For security, SF State protects sensitive data using two-factor authentication. SF State employees who access sensitive data to perform work will need to install Duo, the campus-selected application for two-factor authentication, and provide a second credential before access is granted.
Duo setup will begin automatically the first time you log in to a protected resource. It is recommended that you setup at least 2 authentication methods to ensure your ability to log in.
- Begin login to a protected SF State resource (e.g., https://vpn.sfsu.edu)
- When the Protect your SF State Account message appears, click Start setup
Select the type of device you will be using to complete your authentication, a cell phone or tablet is preferred but a phone can be used
- Click Continue
Follow the on-screen instructions to configure Duo. These will vary depending on the type of device you selected. You can expect to be asked for:
- Phone number
- Device type (e.g., iPhone, Android, Windows Mobile)
- If required, follow the on-screen instructions to install the Duo App on your cell phone or tablet. When installed, click I have Duo Mobile installed, scan the barcode, and click Continue
On the My Settings & Devices screen, select Duo Push (cell and tablet only) and select Save
- Click Continue to Login
NOTE: To update your Duo settings after your initial setup, begin a Web login process again. After entering your password, you will see the Duo options screen.
The steps for logging in with Duo will vary depending on the choices you have made during setup. The general procedure is as follows:
Using your VPN client, begin login to a protected SF State resource
- Use your SF State ID as your username
- Use your SF State Password as your password
Use one of the following as your second password:
Code: Enter the code from the Duo application on your phone or tablet as a second password
- Push Notifications: Enter push as the second password to push a login request to your phone or tablet. Review the request on the Duo application on your cell phone or tablet, then tap Approve to authenticate
- Phone Call: Enter phone as the second password to authenticate via phone callback
- Text Message: Enter sms as the second password to receive a code via text. You will need to log in again using the code you received via text as the second password to authenticate
Adding a number to the end of the above-mentioned second passwords will trigger the action to the other devices registered in your Duo settings. For example:
- push2 pushes a login request to your second phone or tablet
- phone2 sends a login request to your second phone
- sms3 sends a passcode via text to your third phone
- Code: Enter the code from the Duo application on your phone or tablet as a second password
- Complete your login
Incorrect Phone Number
It is recommended that you setup two login methods so that the second method can be used to update your account if necessary. To update your Duo settings, begin a Web login process again. After entering your password, you will see the Duo options screen. If you have only one method for login and are unable to use it, please submit a service request.
Unable to Login
The most common cause of VPN Login issues is the selection of an incorrect security group. If you are unsure of your group, please submit a service request asking for security group verification.
Please report the loss or theft of a phone with the Duo app to firstname.lastname@example.org. Include the phone number of the device.