Frequently Asked Questions

1. Duo MFA: Users & Registration

Q. I’m currently using VIP Access. When will I switch to Duo?

Answer:

All current employees using VIP Access will be migrated in waves. Individuals in their respective waves will be sent an email with instructions for the migration to Duo.

It is important that this email is not forwarded to other individuals, as they may not be in the same wave.

Q. I am a new hire, how this does impact me?

Answer:

As of June 3rd, 2024, ALL KBR new hires (AERO & CORP) will be automatically registered to enroll in both Duo and Microsoft MFA during their first-time logon instructions. For both, KBR’s preferred method is to enroll the Duo Mobile and Microsoft Authenticator apps. Other methods for enrollment are available as well, for individuals who cannot install the apps due to technical requirements or for those who may sit in a secure area where mobile devices are not allowed.

Q. I clicked on the registration link while installing my Duo soft token app, but it tells me the QR code has expired.

Answer:

Enrollment links are only valid for 30 days from the date they are sent. It is important to enroll as soon as possible. Contact the KBR IT Global Service Desk for assistance with this issue.

Q. I can’t find Company Portal to install the DUO Software on my KBR computer.

Answer:

All KBR users with a KBR provided computer will be required to have Duo Software to ensure the safety of the asset. For existing users that are moving to Duo from their current authenticator (RSA/VIP) it may take up to 24 hours after you have enrolled in Duo, before the Duo Software is available for install within Company Portal. This does not impact new hires, as the software will already be installed on the asset at the time you start.

For example, if you enroll in Duo at 11am, the sync will run at 10:15pm Central Time every evening. It can take up to 24-hours from this sync time, before the Duo Software appears in your Company Portal. It will definitely not be available the same day you completed the enrollment.

If you want to try and speed it along the next day, launch Company Portal and in the lower left corner, click on Settings. In Settings at the top, select Sync, to manually check your computer in. Once the Sync finished, reboot your computer. Once logged back in, launch Company Portal to see if the Duo Software is available.

Q. How can I check to see if I am registered for Duo?

Answer:

You can log into the Duo Security site, used to manage your devices.

1. Navigate to the Duo Security site: https://kbr.login.duosecurity.com/devices

2. You will be prompted to sign in. Enter your KBR email address and select Next.

3. Enter your KBR Network password and select Sign in.

4. Add a check to Don't show this again and select Yes.

5. If you ARE registered, you will be asked to approve your login, via the method which you previously enrolled.

6. If you are NOT registered, you will receive a notification that you have not yet enrolled. If you have NOT registered, it is essential that you complete your Duo registration by October 4th, 2024, or registration will be enforced automatically, and you may lose access to your KBR resources until registration is completed. Check our Outlook for the latest email message sent from Duo Security, for your unique registration link. If you are unable to find this link, contact the KBR IT Global Service Desk for further assistance.

If you are able to locate the link, follow these instructions to complete registration.

2. Duo MFA: General Information

Q. Is the Hard Duo Token Key Fob Bluetooth or Wireless enabled?

Answer:

No. Here are the official specifications on the Hard Duo Token: They have zero wireless capability. The tokens are Feitian c100 units. Here's the FIPS 140-2 certification document. With the important part below:

Q. What if I lose or forget my phone or Hard Duo Token Key Fob?

Answer:

The KBR Service Desk can give you a short-term bypass code after verifying your identity and instruct you to how install Duo on a new phone or order a new Key Fob if necessary. They are available 24x7.

All Duo Tokens must be requested through DASH.

Additionally, enrolling multiple methods is encouraged so that if one device is unavailable, you have a backup. You can manage your methods on the Duo Self-Service Portal here.

Q. I have moved to Duo token, what should I do with my old RSA Token?

Answer:

We do not need the RSA Hard Token returned but hold on to your RSA for a period of two weeks after you activate Duo and then recycle the RSA hard token in an electronic recycling facility. If you’re using the Soft RSA Token app on your phone, you will need to uninstall it two weeks after your Duo Token is activated.

Q. What is the "Remember Me" function on the Duo Authentication screen?

Answer:

‘Remember Me’ serves as a remembered device option, similar to when you elect to “keep me logged in” on other common websites and applications. Once the ‘Remember Me’ box is checked, you will not be asked for Duo authentication when locking and unlocking your device for up to 12 hours, saving you time by lowering the number of times to complete the authentication process. The 12-hour timer will expire sooner, however, if your computer is rebooted, if you sign out, or if you change networks.

3. Duo MFA: Mobile Application

Q. I already use the Duo App for some other purposes outside of KBR, can I add KBR to that same App?

Answer:

Yes, you can. Just click the “+ADD” at the top right of the phone App and continue to register your new KBR Duo by scanning the QR code.

Q. Do I have to install all KBR Apps on my Mobile Device if I want to use the Duo Mobile App only? (i.e., Outlook, Teams, Costpoint?)

Answer:

No. You only have to install the Duo Mobile App, which is completely separate from KBR Mobile Apps, they are not required.

Q. What data does KBR collect if I install Duo Mobile or Microsoft Authenticator on my personal mobile device?

Answer:

None. The Duo App is not a KBR application.

Q. What if I use the Duo Mobile App but I am in an area with no cell phone service?

Answer:

The Duo Mobile App will still allow 2FA sign-in even without cell or Wi-Fi service on the phone.

Q. What if I use the Duo Mobile App but my computer has no Wi-Fi or Internet connection?

Answer:

When setting up your Soft Duo Token and signing into your KBR computer for the first time with Duo, you are instructed to setup an Offline Duo Code. Follow those instructions closely to add an Offline Duo Code to your mobile Duo App. That code will be used to manually enter 6-digits to your login-screen when your computer is offline, and allow sign-in.

Q. I am not receiving the Duo notifications for PUSH on my phone unless I open the Duo App. How can I resolve this where I don’t have to open the Duo app to see the PUSH notification?

Answer:

Set up Notifications on your mobile device to allow Duo notifications. Steps may differ on your particular device but generally:

  • Open your phone Settings
  • Search for Notifications and open
  • A list of your installed applications will appear, look for Duo Mobile and click to open
  • Turn the Notifications for Duo to “Allow” or “On”
  • Review the other options on the same screen and select by your own preferences (type of notifications, banner, sound, etc.)

4. Duo MFA: Offline Access

Q. How many devices can I enroll for offline use?

Answer:

Only 1 device is allowed for offline login capabilities. The Duo Mobile application is KBR's recommended method for offline enrollment. We also have FIDO keys available, if applicable.