VPN Access via Two-Factor Authentication

Please use the following steps to authenticate a VPN session using Two-Factor Authentication (2FA).

General Installation Instructions (non-Broad hardware)

All Broad laptops have Cisco AnyConnect VPN client installed. For non-Broad machines, Installation of AnyConnect VPN on Windows and Mac OS X operating systems is pretty straightforward.

• Simply point your browser to http://vpn.broadinstitute.org and follow the prompts.

Note: Before you begin, you need to be enrolled in Broad's DUO 2FA program. Enroll now.

Mobile Phone/Tablet

1. Launch the Cisco AnyConnect Secure Mobility Client. Connect to vpn.broadinstitute.org.
2. Use the VPN Group field drop down entitled Duo-Broad-NonSplit-VPN or Duo-Split-Tunnel-VPN, as appropriate for your needs.
3. Enter your Broad Username and Password.
4. For the Second Password field, there are 4 options here.
   You can look up this password in Duo app, you can tell the VPN client to have Duo prompt you for approval, the password can be texted to your mobile phone, or you can use your landline phone for approval.
   1. Generate a six digit passcode from the Duo mobile app.
      1. Launch the Duo mobile app on an enrolled device.
      2. Next to Broad Institute entry, click the key icon.
         A six-digit randomly generated key should appear on your mobile device.
         
      3. Enter that six-digit key in the Second Password field.
         You will now be allowed to log into the VPN. Click the "Connect" button.
   2. Have Duo prompt you for approval:
      1. Type the word push and click OK.
         
      2. The enrolled device should receive a Login Request from Broad Institute VPN. Click Approve.
         
         
         
         Once the approval routes through the systems, the VPN client should show it is connected.
   3. Mobile non-smartphone phone
      1. Type the word sms and click OK (non-smartphone mobile phones only)
      2. The enrolled phone will receive an SMS text containing a 6-digit passcode
      3. The VPN prompt should change, what was Second Password field should now change to Duo Passcode.
         enter the 6 digit passcode from the SMS in the Duo Passcode field.
         Click Connect.
   4. Landline (non-mobile) phone:
      1. Type the word phone and click Connect.
         The enrolled landline will receive an automated phone call to approve or deny your authentication attempt.