IT Connect
Your connection to information technology at the UW

Azure AD Cloud-only Authentication with Duo 2FA Expected Experience

This page describes via words and pictures what an uw.edu Azure AD user with cloud-only authentication with Duo 2FA enabled can expect to experience at sign-in.

Note: you may be asked to choose a work/school account or personal account immediately after step 1. See https://itconnect.uw.edu/wares/msinf/other-help/faq/aad-terms/#accountTypes for more info.

Step 1: The Microsoft sign-in page.

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page.

You should enter your user principal name (UPN), e.g. pottery@uw.edu.

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your @uw.edu UPN and reacts by giving you the appropriate cloud-based authentication experience. This means the user will enter their password in the Microsoft sign-in page. This is the next page in the sequence:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You enter your UW NetID password into the password field.

Step 3: Duo 2FA challenge

Assuming you entered a valid password, you’ll be directed to a Duo 2FA page https://us.azureauth.duosecurity.com/authorization as shown here:

This page is slightly different than the Duo 2FA experience from the UW identity provider. Note the UW logo. You should see the same authentication methods that you have enrolled in via https://identity.uw.edu. The default method should fire automatically, but you can pick one of the others.

Note: This screen will only show the last 4 digits of any phone number. For privacy purposes, we’ve blurred these in the screenshot above.

Step 4: Stay signed in (SSI)

After you’ve successfully passed the Duo 2FA challenge, you should be redirected to the following page, with a question about whether you want to stay signed in:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You can select either option. If using a public or shared computer, such as a kiosk, you should choose No.

After selection, you should be redirected to the application that started the Azure AD sign-in process.

Last reviewed June 29, 2021