!

Secure Remote Access: How to Use Multifactor Authentication for Secure Remote Connections

Multifactor and Secure Remote (VPN) Access

If you use the University’s Secure Remote Access service, either through the recommended Pulse client or via the IPSec client, you will need to use multifactor authentication for your secure remote connections. This requirement affects all students, faculty, and staff who use the Secure Remote Access service.

Note that you must already have registered a device for multifactor authentication before you can complete the steps below.

Using Multifactor Authentication with the Pulse Client

1. Launch the Pulse client and open your preferred connection.

2. A new pre-sign in notification will display similar to the one shown below. This page explains your options for using multifactor authentication. Click Proceed to enter your username and password as you normally would and click Connect.

Pulse Pre Sign-In Screen

 

3. A new screen will display with a Secondary Password field for multifactor authentication.

Pulse Secondary Password

In the secondary password field, type either PUSH, a passcode you will generate, PHONE, or SMS. Here is how each option works:

  • A. Type Push and click Connect. Accept the Push notification on your smartphone or tablet. Note that you must have the Duo Mobile app installed on your smartphone or tablet (if you haven't already installed the app, you can download it from your device's app store).
  • B. Generate a passcode by tapping the key icon within the Duo Mobile app on your smartphone or tablet or by using your hardware token. Enter the passcode into the Secondary Password field and click Connect.

Duo Generate Key

  • C. Type phone in the Secondary Password field and click Connect. This will call the default phone number you registered for multifactor authentication. Answer the call and press 1.
  • D. Type sms in the Secondary Password field and click Connect. Your authentication attempt will fail, but you will receive a passcode on your registered device. Enter that passcode into the Secondary Password field on the Pulse screen with the "Credentials were invalid" message and click Connect again.

 

  • Note: You can also add a number to the end of these factor names if you have more than one device registered. For example, PUSH2 will send a login request to your second phone, PHONE3 will call your third phone, and so forth.

Pulse failure

4. Your connection will be established.

Using Multifactor Authentication with the IPSec Client

These instructions assume you are already using the IPSec client on your computer. If you need assistance installing or configuring the IPSec client, refer to our instructions for WindowsMac, or Linux before completing the steps below. 

Windows

1. Double click the Cisco IPSec Client  on your desktop, then select the VPN configuration from the Connection Entry list. The VPN connection entry list window will display.

2. Click the IPSec connection that you use under the Connection Entry column.

3. Click the Connect button.

4. Enter your University Computing Account username in the Username field.

5. In the password field, you have several options to authenticate with multifactor authentication: 

  • Type your password only. This will use the default multifactor authentication method you selected when registering your device. For example, if you chose to always receive a Push notification, then typing your password will automatically send a Duo Push notification to your registered device. Accept the Push notification to complete the authentication process. 
  • If you want to use the "Call Me" option for multifactor authentication, type your password followed by the word phone in this format: password,phone.  This will automatically call your registered device. Press 1 on your dialpad to authenticate.
  • If you want to authenticate with a passcode, generate a passcode within the Duo mobile app, then type your password followed by Duo passcode in this format: password,token. For example, if the passcode you generated was 123456, you would type password,123456 in the Password field.
  • If you want to be sent a passcode via text message (SMS), then type your password followed by sms in this format: password,sms. Your login attempt will fail and you will receive a six-digit passcode via text message. Retype your password followed by the passcode that you received in this format: password,123456. 

6. Click the OK button.

7. A VPN icon will display in your menu bar once the connection has been established.

8. Start the application that requires a secure connection, such as a database client or Web application.

Mac

1. Click the VPN icon in the menu bar. Select Connect PittNet VPNwhere PittNet VPN is the name of the IPSec connection that you use.

 

2. Enter your University Computing Account username. 

3. In the password field, you have several options to authenticate with multifactor authentication:

  • Type your password only. This will use the default multifactor authentication method you selected when registering your device. For example, if you chose to always receive a Push notification, then typing your password will automatically send a Duo Push notification to your registered device. Accept the Push notification to complete the authentication process. 
  • If you want to use the "Call Me" option for multifactor authentication, type your password followed by the word phone in this format: password,phone.  This will automatically call your registered device. Press 1 on your dialpad to authenticate.
  • If you want to authenticate with a passcode, generate a passcode within the Duo mobile app, then type your password followed by Duo passcode in this format: password,token. For example, if the passcode you generated was 123456, you would type password,123456 in the Password field.
  • If you want to be sent a passcode via text message (SMS), then type your password followed by sms in this format: password,sms. Your login attempt will fail and you will receive a six-digit passcode via text message. Retype your password followed by the passcode that you received in this format: password,123456.

4. Click the OK button.

 

5.  A VPN icon will display in your menu bar once the connection has been established.

6.  Start the application that requires a secure connection, such as a database client or Web application.

Linux

Configure the Virtual Private Network Connection

  1. Use Yum or Aptitude-get to install “vpnc” by typing: $ sudo apt-get install vpnc
  2. Edit the configuration file by typing: $ sudo nano /etc/vpnc/pittvpn.conf
  3. Enter the following configuration settings:
    IPSec gateway vpn.pitt.edu
    IPSec ID <your department’s group name>
    IPSec secret <your department’s pre-shared text key>
    Xauth username <your University Computing Account username>

Establish a Secure Connection

  1. Type the following command: $ sudo vpnc pittvpn

Enter Your Password with Duo Multifactor Authentication

You will be presented with a password prompt. You have several options to authenticate with multifactor authentication:

  • Type your password only. This will use the default multifactor authentication method you selected when registering your device. For example, if you chose to always receive a Push notification, then typing your password will automatically send a Duo Push notification to your registered device. Accept the Push notification to complete the authentication process. 
  • If you want to use the "Call Me" option for multifactor authentication, type your password followed by the word phone in this format: password,phone.  This will automatically call your registered device. Press 1 on your dialpad to authenticate.
  • If you want to authenticate with a passcode, generate a passcode within the Duo mobile app, then type your password followed by Duo passcode in this format: password,token. For example, if the passcode you generated was 123456, you would type password,123456 in the Password field.
  • If you want to be sent a passcode via text message (SMS), then type your password followed by sms in this format: password,sms. Your login attempt will fail and you will receive a six-digit passcode via text message. Retype your password followed by the passcode that you received in this format: password,123456.