The University of Cologne is introducing multi-factor authentication (MFA) to decisively counteract the risk of cyber attacks and to intensify the protection of data and devices.
This involves one or more independent factors that must be used in addition to the user name and password in order to increase protection against unauthorized access to services, software and data.
What is Cisco Duo?
Multi-factor authentication (MFA) is implemented with Cisco Duo.
Cisco Duo is a system that includes several authentication options as a so-called second factor that can be used flexibly.
What authentication options does Cisco Duo offer?
Cisco Duo offers various options for using a second factor:
"Duo Mobile" app
FIDO2 key: In certain web-based logins, a FIDO2 key (e.g. YubiKey, Titan Security Key or similar) can also be used as a second factor. As this procedure is only available in web-based logins, a FIDO2 key can only be added later via the device administration. Please note that we cannot support the addition and use of a FIDO2 key due to the different keys available! Basic instructions for adding a FIDO2 key (link to come) are available here.
If you do not want to or cannot use an app or FIDO2 key, please contact the RRZK helpdesk.
Can I also use another authentication app (e.g. Google Authenticator)?
No, Cisco Duo does not support the use of other authentication apps. The Duo Mobile app and Duo's service are designed to work together. Duo Mobile can replace other passcode-generating apps for third-party accounts, but other apps cannot replace Duo Mobile.
Which services are secured with Cisco Duo?
The following services can currently be additionally secured with Cisco Duo:
Currently, only certain groups of people at the UoC can or must use Cisco Duo. You will be informed in good time when you can or must use Cisco Duo. You can determine whether you belong to one of these groups by whether a Cisco Duo query appears when you log in to the VPN service.
Please note! If your group is activated for optional use of Cisco Duo, the following applies: As soon as you have registered with Cisco Duo, the use of all connected services (e.g. VPN) is only possible with Cisco Duo. It is not possible to return to use without Cisco Duo.
Second factor
What is my second factor?
The “Second factor” refers to all authentication options (devices) that you have stored in Cisco Duo. You can view these in the self-service portal and add or remove new ones.
How do I add a second factor?
We have described how to add another device as a second factor in these instructions:
I cannot open the device management, but see the login page.
After you have logged in to the Slef Service Portal with your user name and password, please do not authenticate yourself via a second factor at first, but select "Manage devices" and only authenticate yourself in the next step. You can find step-by-step instructions here:
Your telephone number is not required and therefore does not need to be entered. Select "I have a tablet" instead. You can find illustrated instructions here:
If you activate this option, you do not have to use a second factor for 9 hours when you log on again to a service secured by Cisco Duo. It is sufficient to log in to Shibboleth using a user name and password.
Please note: This only applies to the computer (browser) on which you have authenticated yourself using the second factor.
What types of authentication are available in Duo Mobile?
There are two different types of authentication depending on the intended use:
“Duo Push": The Duo Mobile app displays a push notification on the mobile device set up, which you use to confirm your identity by clicking on ‘Approve’.
“Duo Mobile Passcode": Cisco Duo shows you a temporary passcode, which you enter in the app
Screenshot: Remember me
Contact
If you have any questions or problems, please contact the RRZK-Helpdesk