A. Enrolling mobile devices 

Follow the steps outlined below to enroll and authenticate using a Mobile Device and Duo Mobile Application.

A.1 Enter the phone number and country code of the device that will be used to log in with the Duo Mobile Application.

A.2 Confirm the phone number. Phone numbers can be changed if needed.

A.3 Download and Install the Duo Mobile App from Google Play Store or Apple App Store depending on the device's operating system.

A.4 Scan the QR code shown on the INSZoom MFA prompt using the Duo Mobile Application by selecting the ‘Use QR Code’ option and adding the device to Duo Security.

For some reason, if the QR code scan doesn’t work, click the ‘Get an activation link instead’ and enter an email address to receive the activation link. After clicking on the link in the email, follow the instructions to activate the new account in Duo Mobile.

A.5 To ensure that a user doesn’t get locked out, an additional verification method can be set up as a backup if the primary verification method isn't available. This is an optional step and can be skipped or set up later.

A.6 After the device is added to Duo Security, users can log into INSZoom MFA with a Duo Push or a Duo Mobile passcode.

B. Authenticating using mobile devices

When a user logs into INSZoom for the first time after enrolling in MFA using the new Duo Universal Prompt, Duo will choose the most secure authentication method from any devices the user has set up earlier. The user may either proceed with that method or choose a different method through the 'Other Options' link.

After the first authentication with the new prompt, by default, the most recently used method will be prompted. Users can click the ‘Other Options’ link and choose a different method.

Users may have three options to choose from to authenticate their INSZoom account using the enrolled device.

B.1 Duo Push - Duo pushes a login request to the user’s iOS or Android phone or tablet if Duo Mobile App is installed and activated. Reviewing the request on a phone or tablet allows users to log in to INSZoom.

• When the Duo Push notification is displayed on the device, the user can either Approve or Deny the login request.

• Users can tap ‘Approve’ to log into the INSZoom application.

• If a user gets a login request that they weren't expecting, then they can tap ‘Deny’ on the device screen to reject the request.

B.2 Passcode - If users don't have access to the internet or mobile service at the time of authentication, they can opt for using a passcode generated by the Duo Mobile app installed and activated on their Android or iOS device.

Users can generate a six-digit passcode by opening the Duo Mobile App to locate the INSZoom account in the accounts list and tap it for a one-time passcode. Enter that passcode into the INSZoom MFA Duo Prompt and click on ‘Verify’ to log in to the application.

B.3 Bypass Code - INSZoom doesn't support this option considering the turnaround time involved. Instead, INSZoom recommends users reach out to their firm admin to reset their MFA enrollment if previously enrolled devices aren't available.

B.4 Manage Devices - Users can use this feature for self-service device management. To access the ‘Manage Devices’ feature, users must first verify their identity with already added authentication methods. 

After successful authentication, users can view all their registered devices in the device management portal. Users have the ability to add new devices and authentication methods, as well as delete or update devices in the event of loss or replacement.

A. Enrolling Touch ID on a Mac

In order to use Touch ID on macOS for MFA, users need to make sure they have the following:

• A Mac computer with a Touch ID button.

• A fingerprint enrolled in Touch ID (learn how to set up Touch ID on Mac at the Apple Support site).

• A recent version of Google Chrome or Safari. Other browsers on macOS are not supported.

• iCloud Keychain sync enabled on all the Apple devices you will use with Duo and the passkey you will create during setup.

A.1 Once the authentication based on INSZoom login credentials is successful, click the ‘Touch ID’ option to begin enrollment.

A.2 Read the Touch ID instructions and click ‘Continue’.

A.3 The browser prompts to verify identity when adding Touch ID (Chrome example shown).

Users may be prompted to enter system password instead of tapping Touch ID if the user hasn't added fingerprint to Touch ID on their Mac yet, or if the user has their laptop closed so the user can't access the Touch ID button. Users can also choose to enter your system password.

A.4 Place finger on the Touch ID button in the Touch Bar to complete Touch ID enrollment.

A.5 Click ‘Continue’ when confirmation is received that Touch ID is added as a verification method.

A.6 After the touch ID is added, users can log into INSZoom MFA with a single gesture, scanning their fingerprints.

