Deploying Multi-factor Authentication

Note: this page is concerned with configuring multi-factor authentication to protect a server and is targeted towards IT staff. Multi-factor authentication is also available to all campus users to protect email and access.caltech accounts. For more information about multi-factor authentication for all campus users, see Multi-factor Authentication.

Information Security can help you deploy multi-factor authentication using Duo to protect SSH, Windows Remote Desktop, and other services. Below is a list of eligible services with links to specific instructions.

Eligible services

More services are available. Email security@caltech.edu for questions about deploying MFA to protect a different service.

Getting set up

Refer to the links above for service specific instructions. When you are ready to begin, email security@caltech.edu with the following information:

Server name
Integration type (the service to be protected, e.g. SSH, Microsoft RDP, etc.)

We will respond with a GPG encrypted file (or password protected zip file) containing a set of Duo API keys. The secret key must remain confidential. If you ever have any doubts about the confidentiality of your Duo secret key, tell us immediately and we can easily generate a new key for you. Use the Duo keys when following the service specific instructions to configure your system to require multi-factor authentication.