Two-Factor Authentication (2FA) Guide

For security, SF State protects sensitive data using two-factor authentication. SF State employees who access sensitive data to perform work will need to install Duo, the SF State application for two-factor authentication, and provide a second credential before access is granted.

Set Up the Duo Application

Duo setup will begin automatically the first time you log in to a protected resource. It is recommended that you set up your smartphone with the Duo Mobile application installed as the primary device with which you will authenticate. For redundancy and convenience, additional devices can be set up with the Duo Mobile application, such as a tablet or another smartphone.

  1. Begin login at
  2. When the Protect Your SF State Account message appears, select Start setup
    Protect Your SF State Account
  3. Select the type of device you will be using to complete your authentication; a mobile phone or tablet is preferred. Select Continue.
    What type of device are you adding?
  4. Follow the on-screen instructions to configure Duo. These will vary depending on the type of device you selected. You will be asked for your Device type (e.g., iOS, Android, Windows Mobile).
  5. If required, follow the on-screen instructions to install the Duo App on your mobile phone or tablet. When installed, click I have Duo Mobile installed, scan the barcode, and click Continue.
  6. On the My Settings & Devices screen, select Duo Push (cell and tablet only) and select Save
  7. Click Continue to Login

NOTE: To update your Duo settings after your initial setup, begin a Web login process again. After entering your password, you will see the Duo options screen.


  1. Using a web browser, go to
  2. Log in to the SF State Global Login page.
  3. Follow the instructions to authenticate.
  4. If successful, you will see a web page that says "You have successfully completed 2 Factor Authentication Login"

Log in using Duo

For applications requiring 2FA, the general procedure is as follows once you reach the SF State Global Login page:

  1. Log in to the SF State Global Login page using your SF State credentials:
  2. Use one of the following as your second password:
    • Duo Mobile Application Code: Enter the code from the Duo application on your mobile phone or tablet as a second password. The code below is only an example of what a code would look like - do not use it as your code.

Duo Phone Code Screenshot

  • Push Notifications to Duo App: Enter push as the second password to push a login request to the Duo app on your mobile phone or tablet. Review the request on the Duo application on your mobile phone or tablet, then tap to Respond, and then tap Approve to authenticate:



If you do not have a smartphone or tablet, you must request a hardware token here to use for authenticationYou will be notified when your hardware token is ready to be picked up at the ITS Service Desk.

  • Hardware Token Code: Press the button on your hardware token to get a code and enter that code as a second password



Report the loss or theft of a mobile phone or tablet with the Duo app installed, or the loss of a hardware token, here. Include the phone number of the missing device. Your Duo account will be reset by ITS before your replacement device can be activated. The new device will then need to be set up as if it was a first-time installation of Duo.





If you no longer need or are no longer using your hardware token, please return it to the ITS Service Desk in Admin 110.

Duo's Guide to Two-Factor Authentication

Check the Duo guide at for more detailed information.


Updating Your Duo Settings

To update your Duo settings, visit After entering your credentials in the SF State Global Login screen, you will see the Duo settings screen.

Unable to Log In

Please submit a service request at