B. Authenticating using Touch ID on a Mac

Users can touch the Mac's Touch ID sensor when prompted to log in to INSZoom. If users aren't able to access the Touch ID sensor (such as when users close and dock laptops), then users can choose to type in their Mac login password to verify.

If users need to cancel Touch ID authentication in progress, users can click or tap the cancel option shown by the browser, outside of the Universal Prompt.

C. Enrolling Windows Hello on a Windows Computer

In order to use Windows Hello for MFA, users need to make sure they have the following: 

• A device running Windows 10 or later.

• Windows Hello is set up on the device for signing in with a PIN, fingerprint, or facial recognition. Learn how to set up Windows Hello at the Microsoft support site. Note that the sign in options are managed by your firm’s IT Admin. 

• A supported browser: Chrome or Edge

C.1 Once the authentication based on INSZoom login credentials is successful, click the ‘Windows Hello’ option to begin enrollment.

C.2 Read the Windows Hello instructions and click ‘Continue’.

C.3 Follow the Windows Hello instructions to verify identity by entering your PIN or scanning fingerprint.

C.4 Click ‘Continue’ when confirmation is received that Windows Hello is added as a verification method.

C.5 After the Windows Hello is added, users can log into INSZoom MFA.

D. Authenticating using Windows Hello

After Windows Hello is successfully enrolled, users can follow their device's prompt to enter Windows Hello PIN, scan fingerprint, or use facial recognition. Note that Chrome Incognito and Edge in private browsing won't work with Windows Hello.

 

Note: When users set up Touch ID or Windows Hello for MFA, it's effective only for the specific device where it's configured. If a user uses multiple devices, the user will need to set up Touch ID/ Windows Hello on each device separately.

It is recommended that users enrolling for Touch ID/ Windows Hello authentication would also set up a second authentication method that can be used as a backup if the primary authentication method added isn't available or if the user wants to access INSZoom application from a different computer than the one used to set up Touch ID/ Windows Hello for MFA.

A. Procuring a supported security key

WebAuthn/FIDO2 security keys from Yubico or Feitian are good options. U2F-only security keys (like the Yubikey NEO-n) can't be used with the Universal Prompt.

B. Enrolling a security key 

Users can enroll their security key during the self-enrollment process as an alternative to using a mobile device for authentication.

a. Users can select Security Key as the preferred device to add for Multi-factor Authentication and then click Continue. Users should ensure they are using a supported browser: Chrome, Safari, or Edge and are not blocking pop-up windows for the enrollment site before continuing.

 

b. Users can insert a Security Key in the Computer USB Port and tap on the key to enroll. The security key enrollment window automatically tries to locate the connected security key for approval. Depending on the security key model, users will need to tap, insert, or press a button on their device to proceed. When enrolling their security key, users may be prompted to tap to enroll the security key more than once. Users may also be asked if they want to allow Duo to access information about their security key (Users should click Allow or Proceed as applicable). Users will receive a confirmation that the security key was added as a verification method. For subsequent login to INSZoom MFA, users can use their Security key for authentication

C. Authenticating with a security key 

To use a Security key for authentication in the INSZoom MFA, users should insert the security key if not already plugged in, and then tap or press on the security key when prompted to log in to the application. Some types of keys flash as a prompt for the user to authenticate. Some browsers may also pop up a prompt instructing to tap the security key.

Users may need to interact with the prompt to use a security key from the Safari browser on macOS or any browser on iOS. Click or tap the Use security key button and then tap or press the security key.

If a user needs to cancel a security key authentication in progress, they may click or tap the cancel option shown by the browser, outside of the Duo Universal Prompt.

Upon successful MFA authentication, the user will be redirected to the INSZoom homepage.

 

Note: Once the authentication based on INSZoom login credentials is successful, the user’s browser redirects to a page hosted by Duo to verify the login attempt for MFA and then redirects back to the INSZoom application. If you are ever prompted to authenticate by a website not located on the duosecurity.com/ or global.inszoom.com/ or global.inszoom.ca/ domains, or if you receive any prompt or notification you did not initiate yourself, contact your IT Admin.

If you need more help, please contact INSZoom support if you are an INSZoom Case Manager user. For all other users, please contact your IT/ Firm administrator for assistance.

Click here to learn more about how to Subscribe and Configure MFA for your organization if you are a firm admin.