Duo Two-Factor Authentication for RDCRN
- Michael Wagner
- Dakota Campbell (Unlicensed)
As part of ensuring the protection and security of all rare disease data in the RDCRN cloud, we are using Duo to enforce two-factor authentication of all users accessing RDCRN applications (e.g., box.com, REDCap, the imaging and genomics databases) that can potentially hold PHI or other sensitive information. Whether or not an RDCRN user will need to interact with Duo may depend on how (s)he authenticates to RDCRN. If a second factor is already part of the initial authentication (as is the case, e.g., for login.gov), then Duo will not be required for that user.
Detailed instructions for how to proceed can be found below and also on Duo’s Enrollment Guide page, which includes a very accessible (but non-RDCRN specific) step-by-step video. The RDCRN DMCC strongly recommends using cell phones and push notifications, but users are free to choose a second factor of their choice.
Please contact the DMCC if you have any questions!
How to set up Duo MFA
To proceed with setting up Duo and logging in, follow these steps:
Step 1 | Click “Get Started” |  |
Step 2 | Select the type of device you'd like to enroll and click Continue. We strongly recommend using the Duo Mobile app for the best experience. |  |
Step 3 | Select your country from the drop-down list and type your phone number. Use the number of the mobile phone that you'll have with you when you're logging in. Double-check that you entered it correctly, check the box, and click Continue. | |
Step 4 | Follow the platform-specific instructions on the screen to install Duo Mobile. After installing the app, return to the enrollment window and click Next. | |
Step 5 | Open the camera app on your mobile phone and point it at the barcode to scan. If you can’t scan the barcode, click Get an activation link instead and follow the instructions. |
|
Step 6 | Your Duo enrollment is complete! To login, use your mobile device to accept the Duo Push request. |
|
FAQs
Why am I being prompted to install Duo again - I already set everything up months ago!
Your RDCRN Duo account may have been deactivated if you did not use DMCC resources in more than three months. Please go through the setup steps again to reactivate your account.
What if I am already a Duo user - will this RDCRN setup in any way interfere?
No - your Duo application can handle multiple accounts - simply add RDCRN to your existing Duo app.
What if I lost my device and would like to add a new device to my RDCRN Duo account?
Please contact the DMCC if you need to add a new device to your RDCRN Duo account - you’ll need to send us your new phone number and the type of device (iPhone, Android) that you would like to use going forward.