Skip to main content

Cornell University

IT@Cornell

Content (15)

New Login Experience for Microsoft Admin Portals
On Friday, September 26, 2025, CIT will implement two new security features to strengthen authentication for Azure, Entra, Intune, and M365:
Remove a Device from Two-Step Login
Go to the Device Management Portal To add a new device to Two-Step Login, begin one of two ways. Either: Go to the Device Management portal using one of the following methods. Either:
Replace Your Smartphone Listed in Two-Step Login
When you have a new smartphone, there are a few steps you need to take to setup the phone you're using for your Two-Step Login account. What you do with your account depends on whether or not you kept your phone number or if you have a new number on your new smartphone.
Rename a Device Enrolled for Two-Step Login
Go to the Device Management Portal To add a new device to Two-Step Login, begin one of two ways. Either: Go to the Device Management portal using one of the following methods. Either:
Add a New Device to Two-Step Login
Go to the Device Management PortalGo to the Device Management portal using one of the following methods:
Log in with Append Mode or Second Password Authentication for Two-Step Login
Use Append Mode Authentication Some campus IT services, such as Desktop Everywhere using the VMware Horizon View client, do not support a web interface to specify how to complete the second step of authentication.  If you enter just your NetID and password with these non-web apps, Two-Step…
Log in with a Passcode for Two-Step Login
Get a Passcode from a Hardware TokenAcquire and enroll a hardware token that will display a passcode with a simple button push.
Log in Using a Phone Callback for Two-Step Login
During Fall 2025, Cornell is retiring the Duo Phone Call and
Log In Using Duo Push for Two-Step Login
During Fall 2025, Cornell is retiring the Duo Phone Call and
Connect Windows to CU VPN
To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See the How to Install Cisco VPN Software page for instructions.
Connect Mac to CU VPN
To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See How to Install Cisco VPN Software for instructions.
Connect Linux to CU VPN
To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See the How to Install Cisco VPN Software page for instructions.
Shibboleth FAQ
Does the Cornell Identity Provider provide a logout service?No. Our credentials remain valid until you close your browser. We recommend that you give the user instructions to quit the browser if they want to log out. If your application has a logout item in its menus, you might consider linking…
Cornell Shibboleth Identity Provider Resources for IT Staff
EntityID for the Cornell Identity ProviderProduction IDP: https://shibidp.cit.cornell.edu/idp/shibbolethTest IDP: https://shibidp-test.cit.cornell.edu/idp/shibbolethURL for Cornell IDP metadataProduction IDP: https://shibidp.cit.cornell.edu/idp/shibbolethTest IDP: https://shibidp-test.cit.cornell.…
CU VPN
Two-Step Login is required for all users to authenticate to the CU VPN. Use these links for directions on how to complete the new login screen for CU VPN:

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.