Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

Context

Increasingly, applications that provide access to sensitive information are requiring users to protect their credentials with a second factor (username/password + Duo), also known as multi-factor authentication (MFA).  At some point in the future it is likely that all applications authenticating with UH Login, LDAP, etc will be required to enforce MFA. As of 10/02/2023, all active UH users will be required to enable MFA on their accounts. 

For those applications that intend to redirect a user lacking MFA to a warning page for assistance, a standard warning page is available.

Redirect to this URL if user didn't use MFA, but you require it:

Standardizing on this warning page provides a consistent user experience.  It also provides access to the MFA device registration service so that users may register with Duo. (note that this will no longer be necessary for active UH users past 10/02/2023).

Warning

Your application should make sure the user does not have an application session (not authenticated in your application) before redirecting the user to this URL.

Related resources


  • No labels