Skip to main content

Add Two-Step Login to a Departmental VPN

Set up Two-Step Login for your departmental VPN

This article applies to: CU VPN


Two-Step Login, CIT's two-factor authentication service, can be required for a departmental VPN to provide an additional layer of security. 

  • Two-Step Login can be added when the departmental VPN is set up or at a later time. 
  • If Two-Step Login is required, all users must use Two-Step Login to log in to the departmental VPN.
  • Two-Step Login is not required to log in to the main VPN (cupvn.cupvn.cornell.edu).

Requirements

Before requiring Two-Step Login for a departmental VPN:

  • Ensure that all department users have initialized their Two-Step Login account and registered their Two-Step Login device(s).
  • Ensure that all users who will access the departmental VPN have either a faculty/staff NetID, sponsored NetID, or for student employees, a student Two-Step Login account. The departmental VPN administrator should review group memberships in Active Directory before requiring Two-Step Login on a departmental VPN.

Request Two-Step Login for an Existing Departmental VPN

To add Two-Step Login to an existing departmental VPN, send an email to cuvpn_request@cornell.edu. Include the following information in your request:

  • Your name and department
  • The name of the Active Directory group associated with your departmental VPN
  • The date Two-Step Login should be activated for your departmental VPN

See how to request a new departmental VPN.

Test before Requiring Two-Step Login

You can connect to any departmental VPN using Two-Step Login at any time, even if it is not required yet. This is useful for administrators who want to test or configure user clients before Two-Step Login is required.

Connect to a Departmental VPN with Two-Step Login

After Two-Step Login is required for a departmental VPN, you'll select the Two-Step_Login VPN Group when connecting to the departmental VPN. See the instructions for connecting on Windows, Macintosh, Linux, and mobile devices.

Caution: Selecting the CornellVPN Group will connect to the main VPN and you may not have access to resources that are only available through the departmental VPN.

About this Article

Last updated: 

Thursday, July 27, 2017 - 11:27am

Audience: 

IT Professionals

Was this page helpful?

Your feedback helps improve the site.

Comments?