Two-Factor Authentication (2FA)

Starting May 15, 2019, all connections to the WMU VPN require two-factor authentication (2FA). "Duo Push" is the recommended authentication method. For instruction on setting up VPN, please see here.

In order to provide added security Western Michigan University offers two-factor authentication (2FA). 2FA provides an extra layer of security by requiring something you know (your password) along with something that you have (your mobile device) to access an online application or service.  2FA is currently offered as an option on WMU's VPN.

2FA Mobile App Setup

Note: We recommend that 2FA setup first be done on a computer.

You will be prompted to setup 2FA the first time you log into an application or service that has been enabled for 2FA. Since all users have access to 2FA on the VPN, we recommend initial setup be done there.

  1. Login to internal.vpn.wmich.edu/ (internal/on-campus) or vpn.wmich.edu/ (remote/off-campus) and you will be prompted to enroll a device for two-factor authentication.
  2. Click Start setup to begin enrolling your device.
  3. Choose Mobile Phone when asked which type of device you are adding. Click Continue.
  4. Select your country from the drop-down list and type your phone number. Use the number of your smartphone that you would like to use for two-factor authentication. If you're enrolling a tablet you aren't prompted to enter a phone number. Click Continue
  5. Choose your device's operating system and click Continue.
  6. Duo Two-Factor AuthenticationInstall Duo Mobile by Duo Security. Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily.

    iOS
    Android
  7. Click I have Duo Mobile Installed.
  8. Activate Duo Mobile. On iPhone, Android, and Windows Phone activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. The Continue button is clickable after you scan the barcode successfully.
  9. Configure Device Options (optional):  If this is the device you'll use most often with two-factor authentication then we recommend you enable automatic push requests by clicking the When I log in: drop -down and changing the setting to Automatically send this device a Duo Push and click Save.
  10. Click Continue to login and proceed to the Duo Prompt. Your device is ready to approve two-factor authentication requests. Click Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone.

alternate 2fa methods

Utilizing the Duo Mobile app is the preferred method for two-factor authentication access to applicable WMU services. However, for employees with no access to a smartphone, tablet, or any other compatible device, alternative methods for 2FA are available.

2FA Key Fob (hardware token)

A 2FA key fob is a hardware token that can be used to authenticate to 2FA-enabled services.  Key fobs must be set up by security administrators. If your key fob has not been setup, please contact the OIT Help Desk. The Duo guide for using a 2FA key fob (hardware token) can be found here.

Request Key Fob