spaces.at.internet2.edu has been upgraded to Confluence 6.12.2. If you have any questions and/or concerns, please contact us at collaboration-support@internet2.edu
Child pages
  • Duo Token Management and Statistics
Skip to end of metadata
Go to start of metadata

Please add a row for your institution and fill in your data as best you can.  If you are updating your data - please add a new row and fill in all the data again.

 Date

Institutional

Domain Name

User count

(approx)

F = Fac, E = Staff

S = Student, O = Other,

A = Alum, H = Healthcare

How long

deployed

Hardware

Token Count

issued/purchased

Hardware

Token Types

non-Yubikey

counts

issued /

purchased

Yubikey

counts

issued /

purchased

Support

hours

overall /

tokens

Self-Service

for Token enroll

or mgmt

Yes / No / Comment

General comments
120171109example.edu50,000 F, E, O1.5 years200 / 1000yubikey/D100/C100/etc100 / 500100 / 50024x7 / m-f 9-5Yes - enroll only, no deleteWe worried a great deal about tokens and they ended up not being an issue. OR - we don't support hardware tokens at all !!!!
220171109harvard.edu120,000
F, E, S, A, O
2.3 years2200/3060yubikey
handful of D100
2/102200/3060m-sat
8-6
No

Initial demand high with service rollout but considerably lower now in steady state. Common use will international travelers unwilling or able to bring cell phone. The logistics of distribution and tracking is painful paired with the pre-config of the secrets. Would be nice if U2F had better adoption and use in non-web apps like VPN clients -T. Gleason

320171109northwestern.edu50,000 F,E,S,O4 years15 / 50D100500 / 0 NoThere was plenty of discussion around tokens, but, other than a few cases, there is really no demand in the community. (from Safian, gettes entered)
420171109umbc.edu500 F,E3 years10/20D10010/200/08-6 m-fNoWe just obtained our site license for faculty and staff - thus the low enrollment. We will be doing our best to discourage token use. With that said, our IT department will most likely pick up the cost of any token purchases.
520171109smu.edu3,200 F,E2 years2/50YubiKey 40/02/50 NoWe've seen almost no interest in tokens after rollout to 100% of employees. Changes may come when we begin requiring Duo logon for students. We will soon begin an effort to increase the percentage of Duo Push authentications which is currently at 64%. Voice at 29%.
620171110uncg.edu540/20,000 F, E, S2 years72/250D-100, handful of yubikey68/2464/424x7 / m-f 9-5No for OTP, Yes for U2FOur 2FA program is largely opt-in (so far). Initially there was a ton of demand for tokens as the University elected to not provide devices recommending the Duo Mobile's Push as the preferred mechanism and employees (thought they) wanted separation between work/personal life (we does not own/issue mobile phones). After answering by creating a token program with our ID center avail for purchase, there have been very few takers. The D-100 token was picked for ease of secrets handling and security's desire for a fully out of band token with no dependency on an internet connected device.
720171110unc.edu19,850 F,E,S,O3 years147/170Yubikey (series 2, 4 and USB-C); Duo D1006/20141/15024x7x365No for OTP, Yes for U2FAlmost all of the keys that have been issued have been to our own IT staff. We have limited use of the keys outside of IT. We are currently reviewing our strategy for expanding or not to a larger population .
820171110vt.edu98,1142 years

2830/5528

798/798 U2F

YubiKey, Duo D-100

726/1788

798 U2F

2104/374024x7x365yes for U2F and any OATH-compatible tokenMore use initially.
920171113baylor.edu31,096 F, E, S (includes admitted students once they have been accepted)1.5 years27/60 (started letting the University bookstore purchase & sell them)Duo D-1003 U2F (2 are from the same user)/0 (University does not purchase these)08a-5p M-FNo, users have to call the Help Desk (working on self enrollment)After loaning tokens out to faculty & staff on a permanent basis & student on a temporary basis when their phones were lost, broken, or stolen...but not getting them back, we decided to let the Baylor Bookstore sell Duo Tokens. We provided the Help Desk & Duo Admins with tokens & the Help Desk has a 2 extras that can be assigned to a faculty members account in an emergency to allow access once their identity is verified. We made this change when we moved 50+ services behind Duo in October 2017.
1020171113pitt.edu

F = 6,153

E = 7,289

S = 34,580

A =

F & E = 2017-03-05

S = 2017-05-14

1714/2080Duo D-1001714/20800/024x7x365NoTokens issued to anyone who requests.
1120171113temple.eduF = ~4,800

1 year2/15Duo D-1000/00/124x7x365*NoWe developed our own identity proofing and provisioning module and integrated with this with Ellucian's Banner Luminis/SSB Portal so clients can manage their own phones. Where possible, our goal is to avoid having users request a hardware token.
1220171113bekeley.edu1846 F, E6 months

4/20 Duo D-100

28 Yubikeys

Yubikeys, Duo D-1004/20 Duo D-10028

Mon-Fri

8-5

Only for U2F 
13

20171113

hawaii.edu

61,550 FS

1.0 years

30/50

yubikey/D100

2/10

28/40

sun-sat, 7am-11pm

yes

Soft rollout throughout Fall 2017.  No U2F support yet, waiting for FF.  Hard token support planned; but at expense of the requester.

1420171122umn.edu

"active" users (have initialized their duo account):

17,000 F/E
1,300 S
275 O

About 4,500 of the above are also H as defined by our Google apps BAA.

nearly 4 years1500/2500Duo D-1001500/25000/0

General help: 24x7x265

Problems requiring escalation: M-F 8-4:30

Not for hardware tokens.

A major motivation for supporting hardware tokens was similarity to our previous multifactor solution (Safeword Silver tokens), and allowing the 6,000 or so staff who were required to use them to continue using something familiar. Many chose to embrace other methods, though, and we continue to push people to use Push as the easiest/cheapest/etc. method.

We do not generally allow students and other non-Enterprise Application users get tokens (there has not been much, if any, demand, and we don't advertise them to those groups).

In a few cases, we have "strongly encouraged" high-usage users of phone callback or SMS methods to use tokens instead to save us money.

15           
16           
17           
18           
19           
20           
21           
22           
23           
24           
25           
26           
  • No labels