Duo MFA FAQs

MFA (Duo) for Office 365 at Caltech (Log-in Required)

What is multi-factor authentication (MFA)

How to authenticate with Duo push on iPhone

Other FAQs

I currently have my Gmail configured to pull my Caltech email and/or reply from Gmail on behalf of my Caltech account, will this continue to work?

When your Office 365 account is enrolled for MFA (Duo) this configuration will no longer work if you are using the browser to check and/or reply to Caltech from your Gmail account. This configuration relies on basic authentication which is a less secure authentication method. MFA requires logging in with modern authentication, which is a more secure authentication method. Unfortunately, currently, Google does not offer modern authentication when checking Gmail from the browser.

If you have the Gmail app on your mobile device, you can follow the Gmail App Instructions to configure your Caltech account on your mobile device and be able to send/receive Caltech email. This configuration supports modern authentication and will continue to work with MFA (Duo).

Is email forwarding being disabled with MFA (Duo)?

No, email forwarding will not be impacted with MFA (Duo) for Office 365 enrollments.

How often will I be prompted to authenticate with MFA (Duo)?

Once your account is enrolled in MFA (Duo) for Office 365, your email client will need to be reconfigured, per the email configuration guides. Please note that this is not the case for Outlook desktop or Outlook Mobile. After that initial re-configuration, MFA (Duo) for Office 365 will not increase the number of times that your email client(s) and or browser(s) will need to re-authenticate.

How do I enroll in MFA (Duo)?

IMSS will begin working with users to enroll them in MFA (Duo) for Office 365. However, if you would like to self enroll for Duo, please review the pre-requisites and required steps in the MFA Self Enrollment page.

How do I use multi-factor authentication with Outlook Web?

If your account is already enrolled in MFA (Duo) for Office 365, you may follow the using multi-factor authentication with email instructions.

How do I use multi-factor authentication with access.caltech?

If your account is already enrolled in MFA (Duo) for access.caltech, you may follow the using multi-factor authentication with access.caltech instructions.

If you would like to enroll in MFA (Duo) for access.caltech, please contact the Help Desk at help@caltech.edu or https://help.caltech.edu (request type: IMSS > Information Security > Duo Request Form).

IT Staff - How do I deploy multi-factor authentication to protect a service?

Review the Deploying Multi-factor Authentication page. This page is targeted towards IT staff.

Is there another multi-factor authentication method besides Duo mobile on a smartphone device?

If you do not have a smartphone device or would rather another authentication method, the following options are available:

Mac Touch ID

You can use the Touch ID on your MacBook pro or MacBook Air for Duo authentication. Touch ID requirements and registration steps are available at https://guide.duo.com/touch-id

Hardware Token / Yubikey

The following hardware tokens are available through the Caltech Bookstore located at Hameetman Center. You can contact them at citwired@caltech.edu or 626-395-8006

USB-A YubiKey

USB-C YubiKey:

I have a new phone, how do I re-enable Duo?

Duo Mobile's (Android and iOS) restore functionality lets you back up Duo-protected accounts and for recovery to the same device or to a new device.

For any other questions, please contact the IMSS Help Desk at 626.395.3500, help@caltech.edu, or https://help.caltch.edu (request type: IMSS > Duo/MFA Help).