Duo Security for SSO
The Texas A&M System’s Single Sign-On service handles your login access to web-based applications which have chosen to use Single Sign-On as their authentication method. These include the services that we use for purchasing, travel, HR, benefits, leave, time tracking and more. Due to the sensitive nature of the applications protected by SSO, we require all the use of Duo two-factor authentication for all TAMHSC personnel.
- Visit the SSO website at sso.tamus.edu. Log in to your account with your UIN and your SSO password.
- Your password was configured for this was set up when you initially configured your account during on-boarding with HR, you can reset it with the “I forgot my password” link if necessary
- Click on the Profile tab, then Two Factor Authentication. Select Two Factor Authentication and Save.
- On the next screen, select Start setup to begin the configuration process.
- Select which type of device that you would like to set up. Your mobile phone will give you the most options for authentication. You may also select any type of an Apple or Android based tablet device for installing the Duo app on. A landline can also be configured for your work or home phone line; we will discuss the rest of the options further along in this tutorial. In this first example we are using a mobile phone:
- Select the country, and enter your 10 digit number. Check off the checkbox and click Continue to verify:
- Select the type of phone that you have (in this example we are using an iPhone), then click Continue:
- You will now need to install Duo Mobile on your phone. Search for and install it from the App Store (Apple) or the Play Store (Android). Once you have it installed, the app will allow you to use your phone’s camera to scan the QR code on the computer screen. To add your key, use the + button. You may also have an activation link emailed to you instead. Once the code is scanned, or the link is activated, click the Continue button:
Upon successful activation, your smartphone Duo Mobile app screen should show a Texas A&M System Offices section with a key to the right of it:
At this point, you may choose to add another option by Add a new device link. Duo may require re-authentication before being able to make the changes. If you select the Tablet option, the process will be similar to adding the Mobile phone. If you select Landline, please make sure to include all 10 digits of the number as well as an additional extension if necessary.
The U2f token is a keyfob of device that may be used if you prefer none of the aforementioned options, please feel free to contact the OIT Helpdesk if you would like more information regarding acquiring one.
The My Settings & Devices link allows you to choose options for your devices. You can select which device that you wish to use for default, and choose which type of authentication method that it uses to contact you. Your mobile phone provides several options; you can either have it ask you to choose which type of authentication method for each time that you access the page (Send Me a Push), Call me (direct dial, follow the voice prompts once connected), or Enter a Passcode (texted to your phone, enter it into the textbox and click Log In). You may also choose two automatic behaviors for when you log in for your phone, either Automatically Send this device a Duo Push, or Automatically call this device.
For help with the system, please feel free to reach out to our Helpdesk for the Texas A&M University Health Science Center at 800-799-7472, or email email@example.com.
For more in depth documentation, visit the Texas A&M University System page on Two Factor Authentication for SSO.