Context
Increasingly, applications that provide access to sensitive information are requiring users to protect their credentials with a second factor (username/password + Duo), also known as multi-factor authentication (MFA). At some point in the future it is likely that all applications authenticating with UH Login, LDAP, etc will be required to enforce MFA. As of 10/02/2023, all active UH users will be required to enable MFA on their accounts.
For those applications that intend to redirect a user lacking MFA to a warning page for assistance, a standard warning page is available.
Redirect to this URL if user didn't use MFA, but you require it:
Standardizing on this warning page provides a consistent user experience. It also provides access to the MFA device registration service so that users may register with Duo . (note that this will no longer be necessary for active UH users past 10/02/2023).
| Warning |
|---|
WarningYour application should make sure the user does not have an application session (not authenticated in your application) before redirecting the user to this URL. |
Related resources
UH Login Multi-Factor Authentication (MFA): <https://www.hawaii.edu/askus/1679.