DUO Universal Prompt

What is changing?

Students, Faculty, and Staff will be required to utilize Microsoft Authenticator when accessing CSULA Single Sign-On starting May 29th, 2025. Visit our site for instructions on how to download and use Microsoft Authenticator.

 

The updated authentication prompt is designed to provide a streamlined authentication experience that feels simple and fast. Here are the four major changes you can expect to see in the Duo Universal Prompt:

  1. Last-used authentication method: The Duo Universal Prompt remembers your last-used authentication method (e.g. Duo Push, Passcode, etc.) and displays that option by default. You will not see other available login methods until you click “Other options.”
  2. Automatic Duo Push: Once you land on the Universal Prompt, it will automatically send a Duo Push to your device without needing to click a button (if you use Duo Push).
  3. Updated visual appearance: The Universal Prompt has been visually redesigned with a simplified user interface.
  4. Support for more languages: The Universal Prompt supports English, Spanish, French, German, and Japanese. The prompt interface will use your browser or operating system’s language settings to determine your preferred language.

DUO Authentication Options

Duo login options in the Universal Prompt depends on your browser or browser version, or on the policies applied by your University's Duo administrator.

Pushes a login request to your iOS or Android phone or tablet if you have Duo Mobile installed and activated. Review the request on your phone or tablet and tap Approve to log in to the application.

Duo Push in Universal Prompt

Log in using a passcode generated by the Duo Mobile app installed and activated on your Android or iOS device. Open Duo Mobile and locate your organization's account in the accounts list, and tap it to generate a six-digit passcode. Enter that passcode into the space provided and click or tap Verify to log in to the application.

Duo Mobile Passcode in Universal Prompt

Log in using a passcode received from Duo in a text message. When you land on the text message page, it will show that a text message was just sent to you with a passcode. When you receive the message, enter that passcode into the space provided and click or tap Verify to log in to the application. When authenticating from a mobile device in the United States and Canada your browser may automatically enter the passcode for you.

If you did not receive the text message from Duo, use the Send a new passcode link to try sending it again.

Passcodes received in a text message expire when used.

Text Message Passcode in Universal Prompt

Authenticate via phone call. Answer the phone call from Duo and follow the voice instructions to log in to the application.

Phone Call in Universal Prompt

Log in using a passcode generated by a hardware token provided to you by your organization. Enter that passcode into the space provided and click or tap Verify to log in to the application.

Hardware Token Passcode in Universal Prompt

Log in using a code provided by your University's Duo administrator or help desk. Enter that code into the space provided and click or tap Verify to log in to the application.

Bypass Code in Universal Prompt

First time enrollment in Duo

Logging into a Duo-protected application enabled for self-enrollment takes you to the device management page to enroll. Click Next to learn why protecting your identity with two-step verification is important and begin the setup process.

Begin Universal Enrollment

Choose the device type in the list that matches your desired authentication experience: 

  • Touch ID: Use the fingerprint sensor on Apple MacBooks, Magic Keyboards, or iPhone. 

  • Face ID: Use the face scanning feature on iPhone. 

  • Windows Hello: Use your Windows Hello PIN, scan your fingerprint, or use facial recognition on Windows devices. 

  • Device verification: Use Android Biometrics on Android devices. 

  • Duo Mobile: Approve Duo Push verification requests on iOS or Android devices, or generate a one-time passcode from the Duo Mobile app. 

  • Security key: Tap a WebAuthn/FIDO2 security key. Requires Chrome, Safari, Firefox, or Edge. 

  • Phone number: Receive a one-time passcode in an SMS message or approve a login attempt with a phone call from Duo. 

The current version of Duo Mobile supports iOS 13.0 or greater and Android 8 or greater.

  1. Select your country from the drop-down list and type your mobile phone number, and then click Add phone number.
    Enter Phone Number for Duo Mobile
    If you're going to use Duo Mobile on a tablet (like an iPad) with no phone service, don't enter a phone number and click I have a tablet instead.
  2. If you entered a phone number, double-check that you entered it correctly and click Yes, it's correct to continue (or No, I need to change it to go back and enter the number again).
    Confirm Phone Number for Duo Mobile
    If the phone number you entered already exists in Duo as the authentication device for another user then you'll need to enter a code sent to that number by phone call or text message to confirm that you own it. Choose how you want to receive the code and enter it to complete verification and continue.
    Verify Ownership of Shared Phone
  3. Download and install Duo Mobile on your phone or tablet from the Google Play Store or Apple App Store. Once you have Duo Mobile installed click Next.
    Install Duo Mobile
  4. Open the Duo Mobile app on your phone or tablet and add this account by scanning the QR code shown on-screen.
    Scan QR Code in Duo Mobile
    If you aren't able to scan the QR code, tap Get an activation link instead and then enter your email address to send the activation link to yourself. Follow the instructions in the email to activate the new account in Duo Mobile.
  5. When you receive confirmation that Duo Mobile was added click Continue.
    Duo Mobile Added Success

You can now log in to Duo-protected applications with Duo Push or with a Duo Mobile passcode.

It's a good idea to add a second verification method that you can use as a backup if the first method you added isn't available to you at some point, like if you lose or forget your phone and need to log in with Duo, or if you want to access an application from a different MacBook than the one you used to set up Touch ID in Duo. 

When you click Continue after registering your first verification method, Duo prompts you to add another one. 

Add Another Duo Verification Method

Choose any of the available methods and proceed through the steps for adding it. If you don't want to add another method at this time, click Skip for now. 

After you add a second login verification method, or if you chose to skip it, you'll arrive at the end of the Duo setup process. Click Log in with Duo to log in to the application using the Duo method you just added. 

Universal Prompt Device Setup Complete

If you are trying to activate DUO on a new phone after transferring your data, the mobile app will show Account disabled for the Cal State La account. You will need to re-enable your account and this is best done on a computer. When the DUO is prompt, wait for the DUO push to timeout. 

Click I got a new phone.

After confirming the code, you're DUO app will now be re-enabled.

 

FAQs