URL for Requiring MFA
Context
Increasingly, applications that provide access to sensitive information are requiring users to protect their credentials with a second factor (username/password + Duo), also known as multi-factor authentication (MFA). At some point in the future it is likely that all applications authenticating with UH Login, LDAP, etc will be required to enforce MFA. As of 10/02/2023, all active UH users will be required to enable MFA on their accounts.
For those applications that intend to redirect a user lacking MFA to a warning page for assistance, a standard warning page is available.
Redirect to this URL if user didn't use MFA, but you require it:
Standardizing on this warning page provides a consistent user experience. It also provides access to the MFA device registration service so that users may register with Duo (note that this will no longer be necessary for active UH users past 10/02/2023).
Warning
Your application should make sure the user does not have an application session (not authenticated in your application) before redirecting the user to this URL.
Related resources
UH Login Multi-Factor Authentication (MFA): <https://www.hawaii.edu/askus/1679.