On Friday, September 26, 2025, CIT will implement two new security features to strengthen authentication for Azure, Entra, Intune, and M365:

Go to the Device Management Portal To add a new device to Two-Step Login, begin one of two ways. Either: Go to the Device Management portal using one of the following methods. Either:

When you get a new smartphone, there are a few steps you need to take to set up the phone you're using for your Two-Step Login account. The exact steps depend on whether you kept your phone number or if you have a new number on your new smartphone.

Go to the Device Management Portal To add a new device to Two-Step Login, begin one of two ways. Either: Go to the Device Management portal using one of the following methods. Either:

Log Into the Device Management PortalTo add a device, you need to access the management portal. 

Use Append Mode Authentication Some campus IT services, such as Desktop Everywhere using the VMware Horizon View client, do not support a web interface to specify how to complete the second step of authentication.  If you enter just your NetID and password with these non-web apps, Two-Step…

Get a Passcode from a Hardware TokenAcquire and enroll a hardware token that will display a passcode with a simple button push.

During late Fall 2025 and early Spring 2026, Cornell will begin disabling the Duo Phone Call and Duo SMS Passcode methods. 

During Fall 2025 and Spring 2026, Cornell is retiring the Duo Phone Call and

To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See the How to Install Cisco VPN Software page for instructions.

To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See How to Install Cisco VPN Software for instructions.

To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See the How to Install Cisco VPN Software page for instructions.

Does the Cornell Identity Provider provide a logout service?No. Our credentials remain valid until you close your browser. We recommend that you give the user instructions to quit the browser if they want to log out. If your application has a logout item in its menus, you might consider linking…

EntityID for the Cornell Identity ProviderProduction IDP: https://shibidp.cit.cornell.edu/idp/shibbolethTest IDP: https://shibidp-test.cit.cornell.edu/idp/shibbolethURL for Cornell IDP metadataProduction IDP: https://shibidp.cit.cornell.edu/idp/shibbolethTest IDP: https://shibidp-test.cit.cornell.…

Slowness, Zoom issues, and other problems on MacOS (April 2026)A recent update to the Cisco client has caused performance issues on some MacOS devices. If you use VPN from an un-managed device (a computer not administrated by Cornell), CIT recommends deleting the Cisco Secure Client Socket Filters…