Multifactor Authentication
Town of West Hartford/WHPS: Overview, Instructions & FAQs
Overview
Multifactor authentication (MFA) is a security technology that requires two or more methods of authentication to verify a user’s identity; this helps keep your account(s) more secure. As of August 1, 2021, the Town of West Hartford implemented MFA for Virtual Private Networking (VPN) as part of the new requirements from our Cyber-liability Insurance carrier. You will be prompted to register with Cisco Duo and begin using multifactor authentication when accessing these the Town’s network.
Instructions for using a Mobile Phone as the secondary authenticator (Recommended Method):
1). After going to https://Remote.WestHartfordCT.gov to download the VPN client (see previous instructions here), you will be redirected to an initial setup screen as pictured below to begin the DUO setup:
You have the option of selecting “Remember me for 365 days”, this should only be used on trusted devices, like your personal computer at home, or a work issued laptop. Note that the ‘Remember me’ option is specific to the specific device you are using. Never select the Remember me option on a publicly shared computer.
General Steps Recap:
Only steps 1 and 6 are required after initial enrollment.
User tries to connect to VPN client by going to https://Remote.WestHartfordCT.gov and begin download to install
The initial Duo onboarding screen appears, and the user must click through it to continue;
User chooses what device to use for MFA (Mobile Phone is recommended);
User verifies ownership of the device;
User is presented with a summary of the results of steps 3 and 4 above, and can choose a default login method (e.g. code or push) and whether to be prompted every time;
User is prompted to execute MFA;
User gets to VPN session
Frequently Asked Questions:
MFA is a good deterrent to protect your account from unauthorized users; this will help protect your information and the organization; it is also a new requirement for our Cyber-liability insurance carrier.
2. I do not want to download the Cisco Duo app, even though it is free. Can I just use a text message or phone call instead?
Yes! Simply select “Other” during your initial registration to use SMS/text or phone calls as your preferred method of authentication.
3. I downloaded the Cisco Duo Push app and it used to work, but now I am not getting the notifications to approve my login. What changed?
Check, to make sure your phone does not have Do Not Disturb (DnD) enabled, many phones will not allow an app to notify you during a Do Not Disturb timeframe unless you exempt that app. By manually opening the app and allowing the notification, you should still be able to click approve.
4. I received a message to approve a login session, but I did not recently attempt to login to OWA or VPN. What should I do?
Click DENY and contact Helpdesk immediately; this may be indicative of someone else attempting to gain access to your accounts. Never approve a login session that you did not just immediately initiate.
5. After downloading the app from the store, the app store said thank you for your purchase. Is this app free?
Yes! Although some app stores may indicate payment after a download, Cisco Duo is completely free.
6. I do not have a Smartphone so I can’t download the app. How can I use MFA?
Simply select “other” at time of initial registration and you will be able to use phone calls or text messages to authenticate.
7. I do not have unlimited text messages with my cell phone provider and do not want to pay for receiving text messages to use this, what can I do?
See number 7 above, and simply use phone calls only.
8. I only access VPN from my personal computer at home, and do not want to be prompted each time. Is there a way to “trust” a device so I am not prompted so frequently?
Yes! When selecting your authentication method, simply click “remember me for 365 days”, this will remember/trust the specific device you are using for one year. See step 9a in the instructions above for more information.