile device for enrollment to access the link in the next step. You won't be able to scan the QR code if you do. 2. Open up a browser, it doesn't matter which one, and type https://outlook.office.com in the address bar of the browser. 3. You will see a Microsoft login page. You will type in your COMPANY email. 4. The next screen is when enrollment begins. Again, you will type in your COMPANY email and password that was used to sign into the computer while in the hospital. This step can't be completed unless you create a password. 5. Duo will have you go through some acknowledgments, and you will need to scan the QR code from your mobile device. Once this is done the next step is critical and most often the most failed step. Please follow this step carefully! Do NOT enter a phone number. Instead, click on "I have a tablet." If you followed the steps correctly, then you're enrolled.