...
- Identify the high-risk systems or high-risk roles within those systems for which multi-factor authentication should be enforced
- Priority given to roles with access to sensitive "restricted" data or system administrator type roles
- Identify the users in those high-risk roles
- If using KSAMS for role-based access management, we can produce a report of current role membership
- Provision users with Duo tokens
- OIT covers user license cost including software token, if user doesn't have smartphone or wants a hardware token for whatever reason then their department will be recharged the cost (at most $25/each, purchased in increments of 5, usually lasting for 5 years)
- Duo Security Multi-Factor Authentication - UCI User Guide
- Configure applications/systems to enforce Duo multi-factor authentication
- Programmer or system administrator responsibility, currently support native WebAuth (not Shibboleth yet), SSH, RDP, VPN/Radius, LDAP or ActiveDirectory proxy authentication.
- Protecting Your System Using Duo Multi-Factor Authentication
- Protecting Your Web Application Using WebAuth And Duo Multi-Factor Authentication
...