Coming April 15, 2018 (All Employees):
2FA for Patriot Web and Banner-related applications
TWO-FACTOR AUTHENTICATION (2FA) for CAS
Effective February 20, Information Technology Services (ITS)
updated Mason's Central Authentication Service (CAS) and added Two-Factor
Authentication (2FA) as a second layer of protection when accessing the
websites/applications protected by CAS. At this time, those already enrolled in
2FA are required to use it.
Please note, in April 2018, Patriot Web and Banner-related
applications will be moved to CAS and 2FA will be required for all Mason
What is CAS?
CAS is a single sign-on service used by a variety of Mason websites/applications to authenticate individuals. Its purpose is to permit users to access multiple sites while providing their credentials (NetID and Patriot Pass Password) only once.
Who is Affected?
- Currently Enrolled 2FA Users: Effective Feb. 20, you will be automatically prompted and required to use 2FA when accessing all CAS-enabled websites/applications.
- Non-2FA Enrolled Users: Those not enrolled in 2FA will continue to log in to CAS-enabled websites/applications with their NetID and Patriot Pass Password (2FA optional). However, enrollment in 2FA is HIGHLY encouraged for additional security and will be required for all Mason employees in April 2018.
What is NOT Impacted?
Those not enrolled in 2FA will not be impacted. Additionally, this update will NOT impact the functionality of websites/applications that currently use CAS to authenticate users.
How do I get 2FA?
As more websites and resources at Mason become 2FA-enabled in the future, including Patriot Web and Banner-related applications in April 2018, employees are HIGHLY encouraged to enroll now.
Central Authentication Service (CAS) Login Page Changes
Additionally, on February 20, the login page for CAS was updated. Please note the new login screen looks similar to this:
'Remember me for 7 days' function
You have the option to use the "Remember Me for 7 days' function in Duo. It will allow you to log in to your account without a prompt for your second factor for up to 7 days. To use the function, mark the 'Remember me for 7 days' checkbox and successfully authenticate with your second factor.
You will not be asked for a second factor for 7 days when you are on the computer using the browser you authenticated from.
Removing 'Remember me for 7 days'
If you want to cancel the 'Remember Me for 7 days' feature, clear the browser's cookies and cache and restart the browser.