Known issues and troubleshooting for Two-Step Login (Duo) at IU
With the transition to Duo Universal Prompt, group account logins will behave differently than before. With group accounts, when a Duo push is the most secure authentication method for an account, the default push-enabled device will receive a push notification the first time someone logs into it with a new browser. To choose a different device, select . Select a different device to receive the push notification or choose a different authentication method.
Your browser will remember your last-used authentication method in the future unless you are using an incognito window, clear your cache and cookies, or log in using another browser or device.
On this page:
Overview
This addresses known university-wide issues, troubleshooting steps, and common questions for Two-Step Login (Duo) with IU Login at Indiana University.
At this time, UITS does not recommend that you use Microsoft's new Outlook. For feature comparisons with the new application, see Getting started with the new Outlook for Windows.
General issues and troubleshooting
Issue | Description | Workaround | Last updated |
---|---|---|---|
Error message "Incorrect passcode. Please try again." after correctly using a passcode from a token |
You may see the "Invalid Passcode" error for any of these reasons:
|
Attempt to log in three times in a row with a new code each time to resync your token to the Duo servers. If after the third attempt, it still fails, contact your campus Support Center. | August 31, 2016 |
Support for iOS 11 and Android 7 has ended | Duo has ended support for iOS 11 and Android 7. Devices running these OS versions and older will not receive Duo Mobile updates. Furthermore, after February 2, 2021, it will not be possible to download and install Duo Mobile from the Apple Store or Google Play Store. | UITS recommends updating the operating system to a supported version. If that is not possible, and if Duo Mobile already installed, it will continue to function. Also, it will still be possible to receive authentication texts and calls. | November 30, 2020 |
When using Safari on macOS 10.14 or later, Duo Remember Me functionality gives error message | If you don't disable "Block all cookies" and "Prevent cross-site tracking", you'll see an error message that states: "You need to enable cookies in order to remember this device". | Uncheck | and in Safari.May 27, 2020 |
When using iOS, Duo Remember Me functionality gives error message | Apple has intentionally designed iOS WKWebView to limit the ability to issue and read browser cookies, and Duo Remember Me therefore does not work. | This is by design, and no workaround exists. | July 10, 2020 |
USB security key displays twice in Security Center | If a user enrolled a USB security key when Chrome was the only browser supporting them, and later enrolled the USB security key through the Security Center while in either the Firefox or Opera browsers, then the USB security key may show up twice in the list of enrolled devices in the Security Center. | To prevent this behavior, if a USB security key is enrolled with the Chrome browser, use the USB security key to complete a Two-Step Login in the Chrome browser and complete the prompts to upgrade the token. | September 12, 2019 |
iOS 9/Android 5 Duo Mobile support ended April 1, 2018 | Duo Mobile support for Apple devices running iOS 9 or earlier and Android devices running Android 5 or earlier is no longer available as of April 1, 2018. The Duo Mobile app is no longer available for download for these devices as of June 1, 2018. | Push and app-generated passcode authentications will continue to function on apps installed before June 1, 2018. Duo authentication in the form of phone calls and SMS text messaging will also continue to be available for these devices without the Duo Mobile app. | January 16, 2018 |
Device name has changed in the drop-down menu and in the two-step "My Devices and Settings" page |
Device names in Duo are consistent across all accounts. If a device is used for both a personal account and a group account, the same device name appears and can be modified in both accounts. If someone changes the device name in a group account, that change will be reflected in the personal account's drop-down and "My Devices and Settings" page. |
Device names should be descriptive of the device and its owner (for example, |
October 11, 2017 |
In iPhone or iPad, and in macOS 10.15 (Catalina) or higher, the Duo Prompt is replaced with a gray box or otherwise does not display correctly | Content restrictions can prevent the Duo Prompt from displaying correctly. | For help disabling content restrictions in iOS or macOS, see How do I resolve Duo Prompt display issues related to iOS or macOS content restrictions? | November 1, 2019 |
YubiKey 4 Nano is not recognized | A YubiKey 4 Nano is connected to your computer, but it is not being recognized by Duo or other YubiKey-supported services. | Check to make sure the device is inserted the correct way into your computer (for example, unplug the device, turn it over, and plug it back in). | June 9, 2017 |
In China, Duo Mobile for Android cannot be downloaded from the Google Play Store | In China, the Google Play Store is not available. | You can download the Android Duo Mobile app directly from Duo's website instead of using the Google Play Store. To install the app, you will need to enable a "sideloading" feature in your Android device. Sideloading means installing an app from a source other than the Google Play store. To enable sideloading in your Android device:
|
May 15, 2017 |
Blank or flashing screen appears when attempting to authenticate to Duo | Using older versions Chrome with the LastPass extension may prevent the Duo interface from loading. | Update Chrome to the latest version. | February 3, 2017 |
