Page Last Modified: Oct 15, 2018

Share Link:

Report problems with this page

As a response to the increasing number of phishing scams that impact Fredonia employees and the University's overall risk for a data breach, the Information Technology Services department has implemented a high-security login process for Fredonia eServices and other critical electronic resources that requires a second method to confirm the identity of the person logging in.

Referred to as two-step or two-factor authentication, this process, which uses Duo Security, asks individuals logging in to confirm their identity using a smartphone, via automated voice calls, or a hardware token.

Duo Security accounts will be provisioned out to users based on the risk associated with the data and systems they have access to.

Currently Duo Security is protecting the following Fredonia  electronic services:

  • Drupal Web Publishing
  • FredApps (GSuite)
  • OnCourse
  • Starfish
  • SUNY Employee Portal
  • 1Password Teams
  • University owned computers 

NOTE: other Fredonia electronic services will be protected as technical and funding limitations are addressed.

Getting Started

  1. ITS will add your eServices account to the Duo Security system based on the risk associated with the services and sensitive data you have access to.

  2. You will receive a Duo Security Enrollment email requesting you to activate a new device as your second factor for authentication. Fredonia permits you to register a smartphone (Android, iPhone, or Windows), a landline, or a tablet as your second factor. You may have as many second factors as you wish (e.g. smart phone, landline, tablet, hardware token), but we highly recommend that you have at least one backup second factor device.

    NOTE: If you are starting your enrollment process from the device that you will be using as a second factor, please follow this instructions.

  3. Click on the link in the enrollment message and you will be redirected to a set-up page like this. Click on Start setup.

NOTE: It is strongly recommended that all mobile devices used as a second factor be encrypted and have a screen lock enabled. We also recommend that you register a second device as an alternative method of authenticating. 

See Related Issues below for specific device instructions.

NOTE:  If you wish to use a hardware token as a backup second factor device, please email the Information Security Office ( for further details.


Short URL to this page: