Description
This document describes how a user can enroll themselves in Duo to associate their CloudControl username with a token device - email address, phone number for text or call, or smartphone with the Duo app.
Multi-Factor VPN Authentication is available as an optional service, though there is a selection of Private Cloud Organizations in various Geographic Regions where the service is required.
For more information about this feature please refer to Introduction to Single-Factor and Multi-Factor Client-to-Site VPN Authentication.
Preconditions:
- You must be enrolled with Duo in order to connect to a VPN if your Organization is configured to require Multi-Factor VPN Authentication at the Geographic Region where the VPN is located.
- For guidance on Cisco AnyConnect installation and how it is used to connect to CloudControl VPNs please see How to Establish a Secure VPN Connection to Access your Cloud Network and Servers
Content/Solution:
The following example shows a user who account is not currently enrolled with Duo beginning the process of accessing a Multi-Factor VPN Authentication enabled VPN endpoint (https://na1.cloud-vpn.net/mfa):
Login to the VPN URL using any browser and enter your Cloud VPN login credentials and follow the steps on screen:
Click Start setup:
Select the type of device you are adding, then click Continue:
Enter the phone number, then click Continue:
Select the phone type, then click Continue:
Install the Duo Mobile App on your device. If Duo is already installed, click I have Duo Mobile Installed:
To install Duo Mobile on your device please reference their documentation at Duo Two Factor Authentication App - Duo Mobile
Activate Duo by scanning the QR code, or select to have an activation link emailed to you instead:
Once Duo has been activated, you'll see this prompt. Click Continue:
Select what action you would like to take when logging in, then click Continue to Login:
Note: You can also add another deviceSelect an Authentication method:
Once user enrollment is successful, you can use the AnyConnect VPN to connect to the VPN:
Please refer to the instructions at How to Connect to a VPN with Single-Factor or Multi-Factor VPN Authentication.