Add Two-Step Login to a Departmental VPN
Set up Two-Step Login for your departmental VPN
This article applies to: CU VPN
Two-Step Login, Cornell's two-factor authentication service, is required for all departmental VPNs to provide an additional layer of security.
- Two-Step Login should be added when the departmental VPN is set up.
- With Two-Step Login required, all users must use Two-Step Login to log in to the departmental VPN.
- Two-Step Login will be required to log in to the main VPN (cupvn.cupvn.cornell.edu) as of July 15, 2021.
Requirements
Before requiring Two-Step Login for a departmental VPN:
- Ensure that all department users have initialized their Two-Step Login account and registered their Two-Step Login devices.
- Ensure that all users who will access the departmental VPN have either a faculty or staff NetID, Sponsored NetID, or for student employees, a student Two-Step Login account. The departmental VPN administrator should review group memberships in Active Directory before requiring Two-Step Login on a departmental VPN.
Request Two-Step Login for an Existing Departmental VPN
To add Two-Step Login to an existing departmental VPN, send an email to cuvpn_request@cornell.edu.
Include the following information in your request:
- Your name and department
- The name of the Active Directory group associated with your departmental VPN
- The date Two-Step Login should be activated for your departmental VPN
See how to request a new departmental VPN.
Test Before Requiring Two-Step Login
You can connect to any departmental VPN using Two-Step Login at any time, even if it is not required yet. This is useful for administrators who want to test or configure user clients before Two-Step Login is required.
Connect to a Departmental VPN with Two-Step Login
After Two-Step Login is required for a departmental VPN, you'll select the Two-Step_Login VPN Group when connecting to the departmental VPN. See the instructions for connecting on Windows, Macintosh, Linux, and mobile devices.
Caution: Selecting the CornellVPN Group will connect to the main VPN and you may not have access to resources that are only available through the departmental VPN.
Comments?