Multi-Factor Authentication

Two-Factor Authentication (MFA) adds a second layer of security to your SJSUOne account. By verifying your identity using a second factor (such as your mobile device or a key fob), MFA prevents anyone else from logging into your account, even if they know your password.

Who should use Duo MFA?

The CSU has licensed Duo MFA for all CSU employees and it is our goal to have all SJSU employees enrolled in Duo by the end of the year, following a staged roll-out as described below. Similar implementations of Duo are now taking place at all the other CSU campuses. You can learn more about Duo MFA at Duo’s Guide to Two-Factor Authentication.

We have completed the first three phases of our implementation at SJSU, which started early in 2018 with a pilot project of volunteer test users, and now includes the full enrollment of all users of CFS and VPN services.

We are now proceeding with the next two phases of our implementation, by including all Regular Staff, Student Employees and Faculty. To ensure an orderly and efficient enrollment process through the IT Service Desk, we are scheduling these phases with the separate due dates below. After these dates, enrollment in Duo MFA by each respective group will necessary in order to access online resources accessed via your SJSUOne account:

All Regular Staff and Student Employees by May 1, 2019.

All Faculty by December 1, 2019.   

How does Duo MFA work?

Two-Factor Authentication combines something you know (your username and password) with something you carry (your Apple or Android smartphone, or a Hardware Token / Key-Fob), to ensure that only you can log in to your SJSUOne account. After entering your username and password you will be prompted to confirm your login, using your device. 

Setting up Duo MFA

If you choose to authenticate with the Duo Mobile App on your Apple or Android smartphone, the final set-up is a self-service process. The IT Service Desk will contact you when your service has been activated. Following activation, at your next web login, a series of prompts will guide you through the Duo Mobile enrollment process.

If you choose to authenticate with a hardware token (key fob), the IT Service Desk will let you know when your hardware token is ready to be picked up. After your hardware token has been activated and issued to you, you will be prompted at each login to enter the special security code provided by your hardware token.

Enable/Disable Auto-Push for MFA

Would like to speed up your login time with multi-factor authentication? Turn on auto-push to automatically be prompted by the authentication method of your choice in the Duo Mobile app.

To turn on auto-push, follow the steps listed below:

  1. Visit the Multi-Factor Authentication Profile page. 
  2. Enter your SJSU ID and password in the username and password fields. Click Login.
  3. Before Authenticating with MFA, Click My Settings & Devices under Settings.

Devices and Settings

4. Then complete your multi-factor authentication.

5. Under Default Device, select your default device from the drop-down menu.

6. Under When I log in, select the Automatically send this device a Duo Push option.
Autotomatically Send Push

7. Click Save.


Additional Resources


Using the smartphone app factor is covered by the CSU master license.

Hardware tokens (key fobs) are purchased by SJSU and provided to you. Replacements are available for broken or lost fobs.


Contact the IT Service Desk at 408-924-1530.

Because Duo MFA is a security service, the IT Service Desk must confirm your identity before providing assistance.

Frequently Asked Questions