Add Two-Step Login to a Departmental VPN

Set up Two-Step Login for your departmental VPN

This article applies to: CU VPN

Two-Step Login, Cornell's two-factor authentication service, is required for all departmental VPNs to provide an additional layer of security.

Two-Step Login should be added when the departmental VPN is set up.
With Two-Step Login required, all users must use Two-Step Login to log in to the departmental VPN.
Two-Step Login will be required to log in to the main VPN (cupvn.cupvn.cornell.edu) as of July 15, 2021.

Requirements

Before requiring Two-Step Login for a departmental VPN:

Ensure that all department users have initialized their Two-Step Login account and registered their Two-Step Login devices.
Ensure that all users who will access the departmental VPN have either a faculty or staff NetID, Sponsored NetID, or for student employees, a student Two-Step Login account. The departmental VPN administrator should review group memberships in Active Directory before requiring Two-Step Login on a departmental VPN.

Request Two-Step Login for an Existing Departmental VPN

To add Two-Step Login to an existing departmental VPN, send an email to cuvpn_request@cornell.edu.

Include the following information in your request:

Your name and department
The name of the Active Directory group associated with your departmental VPN
The date Two-Step Login should be activated for your departmental VPN

See how to request a new departmental VPN.

Test Before Requiring Two-Step Login

You can connect to any departmental VPN using Two-Step Login at any time, even if it is not required yet. This is useful for administrators who want to test or configure user clients before Two-Step Login is required.

Connect to a Departmental VPN with Two-Step Login

After Two-Step Login is required for a departmental VPN, you'll select the Two-Step_Login VPN Group when connecting to the departmental VPN. See the instructions for connecting on Windows, Macintosh, Linux, and mobile devices.

Caution: Selecting the CornellVPN Group will connect to the main VPN and you may not have access to resources that are only available through the departmental VPN.

CU VPN Articles

see all

Departmental VPN

Set Up a Departmental VPN

With a departmental virtual private network (VPN), a Cornell department, college, or unit can establish and manage VPNs for exclusive use by their staff.

Add Members to a Group (CornellAD Group Management)

Individuals who have access to manage CornellAD groups can add members via the console or web interface.

Add Two-Step Login to a Departmental VPN

Set up Two-Step Login for your departmental VPN

Create a Group in CornellAD

How CornellAD administrators can create groups for many purposes, such as controlling who can access certain services, or emailing a group of people.

Remove Members from a Group (CornellAD Group Management)

Individuals who have access to manage CornellAD groups can remove members via the web interface.

Use a GuestID with a VPN

GuestID VPN (GID VPN) is a remote-access VPN created exclusively for GuestID users. Unlike CU VPN, which uses Cisco technology, GID VPN uses VPN technology from Fortinet, specifically the...

Was this page helpful?

Your feedback helps improve the site.

Comments?

To share feedback about this page, log in with your NetID.
Need assistance with an IT@Cornell service? Contact the Service Desk instead.

Search Filters:

Knowledge Base Article

Quick Links and Search

How can we help?

Quick Login