Context
Increasingly, applications that provide access to sensitive information are requiring users to protect their credentials with a second factor (username/password + Duo), also known as multi-factor authentication (MFA). At some point in the future it is likely that all applications authenticating with UH Login, LDAP, etc will be required to enforce MFA.
For those applications that intend to redirect a user lacking MFA to a warning page for assistance, a standard warning page is available.
MFA required URL
...
Redirect to this URL if user didn't use MFA, but you require it:
The URL Standardizing on this warning page provides a consistent user experience. It also provides access to the MFA device registration service so that users may register with Duo.
| Warning | ||
|---|---|---|
|
...
Your application should make sure the user does not have an application session (not authenticated |
...
in your application) before redirecting the user to this |
...
URL. |
Related resources
- UH Login Multi-Factor Authentication (MFA): <https://www.hawaii.edu/askus/1679.
...