Duo authentication prompt does not load | The web page does not load the Duo authentication prompt and instead displays a blank space where the prompt should appear. | Dragon NaturallySpeaking speech recognition software sometimes causes this issue. Temporarily disabling this software allows the Duo authentication prompt to load correctly. | October 17, 2016 |
Changes not saved when renaming device | If you click | without clicking , your changes will not be saved.Follow the instructions in Renaming a device in Manage your Two-Step Login (Duo) devices and settings. | September 6, 2016 |
"Undefined" error message | If the Duo two-factor authentication screen displays an "Undefined" error when you are trying to send a login request, most likely your session timed out after staying idle for too long. | Refresh the page or open a new browser window, and then try again. If the problem persists, contact your campus Support Center for help. | September 6, 2016 |
Account is locked | Your account may be locked after repeated failed login attempts. | If your account is locked, contact your campus Support Center to request that it be unlocked. | September 6, 2016 |
Error message "Denying unknown user" | When using Duo to log into an Indiana University service, if you have not finished enrolling, you may see the error message "Denying unknown user." | Try to complete the process to enroll your mobile device with Duo. | August 18. 2016 |
The Duo screen cut is off during Microsoft 365 account sign-in | When signing into your Microsoft 365 account using any Office desktop application for Windows, the Duo Authentication screen does not completely fit in the window and some options are cut off the screen. | Press Tab on your keyboard to scroll down and view the rest of the Duo Authentication options. |
August 10, 2016 |
Group account issues and troubleshooting
Issue | Description | Workaround | Last updated |
---|---|---|---|
Requesting multiple Duo tokens |
IT Pros or group account owners may decide that members of their group accounts need a separate token for each account. |
Each person may be issued one Duo token by the Support Center, and this token can be added to all accounts the person has access to. IT Pros and group account owners do not need to request batches of tokens to have on hand for their users. |
October 13, 2017 |
Users cannot register Duo tokens themselves |
To register a Duo token, you need to request the token from the Support Center, and the Support Center must verify your user ID before attaching the token to your account. Account owners and IT Pros do not have access to add Duo tokens to any accounts, including group accounts they own. | The group account owner and Duo token holder must come to a walk-in location to register the Duo token to any group accounts. Both will have to provide a photo ID. The Support Center will then add the Duo token to the desired group accounts. | October 13, 2017 |
Seeing multiple Indiana University accounts in your Duo Mobile app |
Any device enrolled as a tablet will be required to scan a new QR code for each additional account when activating the Duo Mobile app. This will result in multiple "Indiana University" entries displayed in the Duo Mobile app. |
Each account will be named "Indiana University" by default. To avoid confusion with multiple accounts, users should edit the name of a new account immediately after adding it. The account name can be edited by holding your finger on the account in the list, then selecting "Edit Account" from the menu that appears. |
October 13, 2017 |
All users can make device and settings changes in the account's Duo Control Panel |
All users added to a group account can edit devices in the account's Duo Control Panel. This includes adding and deleting devices, changing a device's name, modifying the device's settings, and setting a new default device. |
This is expected behavior in Duo. IT Pros should implement best practices for maintaining the number of people who have access to the group account, and they should ensure that only those who need access to the group account have devices in the device list. |
October 13, 2017 |
The device list is not sorted in a logical order |
Users cannot sort the device list, and the devices have generic names (for example, Apple iOS or Google Android). |
The device list cannot be sorted. Devices can be renamed, but this will not sort them any differently. IT Pros and account owners should implement best practices when naming devices (for example, |
October 13, 2017 |
Repeated push notifications being sent to the wrong device |
The first device on the list will be the first device everyone sees. This will likely result in several other users mistakenly sending push notifications to this device. |
For group accounts, users should consider using a passcode instead. It doesn't matter what device is selected in the drop-down menu; a passcode generated from any device associated with the account will work. It's a very bad idea to set any phone as the default device for a group account and enable automatic push notifications. Users who attempt to do this may not realize that their phones will receive an automatic push notification every time anyone tries to access the group account. |
October 13, 2017 |
The owner of the group account left IU |
If the owner of a group account is the only person with a device enrolled and leaves IU without transferring ownership (see Transfer ownership of a group or departmental account), then no one else will be able to log into that group account. |
Ensure that all group accounts are properly transferred to new owners before employees leave IU; see Transfer ownership of a group or departmental account. |
October 11, 2017 |
For help, contact your campus Support Center.
This is document bfnf in the Knowledge Base.
Last modified on 2023-08-17 09:11:17.