Entra ID Cloud-only Authentication with Duo 2FA Expected Experience

Last updated: October 31, 2024
Audience: All UW

This description represents via words and pictures what an uw.edu Entra ID user can expect to experience at sign-in.

Step 1: The Microsoft sign-in page.

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page.

You should enter your user principal name (UPN), e.g. pottery@uw.edu.

Important: The "Can't access your account?" link in this Microsoft interface is non-functional for UW Microsoft accounts. Clicking it will result in a "Get back into your account" page which will not be constructive. To recover your account, use the UW NetID system.

Note: you may be asked to choose a work/school account or personal account immediately after step 1. See /tools-services-support/it-systems-infrastructure/msinf/other-help/faq/aad-terms/#accountTypes for more info.

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your @uw.edu UPN and reacts by giving you the appropriate UW authentication experience. You will need to enter your password in the Microsoft sign-in page, as shown below:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You enter your UW NetID password into the password field.

Important: The "Forgot my password" link in this Microsoft interface will result in sending you to the UW NetID password help page.

Step 3: Duo 2FA challenge (may not be required)

Assuming you entered a valid password, if 2FA is required, you’ll be asked to “Verify your identity”, i.e. with a choice of which verification method you’d like to use to satisfy the 2FA challenge. Note that this screen includes the UW logo at the top and the UW-specific help text at the bottom. You should only see “Approve with Duo” as shown:

Once you have chosen “Approve with Duo” you will be directed to a Duo 2FA page from duosecurity.com as shown here:

A screenshot of the new Duo prompt when selecting that Duo authenticate via a "push" when logging in via the Entra ID Environment

Note the UW logo. You should see the same authentication methods that you have enrolled in via https://identity.uw.edu. The default method should fire automatically, but you can manually pick any of the methods listed.

Note: This screen will only show the last 4 digits of any phone number used as an authentication method. For privacy purposes, we’ve blurred these in the screenshot above.

Depending on your web browser’s configuration, you may also see a prompt asking “Do you trust uw.edu?”. If so, click “Continue”.

Step 4: Stay signed in (SSI)

After you’ve successfully passed the Duo 2FA challenge (or just the password challenge, if 2FA wasn’t required), you should be redirected to the following page, with a question about whether you want to stay signed in:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You can select either option. If using a public or shared computer, such as a kiosk, you should choose No.

After selection, you should be redirected to the application that started the Entra ID sign-in process.