Multi-Factor Authentication (MFA) occurs when you are granted access after successfully presenting two or more pieces of evidence to validate your identity. On occasion, an org account may also be a shared account. This applies to both NetID-based mailboxes and Exchange-only mailboxes.
Shared Account with Delegated Permissions
If permissions have been delegated, there is no change. You and other delegated users accessing the shared resource would satisfy Duo requirements as you would normally with your primary account. Examples of shared accounts with delegated permissions are mailboxes with full-access/send-as/send-on-behalf permissions.
Shared Account with Shared Credentials
In a shared account with shared credentials multiple users access the account with the same login information. This is not recommended, and it is more complicated. In this scenario, there are several options for satisfying Duo MFA requirements.
- Transition to delegated permissions
As described above, this is the preferred option for accessing shared resources. For mailboxes, contact servicedesk@northwestern.edu with the mailbox identity as well as the individual users that need access to the mailbox.
- Add multiple devices to Duo
Once multi-factor authentication has been applied to the shared account, each user accessing the mailbox via the shared credentials will need to have their device added to Duo for this account. Contact servicedesk@northwestern.edu to have additional devices added to the shared account.
- Utilize hardware tokens
Duo Hardware tokens can also be procured and used for authentication to a shared mailbox. Tokens can be assigned to the shared account as well as to the users who access the shared account. More information on Duo hardware tokens can be found in the following knowledge base article:
Using Duo with a Hardware Token
Removing a phone number when someone leaves
When it is necessary to remove a phone number/device from a shared account protected by Duo, anyone with current access to the shared account can make these changes in Duo from the Manage devices screens as described below. This is done by choosing “Other options” from the Duo Push pop-up:
Then choosing “Manage devices” from the bottom of the list:
And finally choosing the edit icon on the device you want to delete and delete the device.
Your feedback on this article is welcome, and we review comments regularly. However, if you have an issue or question requiring immediate attention or want to discuss your feedback on this article, please get in touch with the Northwestern IT Service Desk at 847-49
1-4357 (1-HELP) or
consultant@northwestern.edu.