Duo Two Factor Authentication

Gustavus requires Duo Two-Factor Authentication (TFA or 2FA) when accessing systems with sensitive information and when using remote access options such as Remote Desktop. Two-Factor Authenication is also known as Strong Authentication or Multi-Factor Authenticaion (MFA). DUO TFA is available to all employees and student employees.


Learn more about Duo Two-Factor Authentication

Duo Two Factor Quick Links

Why enroll in two-factor authentication?

Two-Factor Authentication adds an additional layer of security to your Gustavus account. In addition to your password, you will need a mobile device like your phone or a hardware token to verify your identity when logging into your account.

Using just a username and password are no longer considered a secure mechanism for authentication. A password can be stolen or guessed. 2FA protects against password theft or guessing by requiring access to a physical mobile phone or hardware token to successfully login.

A successful information security program is all about adding layers of protection and 2FA is one of those critical layers. Learn more about securing your login by visiting the following page. #LockDownURlogin

How does it work?

  1. Access a resource protected by 2FA such as the Gustavus website or GusMail.
  2. Enter your username and password as you normally would.
  3. Click DUO push to send a verification to your mobile device or it may be automatically pushed to your device. If you do not have a mobile device set up, you can receive a verification notification sent to your office phone, or hardware token (fob) where it will give a code to enter.
  4. Accept a prompt from your mobile device to approve the login. If you have a fob, press the button on the fob, and then type the code that appears on your fob into the web page.
  5. Login is now complete.


Two-Factor Authentication is required for access to some systems. Any employee may enable 2FA on their Gustavus account. You will need a mobile device and the password for your phone to install the DUO Mobile App.

Follow the steps below to begin the two-factor enrollment, or watch our Getting Started with Duo Two Factor at Gustavus Video.

  1. Visit the Gustavus DUO Management portal.
  2. Enter your username and password.
  3. Click Start Enrollment or proceed to the next step if GTS has enabled your account for two-factor.
  4. Click Start Setup.
  5. Select your device type. We recommend a mobile device such as a phone. If you would like to set up your office phone, choose Landline.
  6. Enter your phone number and select the platform of the device.
  7. Install the Duo Mobile App from the App or Play store on your mobile device.
  8. Activate the Duo Mobile App by opening it and scanning the QR code.
  9. We recommend adding a secondary device such as your office phone by selecting Add Another Device in case your primary device is unavailable.
  10. Click Continue to Login to try 2FA for the first time.
  11. Select Send Me a Push if you are using a mobile device. Select Call me if you are using your office phone. Enter code if you are using a hardware token (fob).
  12. Click Accept on your mobile device. If you are using your office phone, press any key on your key pad and hang up.
  13. Your login is complete.

Additional Information

  • An enrollment email will be sent to you from Duo as well to enable two-factor authentication.
  • A mobile device such as a smart phone is recommended for convenience and ease of use.
  • If you do not want to use your mobile device, a hardware token (fob) may be used. We recommend a mobile device because the hardware tokens are not as convenient as the mobile app. The hardware token (fob) cannot be set as the default device in Duo.
  • GTS recommends installing the Duo Mobile app made by Duo Security on your supported device and enabling Automatically send me a: Duo Push.

To learn more, please visit:


Everyday Use of Duo

Modifying Settings and Devices

There are two options for modifying your settings or to add an additional device:

  • Visit the Gustavus DUO Management portal.
  • Logout and back into the Gustavus website. Then click My settings & Devices

Automatic Settings

Duo can be configured to automatically send a Push or make a phone call to your default device.

  • Access your Duo settings (see above)
  • Under the list of current devices, you will see an option to select a Default Device:. If you have more than one device configured, select your default device.
  • From the When I log in: pop-down select either Automatically send this device a Duo Push or Automatically call this device.

Unprompted Notifications

If you receive Push notifications that you did not initiate, DO NOT approve them. If your account has been compromised, and someone has your password, they could initiate the Push, if you accept, you have granted them access to your account.

Remember Me

Duo Remember Me.jpg
You can set Duo to Remember me for 15 days. If you check the box (on the Choose an authentication method window), the authentication is remembered for 15 days on that browser from that machine only.

Supported Devices

  • iPhone and iPad
  • Android device
  • Blackberry
  • Windows Phone
  • Hardware Token

Video Tutorial

Watch our Getting Started with Duo Two Factor at Gustavus Video.


Do I need a smartphone to use Duo?

No, you can have Duo call your office phone, send texts to your cellphone, or you can use a hardware token (fob) that you can add your key ring which provides codes you can enter into the verification menu to access your account.

How can I use my FOB all the time?

The Default Device pop-down does not allow users to choose a FOB as their default device. However, at the Duo Choose an authentication method window, you can select Enter a Passcode. You can then enter a passcode from your FOB, the Duo app on your phone or pre-generated passcodes.

How does it work?

Once you are enrolled, every time you access a web page that uses the Gustavus Single Sign On page, use remote desktop or access Chase, you will be prompted with a Duo-Two Factor Authentication option, after you supply your credentials.

Duo Two Factor Image.jpg

If you choose Enter a Passcode, the code can be from the Duo application on your phone, a FOB or generated passcodes.

Do I need to use Duo Two Factor every time I log into my computer?

No, Duo Two Factor is only needed when you are logging into a resource below.

Which resources will use Duo Two Factor?

  • Gustavus Google Suite - Drive, Calendar, GusMail
  • Moodle
  • Remote Desktop
  • Chase
  • Gustavus User Settings
  • Gustavus Web Resources
  • Office 365
  • more will be coming soon...

Can I set Duo up to automatically send a Push to my phone?

Yes, you can. Those settings are in the Duo Two Factor settings. There are two options for modifying your settings:

Then click My settings & Devices.

You can then choose a Default Device (a hardware token or fob cannot be selected as the default device) and what method to use. Select either

  • Ask me to choose an authentication method
  • Automatically send this device a Duo Push
  • Automatically call this device

I lost my device

If you lost your phone and don't have a secondary device added to your account, please contact the Technology Helpline at (507-933-6111 or helpline@gustavus.edu) to get a new device added. You will need to speak with a full time staff member.

I forgot my device at home?

If you have your cell phone configured as your device, and it isn't available (left at home or dead batteries) you can contact the Technology Helpline (507-933-6111) to get your landline added, or get printed bypass codes. You will need to speak with a full time staff member.

Can I get one time use bypass codes?

Yes, it is possible to get one time use bypass codes. These are numeric codes you would print or write down and use one time for authentication. You can get a list of bypass codes by contacting the Technology Helpline (507-933-6111 or helpline@gustavus.edu, you will need to speak with a full time staff member). To use your codes, from the Choose an authentication method window, select Enter a Passcode, and input one of your codes.