Multi-factor Authentication (MFA) for Staff and Faculty

What is multi-factor authentication, or two-factor authentication?

MFA is a login method that confirms a user's identity by prompting for two or more factors prior to a successful login.  Users verify that they both know their password (unique knowledge), and that they also possess a hardware token or device running the Duo app (unique possession).

Image of an MFA token displaying a 6 digit code

Learn more about Duo multi-factor authentication with this video.

Why are we implementing MFA?

MFA is a standard security practice across higher education that is highly effective at ensuring organizations stay safe and secure. Verifying your identity using a second factor prevents anyone but you from logging in, even if that other person knows your password. All students, faculty, and staff are required to use MFA when accessing their Seawolf account.

How do I get set up?

Contact the SSU IT Help Desk. Set up takes approximately 10 minutes. Have your smartphone or tablet with you if you wish to use the Duo App.

How does MFA work?

When you log in to the Sonoma State homepage, you will be taken to a second screen that will require you to either select "Send Me A Push," which will send a notification to your enrolled device for authorization within the Duo application, or enter a 6-digit number from your physical token or Duo app.  If you select the "Remember me for 12 hours" checkbox, you will not be prompted for MFA for 12 hours on that device and browser.

How do I update my MFA devices?

Simply log in to the MFA Self Service tool to add and remove your MFA devices. You will need MFA to log in to the tool, so be sure to keep at least one MFA device active until you can add a new one.

What if I get an unexpected push notification?

Do not approve the request. This is an indicator that someone has your password and is attempting to log into your account. They cannot gain access without either approval from the Duo app or the 6 digits generated by your app or physical token.  After you deny the request, flag the request as fraudulent, and change your Seawolf account password.

How do I get help with MFA?

Contact the IT Help Desk for all MFA-related questions.