Information Technology Services IT Security Office

  Coming April 15, 2018 (All Employees):
  2FA for Patriot Web and Banner-related applications


Effective February 20, Information Technology Services (ITS) updated Mason's Central Authentication Service (CAS) and added Two-Factor Authentication (2FA) as a second layer of protection when accessing the websites/applications protected by CAS. At this time, those already enrolled in 2FA are required to use it.

Please note, in April 2018, Patriot Web and Banner-related applications will be moved to CAS and 2FA will be required for all Mason employees.

What is CAS?

CAS is a single sign-on service used by a variety of Mason websites/applications to authenticate individuals. Its purpose is to permit users to access multiple sites while providing their credentials (NetID and Patriot Pass Password) only once.

Who is Affected?

  • Currently Enrolled 2FA Users: Effective Feb. 20, you will be automatically prompted and required to use 2FA when accessing all CAS-enabled websites/applications.
  • Non-2FA Enrolled Users: Those not enrolled in 2FA will continue to log in to CAS-enabled websites/applications with their NetID and Patriot Pass Password (2FA optional). However, enrollment in 2FA is HIGHLY encouraged for additional security and will be required for all Mason employees in April 2018.

How do I Use 2FA for CAS?

If you are a current 2FA user, please visit Using 2FA with Web Applications for login instructions.

What is NOT Impacted?

Those not enrolled in 2FA will not be impacted. Additionally, this update will NOT impact the functionality of websites/applications that currently use CAS to authenticate users.

How do I get 2FA?

As more websites and resources at Mason become 2FA-enabled in the future, including Patriot Web and Banner-related applications in April 2018, employees are HIGHLY encouraged to enroll now.

Enroll here

Central Authentication Service (CAS) Login Page Changes

Additionally, on February 20, the login page for CAS was updated. Please note the new login screen looks similar to this:

New CAS login screen

'Remember me for 7 days' function

You have the option to use the "Remember Me for 7 days' function in Duo. It will allow you to log in to your account without a prompt for your second factor for up to 7 days. To use the function, mark the 'Remember me for 7 days' checkbox and successfully authenticate with your second factor.

Remember me screenshot

You will not be asked for a second factor for 7 days when you are on the computer using the browser you authenticated from.

Removing 'Remember me for 7 days'

If you want to cancel the 'Remember Me for 7 days' feature, clear the browser's cookies and cache and restart the browser.

Please contact the ITS Support Center with any questions.