As part of Penn’s Identity & Access Management (IAM) Program, improvements to the Two-Step Verification(link is external) user experience were implemented on November 14, 2023 with the release of Duo Universal Prompt. Duo Universal Prompt is a vendor-supplied Multi-Factor Authentication (MFA) application that replaced Penn’s custom solution for PennKey Two-Step Verification. PennKey is now integrated directly with Duo for a seamless user experience. Duo Universal Prompt provides a modern, secure, easy-to-use login interface and a simpler way to add and manage devices.
Who Is Affected?
All PennKey Two-Step users and PennKey support providers are affected by the changes.
What Changed?
Current PennKey Two-Step Verification users do not have to re-download the Duo Mobile app, but will see the following changes:
- Users will see the new Duo Universal Prompt UI instead of the previous Penn custom interface during PennKey WebLogin (see screenshots below).
- All existing “Trust this browser” sessions will have expired.
- Users need to authenticate with Two-Step upon their first login after rollout.
- Duo Universal Prompt enforces a 60-day limit on trusted browsers. Browser trust is now enabled by clicking “Yes, this is my device” during login.
- New login options are supported – USB security keys and Touch ID (Apple).
- Some legacy Two-Step functions were retired (see below).
- PennO365 Two-Step also changed to Duo Universal Prompt – Device trust now works across PennKey SSO and O365 logins.
- The PennKey Login UI was refreshed and modernized with no functionality changes.