RamID+ Two-Factor Authentication - FAQs

Purpose:

Effective May 29, 2020, the Office of Information Technology will enable the use of RamID+ by Duo Security as a two-factor authentication solution for WSSU faculty and staff.  Duo Security is a company that provides a cloud-based software service that utilizes two-factor authentication to safeguard secure access to services and data. Below you will find helpful how-to's, frequently asked questions, and tips related to RamID+ by Duo. If you have further questions, please contact the Technical Support Services (TSS) team at https://ramsupport.wssu.edu | 336-750-3431. 

 

Intended Audience:

Faculty and Staff

 

RamID+ Two-Factor Authentication - FAQs

 

WHAT IS TWO-FACTOR AUTHENTICATION?
Two-factor authentication, also referred to as multi-factor authentication, provides an additional layer of security when logging in to a website. Two-factor is becoming the standard in cyber security. Google, Apple, and other services all have their own two-factor authentication methods. In short, passwords are no longer sufficient in protecting our sensitive data, we’ve got to add another layer of security to our accounts.

WHY IS RamID+ Duo NECESSARY AND WHY IS IT REQUIRED TO ACCESS CERTAIN WSSU APPLICATIONS?
Sixty-five to ninety-five percent of all data breaches are related to compromised passwords. With RamID+, someone who has your RAM ID and password cannot log in to your WSSU accounts without your device or passcode. Any faculty or staff member with a RAM ID and password can sign up for RamID+. You just need a second factor device: mobile phones (smart or analog), tablets, or hardware tokens. RamID+ will be required to access Global Protect VPN, VDI, and all Office 365 applications.

WHAT CAN THE RamID+ DUO APP ACCESS?
The RamID+ Duo smartphone application serves only to provide two factor authentication. It does not access any personal information on your device, nor does it track your location. Learn more about Duo’s commitment to privacy on their website

HOW DOES RamID+ WORK?
Once enrolled to RamID+ with your two-factor device, you can use the RamID+ Duo Mobile App to send a "Push" to the registered device. This sends a push notification to the device for your review and acceptance whenever you attempt to login to Global Protect VPN, VDI, or protected O365 applications (e.g., Outlook, OneDrive, Teams, etc.).  RamID+ two-factor authentication is required every 24 hours if you are off-campus, and every 7 days if you are on-campus for protected applications.

WHAT DEVICES CAN I USE AND HOW DO I MANAGE THEM (I.E., ADD, REMOVE, REACTIVATE)?
Smartphones are great because you can generate a passcode without wifi or network service, or you can get a push and approve it with the touch of a button. And if there are further accessibility challenges, other devices work great too, such as hardware tokens. Helpful tip: Consider adding two or more devices so you'll have options if something goes wrong with your default device. T

To add, remove, reactivate, or change your default device, open a Chrome Internet browser and log in to the WSSU RamID+ self-management portal -- https://ramweb.wssu.edu/apps/duo/ with your username and password. Once on the webpage, you will two-factor authenticate, and the interface will appear allowing you to “+Add another device.”  If you only have one device, you must add another device first, then remove the old device. To reactivate RamID+ Duo on a new phone (same number) select "Device Options" and "Reactivate Duo Mobile." You can receive a phone call to complete the authentication process before you reactivate RamID+ Duo Mobile.  Note: This self-management portal link is only available if you are on-campus, or connected via Global Protect VPN or VDI.

CAN I ADD MORE THAN ONE MOBILE DEVICE?
Yes.  A self-management portal is available at https://ramweb.wssu.edu/apps/duo/.  Once on the webpage, you will two-factor authenticate, and the interface will appear allowing you to “+Add another device.” Note: This self-management portal link is only available if you are on-campus, or connected via Global Protect VPN or VDI.

CAN I USE MY OWN HARDWARE TOKENS WORK?
Yes. To add a U2F token, log in to the WSSU RamID+ self-management portal -- https://ramweb.wssu.edu/apps/duo/ and select "My Settings & Devices." Authenticate, then click "Add another device." Select "U2F token" and continue. Insert your RamID+ Duo token key into your computer USB port, and when it flashes, touch the token button. Keep in mind, RamID+ Duo token U2F keys only work with chrome browsers and require a USB port. To add a RamID+ Duo passcode token, contact the Technical Support Services (TSS) team at https://ramsupport.wssu.edu | 336-750-3431.

