Multifactor Authentication

Town of West Hartford/WHPS: Overview, Instructions & FAQs

Overview

Multifactor authentication (MFA) is a security technology that requires two or more methods of authentication to verify a user’s identity; this helps keep your account(s) more secure. As of August 1, 2021, the Town of West Hartford implemented MFA for Virtual Private Networking (VPN) as part of the new requirements from our Cyber-liability Insurance carrier. You will be prompted to register with Cisco Duo and begin using multifactor authentication when accessing these the Town’s network.

Instructions for using a Mobile Phone as the secondary authenticator (Recommended Method):

1). After going to https://Remote.WestHartfordCT.gov to download the VPN client (see previous instructions here), you will be redirected to an initial setup screen as pictured below to begin the DUO setup:

Big picture
2). On the next screen, you will be prompted to select the device you wish to use as the secondary authentication method. Mobile phone is recommended.
Big picture
3). After clicking continue with the Mobile phone option, you will be prompted to register your mobile phone number. Enter your mobile phone number and then click the checkbox to confirm accuracy. Select Continue to proceed.
Big picture
4). If iPhone, Android, or Windows Phone is selected, instructions for downloading the Cisco Duo App from your App store will be presented. There is no charge for this App.
Big picture
Big picture
Big picture
5). Once you have successfully installed the Cisco Duo app, you will be directed to press the “+” sign in the upper right of the app, and scan a barcode (QR code) to register the device:
Big picture
6). If “Other (and cell phones)” is selected, the device is registered immediately, and will only have Text and Call Me as verification options with no app installation required:
Big picture
7). Once your mobile phone is successfully registered, you will be prompted for your preferred multifactor authentication method in the future. You may select “Automatically send this device to Duo Push (the app you just installed), or “Ask me to choose an authentication method”.
Big picture
8). Going forward you will see this screen when logging in to OWA or VPN, unless you selected to “Automatically send this device to Duo Push” in the instruction above.


You have the option of selecting “Remember me for 365 days”, this should only be used on trusted devices, like your personal computer at home, or a work issued laptop. Note that the ‘Remember me’ option is specific to the specific device you are using. Never select the Remember me option on a publicly shared computer.

Big picture
Here is an example image of what the Cisco Duo Push app notification will look like when prompting you to confirm the login attempt:
Big picture
If the user chooses to use a code, they can either use a code from the Duo app on their phone, or if they click on the “text me new codes” button, they will get a text with a code to be used:
Big picture

General Steps Recap:

Only steps 1 and 6 are required after initial enrollment.

  1. User tries to connect to VPN client by going to https://Remote.WestHartfordCT.gov and begin download to install

  2. The initial Duo onboarding screen appears, and the user must click through it to continue;

  3. User chooses what device to use for MFA (Mobile Phone is recommended);

  4. User verifies ownership of the device;

  5. User is presented with a summary of the results of steps 3 and 4 above, and can choose a default login method (e.g. code or push) and whether to be prompted every time;

  6. User is prompted to execute MFA;

  7. User gets to VPN session

Frequently Asked Questions:

1. Why is the Town of West Hartford implementing Multifactor Authentication?
MFA is a good deterrent to protect your account from unauthorized users; this will help protect your information and the organization; it is also a new requirement for our Cyber-liability insurance carrier.


2. I do not want to download the Cisco Duo app, even though it is free. Can I just use a text message or phone call instead?

Yes! Simply select “Other” during your initial registration to use SMS/text or phone calls as your preferred method of authentication.


3. I downloaded the Cisco Duo Push app and it used to work, but now I am not getting the notifications to approve my login. What changed?

Check, to make sure your phone does not have Do Not Disturb (DnD) enabled, many phones will not allow an app to notify you during a Do Not Disturb timeframe unless you exempt that app. By manually opening the app and allowing the notification, you should still be able to click approve.


4. I received a message to approve a login session, but I did not recently attempt to login to OWA or VPN. What should I do?

Click DENY and contact Helpdesk immediately; this may be indicative of someone else attempting to gain access to your accounts. Never approve a login session that you did not just immediately initiate.


5. After downloading the app from the store, the app store said thank you for your purchase. Is this app free?

Yes! Although some app stores may indicate payment after a download, Cisco Duo is completely free.


6. I do not have a Smartphone so I can’t download the app. How can I use MFA?

Simply select “other” at time of initial registration and you will be able to use phone calls or text messages to authenticate.


7. I do not have unlimited text messages with my cell phone provider and do not want to pay for receiving text messages to use this, what can I do?

See number 7 above, and simply use phone calls only.


8. I only access VPN from my personal computer at home, and do not want to be prompted each time. Is there a way to “trust” a device so I am not prompted so frequently?

Yes! When selecting your authentication method, simply click “remember me for 365 days”, this will remember/trust the specific device you are using for one year. See step 9a in the instructions above for more information.