At IU, what options are available for implementing two-factor authentication for privileged access to servers, applications, and network infrastructure?

Recent changes to Indiana University's Security of Information Technology Resources (IT-12) policy require use of two-factor authentication for privileged access (i.e., root or system administrator access) to servers, applications, and network infrastructure where practicable.

Following are some of the options available for implementing Duo two-factor authentication at IU.

Operating system and application integrations

Duo provides a number of native integrations with applications and operating systems. For a complete list, see the Duo Support Applications page. If an integration is available for your product, you may request an integration key using the instructions in Integrate Duo with an application.

Duo Unix PAM module

You can add Duo two-factor authentication to a Linux-based bastion server by deploying the pam_duo PAM module. For installation instructions, see Duo Unix - Two-Factor Authentication for SSH with PAM Support (pam_duo).

To complete the configuration, the system administrator will need to request a Duo integration key using the instructions in Integrate Duo with an application

Groups VPN

IU's Groups VPN uses Two-Step Login (Duo) authentication to restrict access to administrative environments. For more, see Use the IU Groups VPN to restrict remote access to your team's administrative resources.

This is document apfa in the Knowledge Base.
Last modified on 2018-07-18 14:31:31.

Contact us

For help or to comment, email the UITS Support Center.