Context
Increasingly, applications that provide access to sensitive information are requiring users to protect their credentials with a second factor (username/password + Duo), also known as multi-factor authentication (MFA). At some point in the future it is likely that all applications authenticating with UH Login, LDAP, etc will be required to enforce MFA.
For those applications that intend to redirect a user lacking MFA to a warning page for assistance, a standard warning page is available.
MFA required URL
Standardizing the MFA Required URL helps ensure a consistent user experience. The recommended URL is:
The URL provides access to the MFA device registration service so that users may register with Duo.
Your application should make sure the user does not have an application session (not authenticated with the application) before redirecting the user to this MFA-required URL.
Related resources
- UH Login Multi-Factor Authentication (MFA): <https://www.hawaii.edu/askus/1679.