VPN Access Changes: Microsoft Authenticator Transition

Summary

This article outlines the upcoming changes to the VPN regarding the transition to Microsoft MFA for two-factor authentication at Purdue.

Body

Audience: Purdue faculty, staff, and students
Purpose: Help users understand VPN login changes and configure MFA correctly

What’s Changing?

Purdue is switching from Duo to Microsoft Authenticator for VPN access. This affects how you verify your identity when logging into VPN services.

Important: You Must Set Your Default MFA Method

You can no longer choose your MFA method during login. Instead, the system uses your default method from Microsoft Sign-In settings.

Am I Affected?

All VPNs except the 5 listed below are changing from Duo to Microsoft MFA for 2-factor authentication. If you use a Purdue VPN that's not on this list, you are affected by this change:

webvpn.pfw.edu/consultant
webvpn.pfw.edu/teleops
webvpn.pfw.edu/student
webvpn.pfw.edu/dwban
webvpn.pfw.edu/gopfw

How do I change my Default sign-in method?

1. Go to: https://mysignins.microsoft.com/security-info

2. Sign in with your Purdue career account.

3. Locate Sign-in method when most advisable is unavailable (look for small text next to the Change link).

 

4. Click Change and set the desired Microsoft MFA default method.

5. Save changes and test by signing into the VPN.

Need Additional Assistance?

If you’re unsure how to update your MFA settings or which method to choose, contact Purdue IT support at 765-494-4000 for assistance setting your default MFA method/other Microsoft MFA issues.

Recommended MFA Method

We strongly recommend setting your default method to:

Microsoft Authentication - Notification

This method works with all VPN systems, including those systems that don’t allow code entry.

Notice for Thinlinc/Radius Application Users

If you use the web application for ThinLinc, all sign-in methods will allow you to authenticate. If you use the native Thinlinc client or other Radius applications at Purdue, you will need to set the default sign-in method to App Based Authentication - Notification. The other sign-in options do not work for these applications at this time.

 

How do I log in to the VPN?

Please refer to this article for guidance on logging into Purdue's VPN with Microsoft MFA: Article - How to Log in to Purdue's V...

Supported MFA Methods

  • Text message
  • Phone call
  • Notification via Authenticator app
  • Code via Authenticator app
  • Code via Microsoft-compatible hardware token (Feitian)

Unsupported MFA Methods

  • Duo hardware tokens
  • Security keys
  • Bypass codes
  • Temporary Access Passes (TAPs)

Important: If you currently use a Duo hardware token, you’ll need to purchase a new Microsoft-compatible token. Please see this article regarding obtaining Microsoft-compatible token (Feitian) Article - How do I obtain a physical ....

Details

Details

Article ID: 1751
Created
Wed 9/24/25 5:02 PM
Modified
Mon 11/24/25 3:43 PM

Related Articles

Related Articles (4)

How do I obtain a physical token (FOB) for MFA?
If you do not own a smartphone, or plan to be in a part of the world where you will not have Internet access and are therefore unable to use Microsoft Authenticator, a physical token may be utilized.
How to set up Microsoft multi-factor authentication (MFA)
Guide to setting up Microsoft MFA to protect your Purdue email account.
Lost access to your Microsoft Authenticator? How to reconnect to Microsoft MFA.
If you have a new phone, or lost access to your Microsoft Authenticator App, you may still be able to access your Purdue email.
What is Multi-Factor Authentication (MFA)?
Microsoft Multi-Factor Authentication (MFa) is used to protect Purdue email and Microsoft accounts.

Related Services / Offerings

Related Services / Offerings (2)

Identity & Access Management
Identity and access management provides the consistent campus-wide means of managing and identifying everyone for granting access to University resources and ensuring individual privacy.
Identity & Access Management Request
Identity & Access Management Request