How can I use 2 Factor Authentication with VPN for OS X?

This FAQ was last modified on: Thursday, February 2, 2017 03:22pm

Using 2 Factor Authentication with VPN - OSX

Note: Duo Two-Factor Authentication is only compatible with the Cisco AnyConnect Secure Mobility Client. It is not compatible with the Cisco IPSec client that is included with OS X. 

If you are set up for Duo Two-Factor Authentication, here is how to use it with the AnyConnect Secure Mobility Client for OS X:

  • Launch the Cisco AnyConnect Application.

Cisco AnyConnect App Icon

  • Once the AnyConnect pop-up box is displayed, click on the "Connect" button. The software should then begin the authentication process.

Connect to Anyconnect Contacting

  • Next, the credential pop-up will appear. In the "Group:" drop-down menu, click on the arrows to the right and select the "gatech-2fa-Duo"

Enter credentialsselect gatech

  • You will then notice that a "Second Password:" text entry appears. Enter your GT Username and GT password. In the "Second Password:" text entry, please enter one of the following (without the quotes), then click the "OK" button:
    • The code generated by the Duo Mobile app. This is the code that you get by hitting the "key" on the upper right side of the app.
    • "push"
      "phone", "phone2", "phone3"....... "phoneN".
      Note:  There is no "phone1" since "phone" and "phone1" both reference the first phone number you entered into the system. The phone number list is directly related to the order in which you setup your various phones in the Duo system. "phone" will call your 1st phone (likely your cell) and "phone2" will call your office or which ever secondary phone number you entered at the time your Duo Account was configured etc.

Enter passwordDuo mobile key

  •  If you take too long to respond with your secondary athentication method, the system will tme out with an error.

Timed out image

  • In this example we entered "push". On your secondary device you will have the following screen, once we initiate the Duo Mobile app on our device and click the "Duo Push" icon in the lower left hand side. Click the "Approve" button to authenticate.

Two factor push

  • The VPN client will now authenticate based on the second factor and initiate a connection. Click the "Accept" button.

Welcom banner

  • That's it, you are connected using 2 Factor Authentication! To verify connectivity, the AnyConnect VPN icon, on OSX menu bar, will show an orange lock.