Managing Duo Two-Factor Authentication for Departmental Accounts

A Departmental account is an account with a NetID that is not tied to an individual.  These kinds of accounts most often have a Dartmouth email address and mailbox associated with them and may be accessed by multiple people managing the account's communications. An example would be Information.Security@dartmouth.edu.

Starting May 13, 2019 access to any account via Office365 via bwa.dartmouth.edu will require authentication using Duo Two-Factor.  Many of you have already enrolled your own accounts in Duo and have set up a device or phone number as a second factor to access your account via Office365.  But what do you do about Departmental accounts you access or manage?

There are several options to manage a Departmental account once the two-factor requirement takes effect.  The ITC Service Desk can work with Departments to assist and determine the best way to manage their accounts, based on their specific use cases.  In the meantime, as a temporary measure to allow for additional time to determine these needs, any Departmental account that is not currently enrolled in Duo, will be TEMPORARILY exempted from the Duo requirement starting May 13th. 

Here are some of the options available to manage a Departmental account when the two-factor requirement is enabled:

  • Enroll the Departmental account in Duo and set a desk phone as the 2nd factor. 

Go to https://2faenroll.dartmouth.edu

Enter the netid and password for the Departmental account

If the account has never been enrolled in Duo, you will see a button available to "Start Setup".  Follow the instructions here to complete the process, using the desk phone number as the second-factor device.

If the account has been previously enrolled in Duo, choose "Add a Device".  You will need to have available one of the second-factor devices that was previously enrolled to continue.

  • Enroll the Departmental account in Duo and set a Token as the second-factor

The Service Desk can procure a Duo hardware token for you and add it to the Departmental account in Duo. The token will generate passcodes that can be entered for the second-factor at the sign in screen.

  • Request Delegate permissions to the Departmental account you manage from the Service Desk. 

If you are an owner or authorized user for a departmental account, you can be given "delegated" permissions to the account in Office365. This will allow you to sign in to BWA.dartmouth.edu using your Dartmouth credentials and with your Duo device, then choose the option to "Open another mailbox".  You will look up the departmental account and a new tab will open in the browser to that account, no additional authorization will be required.

 

Details

Article ID: 77236
Created
Thu 5/2/19 11:08 AM
Modified
Fri 8/30/19 2:12 PM