WHAT ARE PASSCODES?
Passcodes is another authentication method, where you use a six-digit authentication code generated by the Duo Mobile app to authenticate. Internet or cellular access is not required. To authenticate, launch the Duo Mobile app on your mobile device and then tap the WSSU logo in the mobile app to get the authentication code. This code must be used immediately. 

WHAT IF I FORGET MY PHONE?
If you do not have your device with you, you can obtain a temporary pass codes.  However, this accommodation is not preferred, or always readily available.  To obtain them, please contact the Technical Support Services (TSS) team at https://ramsupport.wssu.edu | 336-750-3431.  The passcode you will receive can only be used once, and will expire after 8 hours. *If you have lost your device, please report it to the Technical Support Services (TSS) team, or your supervisor.  We want to ensure someone else does not maliciously authenticate your account with your device.

WHO CAN USE RamID+?
RamID+ two-factor authentication is currently only required for faculty and staff.  However, plans for student two-factor authentication will be announced in the near future.  At this time, RamID+ is not available to WSSU retirees, past employees or alumni.

CAN I USE RamID+ WITHOUT USING WIFI OR CELLULAR DATA?
Yes. The passcode option on the RamID+ Duo app does not require wifi or cellular connectivity, it even works on airplane mode. To use this option, visit the RamID+ DUO app on your smartphone, and tap the key icon to obtain a passcode. Enter the passcode into the RamID+ DUO prompt when logging into Global Protect VPN, VDI, or protected O365 applications (e.g., Outlook, OneDrive, Teams, etc.). 

WHICH APPLICATIONS ARE USING RamID+?
The following applications use RamID+: Global Protect VPN, VDI, and protected O365 applications -- Outlook, One Drive, Teams.

ISSUES LOGGING IN TO GLOBAL PROTECT VPN?
I just attempted to login to Global Protect VPN but I did not receive an on-screen prompt to choose an authentication method? Whenever you attempt to login to Global Protect VPN, a notification will be waiting for your approval on your mobile app.  For example, whenever you login to Global Protect VPN, located your mobile device and wait for the app to alert me.  You will then open the Duo mobile app and select approve.  After a few seconds, the Global Protect VPN login will finish connecting.

CAN I LOGIN TO GLOBAL PROTECT VPN WITHOUT USING DUO PUSH?
I am attempting to login to Global Protect VPN and the Duo Push App is unavailable.  Is there alternative method to login with Duo two-factor authentication?  Yes.  Visit the Duo app on your smartphone, and tap the WSSU icon to obtain a passcode.  Add the passcode to the end of your password when logging into Global Protect VPN.  For example, if the Duo app passcode displays 502 384, the password entered when logging into Global Protect VPN would be 'password,502384'.

WHAT IF I GET A NOTIFICATION THAT SOMEONE IS TRYING TO ACCESS MY ACCOUNT, BUT I DIDN'T REQUEST IT?
Within the RamID+ Duo Mobile App, select the red X to deny access to your account, then promptly change your RAM ID password.  You can change your own password by visiting our RAM Access Management Portal (RAMP).

WHAT IF I AM TRAVELING ABROAD?
You have several choices when traveling abroad. Be sure to test them out before your travels so you can determine which solution is best for you. If you do have a smartphone/tablet, the RamID+ Duo Mobile App can provide a six-digit passcode even if your phone or tablet doesn’t have cellular, network or wifi service. Launch the RamID+ Duo Mobile App, and press the key icon to obtain a passcode. If you only have a basic cell phone, register your phone to receive SMS text notifications. If you do not have your two-factor authentication device with you, please contact the Technical Support Services (TSS) team at https://ramsupport.wssu.edu | 336-750-3431 to obtain temporary passcodes. These passcodes will have expiration, so be sure to use one of these passcodes to register a multi-factor device you can use abroad.

IS THE DUO SMARTPHONE APP AVAILABLE FOR iOS (iPhone/iPad) AND ANDROID DEVICES?
Yes. Visit the app store on your smartphone to download Duo Mobile. Note: Google Play Services are required to receive push notifications on Android. Users without Google Play Services installed will have to “fetch” by swiping down in the DUO Mobile app.

ARE THERE OTHER TECHNICAL REFERENCES TO EXPLAIN HOW RamID+ DUO WORKS?
Yes. Feel free to visit "Duo's Guide to Two-Factor Authentication."  

 

 

 

 

 

Was this helpful?
50% helpful - 2 reviews