IT Connect
Your connection to information technology at the UW

Azure AD Cloud-only Authentication with Duo 2FA Expected Experience

This page describes via words and pictures what an uw.edu Azure AD user with cloud-only authentication with Duo 2FA enabled can expect to experience at sign-in.

Note: you may be asked to choose a work/school account or personal account immediately after step 1. See https://itconnect.uw.edu/wares/msinf/other-help/faq/aad-terms/#accountTypes for more info.

Step 1: The Microsoft sign-in page.

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page.

You should enter your user principal name (UPN), e.g. pottery@uw.edu.

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your @uw.edu UPN and notes that this user account is enrolled in cloud-only authentication. This means the user will enter their password in the Microsoft sign-in page, won’t see the UW identity provider and won’t have to re-enter their UW NetID there. This is the next page in the sequence:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You enter your UW NetID password into the password field.

Step 3: Duo 2FA challenge

Assuming you entered a valid password, you’ll be directed to a Duo 2FA page https://us.azureauth.duosecurity.com/authorization as shown here:

This page is slightly different than the Duo 2FA experience from the UW identity provider. Note the UW logo. You should see the same authentication methods that you have enrolled in via https://identity.uw.edu. The default method should fire automatically, but you can pick one of the others.

Note: This screen will only show the last 4 digits of any phone number. For privacy purposes, we’ve blurred these in the screenshot above.

After you’ve successfully passed the Duo 2FA challenge, you should be redirected to the following page:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You can select either option. After selection, you should be redirected to the application that started the Azure AD sign-in process.

Last reviewed April 28, 2020