Migrating from VIP Access to Duo
Duo’s MFA product combines multiple factors of authentication to provide robust security that is flexible for you, but rigid against threats.
All KBR employees with a KBR User ID are required to enroll in Duo.
KBR strongly recommends the “Software Token” Duo Mobile app for all employees. This is a software application that can be installed on a personal mobile device. Additionally, using the Duo Mobile app allows you to set up an offline token in the event you find yourself unable to connect to the network or the internet, but still need to access your computer. You do not have to request access to the Duo Mobile app. Additionally, Duo Mobile makes authenticating fast and friendly by using a "Push" functionality.
Installing the Duo Mobile app does not give KBR access to your personal mobile device. Duo Mobile is not a KBR application.
If installing the mobile app is not for you, don't worry, we have other options! Check them out below!
Employees with a KBR Provided Computer:
1. Click on the link within the Duo Security email to complete the Duo enrollment process.
2. Once successfully enrolled, navigate to Company Portal on your KBR provided computer to install the Duo application. NOTE: If you do not see the Duo application in your Company Portal for installation, please contact the KBR IT Global Service Desk.
3. Enroll and Enable Duo Offline capabilities. (Only available when using the recommended Duo Mobile Soft Token or FIDO Security Key methods)
4. Use newly enrolled Duo authentication to log into your KBR provided computer and access any KBR cloud resources, going forward.
Employees with a NON-KBR Provided Computer:
1. Click on the link within the Duo Security email to complete the Duo enrollment process.
2. Use newly enrolled Duo authentication to access KBR cloud resources going forward.
Option 1: [Recommended] Duo Mobile App “Software Token" (Supports Offline Login)
Duo Mobile is a mobile application that provides an additional layer of security for your online accounts. It is designed to enhance the security of your login process by adding two-factor authentication. Two-factor authentication requires you to provide two forms of identification to access your accounts, typically a password and a unique code generated by the Duo Mobile app. This helps protect your accounts from unauthorized access and ensures that only you can log in.
This is KBR's recommended method, however, if you don't have access to a mobile device, you can also enroll a phone number for SMS/Phone Call verification. See option 2 below.
To complete this method of Duo enrollment, you will need your personal mobile device (iOS or Android), a computer with access to the internet, your KBR provided email address and your network password.
Instructions:
1. Install the Duo Mobile app on your personal mobile device (iOS or Android) from your mobile device app store.
2. Retrieve the Duo Security email sent to your company provided email address and click the link to begin enrollment.
3. On your computer, you should be prompted to begin Duo Security enrollment. Select Next several times then select Duo Mobile (Recommended) when prompted for an option.
4. Enter your mobile phone number and select Add phone number, then verify it is correct.
5. Confirm ownership by selecting Send me a passcode.
6. Retrieve the 6-digit code from the method selected on the step prior (text or phone call)
7. Enter the 6-digit code retrieved from your mobile device in the step prior and select Verify.
8. Select Next since Duo Mobile should already be installed on your mobile device from an earlier step. Leave the QR Code up on your computer and once again retrieve your mobile device for the next few steps.
9. On your mobile device, launch the Duo Mobile app and select + Add, then select Use a QR code. Once the QR scanner appears on your mobile device, use it to scan the QR code left up on your computer.
10. You will be asked to “Name” the account to continue. This will default to KBR and can be left as that, if desired.
11. Duo Mobile will show successfully added/linked on both the mobile phone and computer. Select Continue, then Skip for now to skip adding an additional method.
12. A Duo “push” may be sent to your mobile device. Click Approve to complete enrollment.
Option 2: Phone Number (SMS Text or Phone Call)
If you don’t prefer to install the Duo Mobile app, you can set up the SMS Text or Phone Call option instead. You won’t have the convenience of the “push” option that the Duo Mobile app offers, but still can gain access to KBR systems, networks, or applications. This option will either call you or send you a text message with a code almost immediately, that you will be instructed to approve.
You will need to make sure you enroll a phone number that you have access to answer at the time of logging in. You can enroll multiple phone numbers that are attached to mobile devices, or to landlines.
To complete this method of Duo enrollment, you will need a phone number that can receive calls or SMS text messages, a computer with access to the internet, your KBR provided email address and your network password.
Instructions:
1. Retrieve the Duo Security email sent to your company provided email address and click the link to begin enrollment.
2. You should be prompted to begin Duo Security enrollment. Select Next several times then select Phone Number (Get a text message or phone call) when prompted for an option.
3. Enter the phone number and continue through the prompts to complete the enrollment.
Option 3: One-Time Passcode [OTP] “Hardware Token" (Physical Key Fob)
The OTP “Hardware Tokens" are physical key fobs devices that you can carry with you, to authenticate your identity online for secure login. The device will generate a unique 6-digit passcode on a 60 second rotation, that will allow you to gain access to KBR systems, networks, or applications.
OTP Hardware Tokens are typically used for individuals who cannot use the Duo Mobile app for technical reasons or are not allowed mobile devices in secure areas.
NOTE: OTP Hardware Tokens will not grant you access to your computer if it is not connected to the internet. The Duo Mobile app and our FIDO Security Key support offline use login at this time. If you don’t have access to the Duo Mobile app or a FIDO Security key and you are offline, you will have to connect to the internet to gain access to your computer.
OTP Hardware Tokens must be requested in DASH and are set up for you by an IT Admin at the time of request. Once the OTP Token has been enrolled on your behalf, it will be delivered to you. No registration on your part is necessary.
When prompted for Duo authentication, enter the 6-digit code that appears on the OTP Token screen at that time.
Option 4: Fast Identity Online [FIDO] Security Key (Supports Offline Login)
The FIDO Security Key is a small physical device that is inserted into the computer and authenticates by touch. The FIDO Security Key is designed to allow access to your computer while offline, as well as online. We offer a USB-A and a USB-C option, depending on your computer requirements.
FIDO Security Keys are typically used for individuals who cannot use Duo Mobile app for technical reasons or are not allowed mobile devices in secure areas and often work offline (no network or internet connection).
FIDO Security Keys must be requested in DASH and are set up for you by an IT Admin at the time of request. Once the FIDO Key has been enrolled on your behalf, it will be delivered to you. No registration on your part is necessary, except for when enrolling it for offline use.
When prompted for Duo authentication, insert the FIDO key into the appropriate USB-A or USB-C slot, select the option for Enter a Password, then press the Touch Point on your key.