Enrolling with Multi-Factor Authentication (MFA)
This article gives details on how INSZoom users can enroll with MFA.
Once MFA is successfully enabled, Users can start enrolling their device or security key upon the first login attempt to INSZoom. Adding a device or security key is a one-time activity. After enrollment, users can directly authenticate their accounts using MFA to enter INSZoom.
1. Access using devices such as an Android or Apple Mobile Phone-
Procedure to use an android phone, iPhone or any other similar handheld device is quite simple.
1.1 Install the Duo Mobile App from Google Play Store or Apple App Store depending on the operating system of the device.
1.2 Enter the phone number and country code of the device on which Duo Mobile Application has been installed.
1.3 Enter the text message sent as a verification code on the device to verify and add the device to Duo Security.
1.4 After the device has been added to Duo Security, users have two options to choose from to authenticate their INSZoom account using the enrolled device:
1.4.1 Duo Push- If users select Duo Push then they will get a login request sent right on their phone. This login request allows users to enter INSZoom.
- When the Duo Push notification shows up on a user’s device screen, then the user is supposed to tap where indicated on the device screen to view the available actions: ‘Approve’ or ‘Deny’.
- Tapping on the push request notification itself (instead of tapping the notification actions) takes users to the full Duo Push screen in Duo Mobile application.
- Users can simply tap ‘Approve’ to finish logging into the INSZoom application.
- If users get a login request that they weren't expecting, then they can tap ‘Deny’ on the device screen to reject the request.
- If users don't recognize the authentication attempt as their own, then tapping ‘It seemed fraudulent’ rejects the login attempt to INSZoom and notifies the Duo administrator about the suspicious request.
- If users just want to cancel a login request that they made, then they can tap ‘It was a mistake’ to deny the request without reporting it.
1.4.2 Passcodes- There can be a scenario where users don’t have an internet connection available on their mobile phone or there is no mobile network operator cell service available. In such a situation, users can use a Passcode instead of a Duo Push to use the same device for application authentication. This is because Passcodes work anywhere, even in places where there is no internet connection or mobile network operator cell service. A user could tap the down indicator on the Duo device screen to get a one-time passcode for login. They can enter the Passcode on the INSZoom login screen on their computer to log in.
2. Security Keys-
Security Keys offer secure login approvals resistant to phishing attacks combined with the same one-tap convenience provided by Duo Push. Security keys can be used by firms in scenarios where users generally don’t have access to their mobile devices when they log into their INSZoom accounts. A security key plugs into the USB port of the computer and when tapped or when the button located on the top of the key is pressed, it sends a signed response back to Duo to validate the login.
2.1 Procuring a Security key- Security keys from ‘Yubico’ or ‘Feitian’ are good options to purchase and use with Duo Security. Supported USB security keys such as WebAuthn/FIDO2 security keys can be bought from online marketplaces such as Yubico Store, Feitian Store, Amazon online, etc.
2.2 Enrolling a Security key- Users can enroll their security key during the self-enrollment process as an alternative to using a mobile phone.
a. Users can select Security Key as the preferred device to add for Multi-factor Authentication and then click Continue. Users shall make sure that they are not blocking pop-up windows for the enrollment site before continuing.
b. Users can insert Security Key in the Computer USB Port and tap on the key to enroll. The security key enrollment window automatically tries to locate the connected security key for approval. Depending on the security key model, users will need to tap, insert, or press a button on their device to proceed. When enrolling their security key, users may possibly be prompted to tap to enroll the security key more than once. Users may also be asked if they want to allow Duo to access information about their security key (Users should click Allow or Proceed as applicable).
c. Authenticating with a Security key- The next time users log in to INSZoom using Duo, they can simply tap or insert their security key to log in. Some types of keys also flash as a prompt for users to tap on the key and authenticate.
d. Upon successful second factor authentication, the user is redirected to the INSZoom homepage.