Two-Factor Authentication (2FA) Guide

For security, SF State protects sensitive data using two-factor authentication. SF State employees who access sensitive data to perform work will need to install Duo, the SF State application for two-factor authentication, and provide a second credential before access is granted.

Beginning January 15, 2020 SF State staff will be required to use 2FA when accessing web applications and services via the SF State Global Login. Faculty accounts will be scheduled sometime later in 2020 in collaboration with our partners in Academic Affairs. Student accounts will be assessed after staff and faculty have been on-boarded.

Set Up the Duo Application

Duo setup will begin automatically the first time you log in to a protected resource. It is recommended that you set up your smartphone with the Duo Mobile application installed as the primary device with which you will authenticate. For redundancy and convenience, additional devices can be set up with the Duo Mobile application, such as a tablet or another smartphone.

  1. Begin login at
  2. When the Protect Your SF State Account message appears, select Start setup
    Protect Your SF State Account
  3. Select the type of device you will be using to complete your authentication; a mobile phone or tablet is preferred. Select Continue.
    What type of device are you adding?
  4. Follow the on-screen instructions to configure Duo. These will vary depending on the type of device you selected. You will be asked for your Device type (e.g., iOS, Android, Windows Mobile).
  5. If required, follow the on-screen instructions to install the Duo App on your mobile phone or tablet. When installed, select I have Duo Mobile installed, scan the barcode, and select Continue.
  6. On the My Settings & Devices screen, select Duo Push (cell and tablet only) and select Save
  7. Select Continue to Login

NOTE: To update your Duo settings after your initial setup, begin a Web login process again. After entering your password, you will see the Duo options screen.


Test Your Login with Two-Factor Authentication

  1. Using a web browser, go to
  2. Log in to the SF State Global Login page.
  3. Follow the instructions to authenticate.
  4. If successful, you will see a web page indicating Authentication with Duo is completed.


Log in using Duo

For applications requiring 2FA, the general procedure is as follows once you reach the SF State Global Login page:

  1. Log in to the SF State Global Login page using your SF State credentials:
  2. Use one of the following as your second password:
    • Duo Mobile Application Code: Enter the code from the Duo application on your mobile phone or tablet as a second password. The code below is only an example of what a code would look like - do not use it as your code.

Duo Phone Code Screenshot

  • Push Notifications to Duo App: Enter push as the second password to push a login request to the Duo app on your mobile phone or tablet. Review the request on the Duo application on your mobile phone or tablet, then tap to Respond, and then tap Approve to authenticate:



If you do not have a smartphone or tablet, you must request a hardware token to use for authenticationYou will be notified when your hardware token is ready to be picked up at the ITS Service Desk.

  • Hardware Token Code: Press the button on your hardware token to get a code and enter that code as a second password

Hardware token

                                                                 2 ½" x 1 1/16" x 5/16"



Report the loss or theft of a mobile phone or tablet with the Duo app installed, or the loss of a hardware token. Include the phone number of the missing device. Your Duo account will be reset by ITS before your replacement device can be activated. The new device will then need to be set up as if it was a first-time installation of Duo. IMPORTANT: The first hardware token and replacement of defective ones are provided free of charge. However, lost/stolen tokens needing replacement will require an MPP's approval for billing of a $20 administrative fee to your department. The administrative fee may be waived for a stolen token if the request for a replacement is accompanied by a copy of a valid police report.







If you no longer need or are no longer using your hardware token, please return it to the ITS Service Desk in Admin 110.


Duo's Guide to Two-Factor Authentication

Check the Duo guide at for more detailed information.


Get Help

Still have questions? Take a look at our FAQ page or contact the Service Desk using the contact information listed below.

Phone: 415-338-1420