Add Two-Step Login to a Departmental VPN
Set up Two-Step Login for your departmental VPN
This article applies to: CU VPN
Two-Step Login, CIT's two-factor authentication service, can be required for a departmental VPN to provide an additional layer of security.
- Two-Step Login can be added when the departmental VPN is set up or at a later time.
- If Two-Step Login is required, all users must use Two-Step Login to log in to the departmental VPN.
- Two-Step Login is not required to log in to the main VPN (cupvn.cupvn.cornell.edu).
Before requiring Two-Step Login for a departmental VPN:
- Ensure that all department users have initialized their Two-Step Login account and registered their Two-Step Login device(s).
- Ensure that all users who will access the departmental VPN have either a faculty/staff NetID, sponsored NetID, or for student employees, a student Two-Step Login account. The departmental VPN administrator should review group memberships in Active Directory before requiring Two-Step Login on a departmental VPN.
Request Two-Step Login for an Existing Departmental VPN
To add Two-Step Login to an existing departmental VPN, send an email to email@example.com. Include the following information in your request:
- Your name and department
- The name of the Active Directory group associated with your departmental VPN
- The date Two-Step Login should be activated for your departmental VPN
Test before Requiring Two-Step Login
You can connect to any departmental VPN using Two-Step Login at any time, even if it is not required yet. This is useful for administrators who want to test or configure user clients before Two-Step Login is required.
Connect to a Departmental VPN with Two-Step Login
After Two-Step Login is required for a departmental VPN, you'll select the Two-Step_Login VPN Group when connecting to the departmental VPN. See the instructions for connecting on Windows, Macintosh, Linux, and mobile devices.
Caution: Selecting the CornellVPN Group will connect to the main VPN and you may not have access to resources that are only available through the departmental VPN.