Duo Multi-Factor Authentication (MFA) Requirement on Campus VPN Effective August 2

As ETS continues to enhance security on many of the applications we use, beginning Monday, August 2, when logging into the campus VPN service (Pulse Secure), you will need to use Multi-Factor Authentication (MFA) via Duo. 

Why?

As you may already know, MFA helps prevent malicious actors from accessing UCSB information and accounts.  Even if someone has stolen your passphrase, they will need a “second factor” — usually a temporary numeric passcode or a mobile phone— to access your account.

Already using Duo?

For those of you who have logged into UCPath any time since December, you should already have setup Duo and be familiar with how simple it is to authorize authentication.  This change will work exactly the same way and, provided you’ve already set things up for UCPath, there is nothing new you need to setup.  Starting on August 2, you will just need your Duo second factor to log into the campus VPN.  This will be required upon each login to the campus VPN.  A pre sign-in notification window in the Pulse Secure client will guide you through the options for authentication after the initial UCSBNetID/password authentication has completed.

New to Duo?

If you have never used Duo or want additional information about MFA, ETS has info and instructions starting here. Please note that in the Quick Links section on the right side of that screen, there are links for enrolling. You will need to set things up prior to August 2 in order to avoid delays in being able to login to the campus VPN. Included in that Quick Links box is a link where you can Test Your MFA Device. While that has you test against a generic website, it will confirm that you have everything in place for using MFA with the campus VPN. 

You can test/validate your campus VPN connection with MFA by using the pre-configured “UCSB Remote Access Trusted” profile in the Pulse Secure client Connections list.  If you do not have the “UCSB Remote Access Trusted” profile in your Connections list, you can add it with the URL https://ps.vpn.ucsb.edu/ra-trusted.   (Optionally, you may delete the old “UCSB Remote Access” profile from the Connections list - however, after August 2, both the “UCSB Remote Access” and “UCSB Remote Access Trusted” profiles will behave identically, and both will require MFA.)

Be sure to set things up and test prior to August 2.

Need assistance?

If at any point you need assistance, the UCSB IT Services Support team is available to assist you.  Contact them by calling (805) 893-5000 (x5000 on campus) or submit a ticket at ithelp.ucsb.edu under the End User Services tab, then Access and Accounts.  IT Services Support hours are Monday-Friday, 8am-5pm.  If you need assistance outside of business hours, you can still submit a ticket at ithelp.ucsb.edu and the team will address it during business hours.

Thank you for your flexibility and support as we move our campus VPN service forward in security compliance.