Description

This document describes how a user can enroll themselves in Duo to associate their CloudControl username with a token device - email address, phone number for text or call, or smartphone with the Duo app.

Multi-Factor VPN Authentication is available as an optional service for the majority of Organizations but is required for users in the Israel Geographic Region and a selection of Private Cloud Organizations in various Geographic Regions.

For more information about this feature please refer to Introduction to Single-Factor and Multi-Factor Client-to-Site VPN Authentication.

Preconditions:

  1. You must be enrolled with Duo in order to connect to a VPN if your Organization is configured to require Multi-Factor VPN Authentication at the Geographic Region where the VPN is located. 
    1. Please refer to How to Manage VPN Authentication for an Organization using the VPN Access setting
  2. For guidance on Cisco AnyConnect installation and how it is used to connect to CloudControl VPNs please see How to Establish a Secure VPN Connection to Access your Cloud Network and Servers

Content/Solution:

The following example shows a user who account is not currently enrolled with Duo beginning the process of accessing a Multi-Factor VPN Authentication enabled VPN endpoint (https://na1.cloud-vpn.net/mfa):

  1. Login to the VPN URL using any browser and enter your Cloud VPN login credentials and follow the steps on screen:


  2. Click Start setup:


  3. Select the type of device you are adding, then click Continue:


  4. Enter the phone number, then click Continue:


  5. Select the phone type, then click Continue:


  6. Install the Duo Mobile App on your device. If Duo is already installed, click I have Duo Mobile Installed:

    1. To install Duo Mobile on your device please reference their documentation at Duo Two Factor Authentication App - Duo Mobile

  7. Activate Duo by scanning the QR code, or select to have an activation link emailed to you instead:


  8. Once Duo has been activated, you'll see this prompt. Click Continue:


  9. Select what action you would like to take when logging in, then click Continue to Login:

    Note: You can also add another device

  10. Select an Authentication method:


  11. Once user enrollment is successful, you can use the AnyConnect VPN to connect to the VPN:

    1. Please refer to the instructions at How to Connect to a VPN with Single-Factor or Multi-Factor VPN Authentication.