To improve our security posture, UC Davis Health has incorporated Duo Security as a multi-factor authentication solution to access EPCS, Office 365, VPN, HS Apps, and other applications from off-site locations. DUO helps to verify identification by combining username and password (something you know) with cell phone or landline (something you have). This ensures that you are the person trying to access your account.


DUO Security Supports the following devices:
Device Duo Push (recommended) Passcode Voice Call SMS (Text)
Smartphone
Basic Cell Phone
Landline
DUO offers four different methods of authentication:

Push is used when Duo's mobile application sends a push notification to your smartphone. Just tap “Approve” to authenticate.

Passcode (softtoken) from Duo’s mobile application it provides a 6digit unique code to authenticate.

Call is the simple feature where Duo Security calls your device and you authenticate by pressing a key.

SMS is when Duo Security sends a passcode to your device via a text message or SMS. You then authenticate by entering your onetime passcode.

In addition to your password, multi-factor authentication provides a second layer of security by sending an approval request to a pre-approved device. By requiring two different modes of authentication, UC Davis Health can protect user logins from remote hacks and phishing attacks that may exploit stolen user names and passwords.


The two modes of authentication include:

  1. Something you know: A unique username and password
  2. Something you have: A smartphone with an app to approve authentication requests
UC Davis has incorporated Duo Security as a multi-factor authentication solution.
Return to top
Login credentials are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords. Multi-factor authentication enhances the security of your account by sending an approval request to a secondary device you have (smartphone) to verify your identity. This step prevents anyone but you from accessing your account, even if they know your password.
Duo Security is a third-party vendor that provides a software service that utilizes multi-factor authentication to ensure secure access to UC Davis Health services and data.
There are a couple of reasons you could be getting invitations.
  1. There are two Duo systems, one for Campus applications and one for Health System applications. HS employees use both. You may be registered for one but not both.
  2. You may have more than one email address in our system.
If you have not registered in both systems, click the gold bubble above on the left for Campus or the gold bubble on the right for HS.
If you are certain you are enrolled in both systems, reply to the invitation you received and let us know you have enrolled.
Return to top
There are several reasons you may not be receiving push notifications, please try the following troubleshooting steps.
  1. Check network connectivity on your enrolled device.
  2. Have the Duo application open when authenticating.
  3. Refresh the application, when attempting to authenticate:
    • With the Duo application open, hold and drag the top of the application downwards. This will refresh the page and display any pending notifications.
  4. Try using a different method of authentication. For example, try the passcode option.

Return to top
If you are in an area with no wifi or cell service, you can still authenticate using Duo's Passcode option. For directions on using the Passcode option, please select the "Guides" bubble above.

Return to top
No.
You will only be prompted to authenticate using Duo when accessing the following applications from home, on the road, or on the university campus:
  • Outlook 365 (including email)
  • OWA (https://365.UCDavis.edu)
  • Cisco Anyconnect VPN client
  • EPCS (prescription system)
  • Citrix ***Coming Soon***
  • Banner

Even off-network, Outlook applications may remember your authorization for up to 90 days, and OWA will remember your authorization for up to 12 hours.
Return to top

No. We recommend using the mobile application for smartphones. However, we realize that using a smartphone is not an option available to everyone. If you are unable to use a smartphone, you may also register a non-smartphone mobile device or landline.

**NOTE: Please do not enroll an office landline phone.**

Return to top

Users are locked out when there are 5 consecutive failed login attempts. To get your account unlocked, please contact the Technology Operations Center (TOC) at (916) 734-4357.
Return to top

Users are locked out when there are 5 consecutive failed login attempts.
  • Make sure the Duo Mobile application is open: A user lockout sometimes happens when the Duo Mobile application sends multiple attempts to authenticate that are not responded to. To reduce the number of unanswered push notifications, try opening the Duo application prior to sending the push request.
  • Authenticate to an enrolled and available device: Persistent attempts to authenticate to an inactive or incorrect device can cause a lockout. If you did not complete the enrollment process, multiple attempts to authenticate with Duo will cause a lockout.

Return to top
**If you have enrolled a secondary device follow the steps below:
  1. Select the "Enroll" bubble for your application above.
  2. Log in: You will need to authenticate using your secondary device.
** If you did not enroll a backup device, please contact the Technology Operations Center (TOC) at (916) 734-4357.
Return to top
**If you have enrolled a secondary device follow the steps below:
  1. Select the "Enroll" bubble for your application above.
  2. Log in: You will need to authenticate using your secondary device.
**If you did not enroll a backup device, please contact the Technology Operations Center (TOC) at (916) 734-4357 to deactivate your lost device.
Return to top
  1. Select the "Enroll" bubble for your application above.
  2. Log in: you will need to authenticate using the "Call" or "SMS" option.
  3. Once logged in select your old device, click "Actions" and choose the "Remove device" option.
  4. Then select "Add Device", enter the appropriate information into the box, and click "Next".
    **NOTE: Please make sure to select the correct type of device**
  5. You will then receive a unique 4-digit PIN via phone or text-message. Please enter the pin into the MFA webpage.
    1. If enrolling a smartphone, please download the Duo Mobile application from your app store. Open the Duo application and select the key+ icon in the top right corner. The Duo application will then open the camera on your device and you will need to take a picture of the QR code. Then select "Finish".
    2. If enrolling a landline, select "Save".
    3. If enrolling a generic phone, select "Save".

Return to top
Please contact the Technology Operations Center (TOC) at (916) 734-4357 immediately so that we can deactivate that phone.
Return to top
If you receive a notification from Duo to authenticate that you did not initiate, Deny the request and contact the Technology Operations Center (TOC) at (916) 734-4357.

Return to top
No. Your account password is verified with our internal systems, and it is never sent to Duo. Duo provides only the second factor, using your enrolled device to verifiy it is actually you logging into the system.

Return to top
If you do not have a data plan, you can still use the SMS and Call options to authenticate.

Return to top
The Duo mobile application is free to install on mobile devices and tablets.

Return to top
Usually this is either because you have not enrolled a phone or because you have an unsupported email client.
If you have not enrolled a phone, select the "Enroll" bubble for your application above and follow the instructions.

Only the following email clients are supported:
  1. Outlook 2016 for Windows and Mac
  2. Outlook App for iOS and Android
  3. OWA (https://365.ucdavis.edu) browser based email for any device.

No other email clients are supported. The following are examples of unsupported email clients:
  1. Outlook 2010, 2011, 2013
  2. Mac Mail
  3. Apple Mail on mac and iOS
  4. Thunderbird
  5. Gmail

Note: Unsupported email clients will work within an HS facility, or using VPN.
For more information, you can visit the "Guides" Bubble or Verify your email client will work with Duo.

Return to top
Outlook displays calendar and contacts from within the Outlook app, and not through the iPhone apps.

For more information, you can visit the "Guides" bubble under Outlook or Differences between Outlook and iPhone apps

Also, contacts are not automatically saved to your iPhone unless you set it to do so during installation of the Outlook app.
For more information, review the installation instructions under the "Guides" bubble or Outlook for iPhone setup instructions

Return to top
Duo push uses a minimal amount of data - less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.
For more information, you can visit: https://help.duo.com/s/article/1005

Return to top
8AqRjoer6Qo
joTI-u3jf6o