How to Self-Enroll in Duo for Multi-Factor Authentication Access to Cloud VPN

Preconditions:

1. You must be enrolled with Duo in order to connect to a VPN if your Organization is configured to require Multi-Factor VPN Authentication at the Geographic Region where the VPN is located. 
   1. Please refer to How to Manage VPN Authentication for an Organization using the VPN Access setting
2. For guidance on Cisco AnyConnect installation and how it is used to connect to CloudControl VPNs please see How to Establish a Secure VPN Connection to Access your Cloud Network and Servers

Content/Solution:

The following example shows a user who account is not currently enrolled with Duo beginning the process of accessing a Multi-Factor VPN Authentication enabled VPN endpoint (https://na1.cloud-vpn.net/mfa):

1. Login to the VPN URL using any browser and enter your Cloud VPN login credentials and follow the steps on screen:
   
   
   

2. Click Start setup:
   
   
   

3. Select the type of device you are adding, then click Continue:
   
   
   

4. Enter the phone number, then click Continue:
   
   
   

5. Select the phone type, then click Continue:
   
   
   

6. Install the Duo Mobile App on your device. If Duo is already installed, click I have Duo Mobile Installed:
   

   1. To install Duo Mobile on your device please reference their documentation at Duo Two Factor Authentication App - Duo Mobile

7. Activate Duo by scanning the QR code, or select to have an activation link emailed to you instead:
   
   
   

8. Once Duo has been activated, you'll see this prompt. Click Continue:
   
   
   

9. Select what action you would like to take when logging in, then click Continue to Login:
   

   Note: You can also add another device
   
   

10. Select an Authentication method:
    
    
    

11. Once user enrollment is successful, you can use the AnyConnect VPN to connect to the VPN:

    1. Please refer to the instructions at How to Connect to a VPN with Single-Factor or Multi-Factor VPN Authentication.