Multi Factor Authentication (MFA) Frequently Asked Questions

From UCSC Genomics Institute Computing Infrastructure Information

Revision as of 22:25, 10 February 2025 by Weiler (talk | contribs)

Why Do We Need MFA To Login To The VPN?

We need to comply with NIST 800-171 Security Standards in order to store data downloaded from NIH, according to new regulations. NIST 800-171 controls require we enable MFA for VPN logins to harden our security posture. MFA is a good idea, security-wise, anyway though! Even though it can be somewhat annoying.

What Kind of MFA System Are We Using here at the GI?

We are using Duo Mobile as our MFA authentication mechanism. You probably are already using it to authenticate to CruzID related systems.

Do I need a CruzID before I can use Duo Mobile at the Genomics Institute?

Yes, you do. If you do not yet have a CruzID, please ask your sponsor or PI to get you a CruzID set up. You will need this active before you can authenticate to the Genomics Institute VPN.

Duo is Working To Login to the GI VPN, But It Is Calling My Phone Instead of Sending Me a Push! What Can I Do?

If you previously set up Duo to send you a text with a code, or to call you to authenticate, and you would prefer to just receive a Push Notification instead, you can do it by logging in here: 

https://cruzid.ucsc.edu/idmuser_login

Use your CruzID Gold username and password. You may get a call or text with MFA stuff in it as usual, but don't act on that yet. During the Duo notice that pops up in your web browser that says "Verify your identity..." there will be a small link below that which says Other Options. Click that, and from there you should be able to change the way in which authenticate MFA, enroll a new device (like a phone) by selecting Manage Devices, etc.

Retrieved from "http://giwiki.gi.ucsc.edu/index.php?title=Multi_Factor_Authentication_(MFA)_Frequently_Asked_Questions&oldid=609"