Use Two-Step Login (Duo) with a group account

Important:
You can now manage your Two-Step Login (Duo) settings in the Security Center. On November 1, the Security Center will replace the Two-Step Login site as the place to access your Two-Step devices and settings. For details about how the Security Center can help you stay secure at IU, see About the IU Security Center.

On this page:

Before you begin

For important details about using Two-Step Login (Duo) with a group or departmental account, see Best practices for group accounts.

You do not need a separate device for each group account you access, as the Duo Mobile app supports multiple usernames per device. Single-button hardware tokens (SBHTs) also support multiple usernames, as long as only one of them is listed as primary. Each token should belong to one person, who can use the same token to access all group accounts to which they have access; tokens should not be shared between different people who have access to the same group account.

Enroll a first device

To set up Two-Step Login (Duo) for use with a group or departmental account, the account owner should do the following:

  1. In a fresh browser (i.e., in a browser in which you have not logged in using the Central Authentication Service [CAS]), go to Two-Step Login. Log into CAS using your group account credentials.
  2. When you see the "Protect Your Indiana University Account" screen, enroll a device for Duo. For step-by-step instructions, choose the type of device you'd like to enroll:
    Note:

    If you need to have a single-button hardware token (SBHT) added to a group or departmental account, the account owner needs to visit a Support Center walk-in location with a photo ID.

    If your mobile device is already enrolled in a group account and you wish to add your token as a secondary device, visit a Support Center walk-in location with a photo ID and your primary Duo authentication device. A Support Center consultant will verify your identity and that you can log into the account. After these two verifications, the consultant will add your token to the group account.

Enroll subsequent devices

The process for enrolling any subsequent device for a group account is the same as adding a personal account, except one (any) other person whose device is already enrolled for the group account must be present to complete the required Two-Step Logins for the person attempting to enroll a device.

For step-by-step instructions, see Manage your Two-Step Login (Duo) devices and settings.

This is document aobp in the Knowledge Base.
Last modified on 2018-09-26 10:18:12.

Contact us

For help or to comment, email the UITS Support Center.