MFA-Duo – HR Guidance

This post addresses some of the questions and concerns our supported customer units are raising regarding the impact of MFA-Duo on their hiring practice and onboarding procedures. It is generally intended for those who are involved in this process, but may be good general knowledge for all staff.

As a part of the Implementation Partner program, it has been suggested by DoIT that we provide the following template text for our customer units to use during new employee onboarding:

Letters of Offer Language

NetID Activation email:

In order for you to have access to University email, calendaring and a number of other systems when you arrive, you will need to set up your UW–Madison NetID. Please do this as soon as possible. To do this, log into NetID Activation. It will ask for your Activation Key (xxxx-xxxx-xxxx-xxxx) and your date of birth. Then follow the rest of the activation steps.

You will then need to set up your multi-factor authentication account with Duo. Duo is UW–Madison’s multi-factor authentication service, which adds a second step to your NetID login to verify your identity and prevents others from accessing your account. Visit our help document to get started. You can register with a smartphone, tablet or token. If you experience access or usability barriers, see the MFA-Duo – Accessibility Information KB for information. Once you register your smartphone, tablet and/or token, you will be enrolled in using Multi-Factor Authentication (Duo) starting on your first day of employment.

After you set up your NetID and multi-factor authentication, set up your preferred primary email address. (…)

Sourcing Fobs for New Hires
For those new hires who have identified that they would like or require a fob/token, your unit might wish to consider obtaining a batch of them to have on hand. Although available individually, they come in boxes of 10. Cost of the Duo-branded fobs was $20 and may no longer be available, the OTP fobs are $5.00 and are of equivalent quality. The cost of fobs for new hires falls to the gaining unit, and might best be considered an office supplies expense budget item.

When an Employee Leaves
Let them keep their fob/token. If exhausting any stored-up vacation time, or for other reasons where the University Appointment ends at some date after the employee’s last day in the office, they will need their fob to access NetID services like their MyUW page. As the fobs age, additional concerns about remaining battery life come into play, so for the time being, the guidance from DoIT on returning fobs is that it is not necessary.

To address some the accessibility concerns about using MFA, DoIT is now providing a USB key from Feitian. Additional information can be found on the MFA-Due – Accessibility & Usability Information page.

Leave a Reply

Your email address will not be published. Required fields are marked *