IT Connect
Your connection to information technology at the UW

Azure AD Federated Authentication with Duo 2FA Expected Experience

This page describes via words and pictures what an uw.edu Azure AD user who is federated with Duo 2FA enabled can expect to experience at sign-in.

Note: you may be asked to choose a work/school account or personal account immediately after step 1. See https://itconnect.uw.edu/wares/msinf/other-help/faq/aad-terms/#accountTypes for more info.

Step 1: The Microsoft sign-in page.

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page.

You should enter your user principal name (UPN), e.g. pottery@uw.edu.

Step 2: Redirection to UW identity provider

The Microsoft sign-in page detects your @uw.edu UPN and begins the process of redirecting you the UW identity provider. During this process, you should see this screen first:

That will be followed by a very brief stop at sts.netid.washington.edu (the UW ADFS service):

Which will quickly be followed by a redirect to idp.washington.edu (the UW identity provider). You should end up here:

Step 3: UW identity provider

At the UW identity provider, you will enter your UW NetID and password. Note that your UW NetID is not exactly the same as your UPN, e.g. pottery.

Step 4: Redirect back to Microsoft sign-in page and Duo 2FA challenge

Assuming you entered a valid UW NetID and password, you’ll be redirected back to the sts.netid.washington.edu (the UW ADFS service):

Which will quickly be followed by a redirect to the Microsoft sign-in page, which will quickly redirect you to a Duo 2FA page https://us.azureauth.duosecurity.com/authorization as shown here:

This page is slightly different than the Duo 2FA experience from the UW identity provider. Note the UW logo. You should see the same authentication methods that you have enrolled in via https://identity.uw.edu. The default method should fire automatically, but you can pick one of the others.

Note: This screen will only show the last 4 digits of any phone number. For privacy purposes, we’ve blurred these in the screenshot above.

After you’ve successfully passed the Duo 2FA challenge, you should be redirected to the following page:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You can select either option. After selection, you should be redirected to the application that started the Azure AD sign-in process.

Last reviewed April 28, 2020