Your Duo Security Questions Answered
Anyone can directly sign up for the Duo Security Personal plan, which allows for up to ten users at no cost. This is perfect for limited testing and evaluation purposes.
No, under the updated Internet2 Duo program, your campus does not need to be an InCommon participant.
No, you are not required to be an Internet2 member to sign up for Duo, but Internet2 members receive a discount when they sign up for a Duo site license.
As part of the updated program, campuses can now license for a subset of your campus community along with the faculty and staff and student option.The fee in each case will vary with the size (based on IPEDS student count) of your school and the number of users your campus wants to enroll in the service.
Duo provides a wide range of options when it comes to authenticating a user login. We expect that most Duo users will prefer to use either Duo Mobile or Duo Push, neither of which consume any telephony credits and can be used without limit.Duo also supports two-factor login via other methods, such as automated voice calls or SMS messages. Duo incurs a small marginal cost when an automated voice call is made (long distance telephone charges) or an SMS message needs to be sent (SMS charges), with the exact amount depending on the source and destination of the call or message. Telephony credits are the way that Duo ensures those marginal costs don’t get out of control. Telephony credits are purchased in advance as a non-expiring credit in a pool that covers all user accounts at a site. In the United States, voice calls for login confirmation incur a two (2) credit charge; SMS messages for login confirmation cost one (1) credit in the US. Rate cards for other countries are available.
Telephony credits are purchased directly from Duo after you have enrolled in the program.
Any individual employed by or employees working in the Customer’s postsecondary institution except those employed by or working in the medical school component of the Customer’s institution or Hospital Staff accessing an application used in Subscriber’s medical school or hospital clinical operations. Staff includes individuals employed by or employees working in the postsecondary component of a hospital or medical center that offers postsecondary education as one of its primary missions; also includes those working in first-professional schools (e.g., law schools, dental schools, schools optometry) except medical schools accessing an application used in the Customer’s clinical operations. This definition is derived from Integrated Postsecondary Education Data System (IPEDS) definition of “Institution’s staff,” available at: http://nces.ed.gov/ipeds/glossary/?charindex=I
Duo Security introduced a new Platform Edition in 2015. More details on Duo Security Platform Edition can be found on the Duo Security website. It is a separate subscription from the Duo Security MFA product and includes all of the functionality of the Duo Security MFA Edition.
Duo Security licensing is based on Hospital Users as specified by universities. Universities need to specify the number of Hospital Users during sign-up. A Hospital User is any user of the Services who the Hospital Customer may authorize to enroll to use the Services in accordance with the terms of this Agreement and the Service Agreement.
Duo Security has included Campus Associates within the new pricing for default in the Faculty, Staff, Students, Associates/Affiliates, and Alumnae pricing. It is not available as an add-on.
Duo Mobile is a mobile application for smartphones that generates a one-time password (i.e., a secret, random-looking number on the user’s smartphone), which the user then types into the application that requires authentication. Duo Push is a special feature of the Duo Mobile application that uses mobile push services to authenticate the user right on the smartphone, without the need to type the one-time password into the application.
The Duo Mobile app runs on the following platforms:Google Android
Duo Push, which is a special feature of the Duo Mobile app, is available on Google Android, Apple iPhone, and RIM BlackBerry only.
A variety of options exist to accommodate users without smartphones:
-An ordinary mobile phone (not a smartphone), or even a traditional desktop phone, can be used to authenticate with Duo.
-If the user doesn’t have any phone, the institution can elect to purchase a traditional hard cryptographic one-time password token for that user at $20/token, or the school may want to consider an inexpensive prepaid basic cell phone for this purpose.
-Finally, if the person without a phone is just a regular user (i.e., not a user with special privileges or access to sensitive data), yet another option would be to selectively disable the use of Duo for that user.
Actually, you can choose how best to deploy Duo in your environment. At the SP, Duo Web supports client libraries for Python, Ruby, Classic ASP, ASP.NET, Java, PHP, Node.js, ColdFusion, and Perl. At the IdP, Duo provides a custom login handler for Shibboleth IdP 2.3.5.
Yes, the Duo source code is available on GitHub.