Skip to end of metadata
Go to start of metadata




If you are not on a campus network (wired or wiresless), you will need to log-in using both the Virtual Private Network (VPN) and Multi-Factor Authentication (MFA) systems in order to access Tableau Server reports.

Table of Contents

Using MFA to log-in to the VPN

The Multi-Factor Authentication (MFA) system is a layer of security that is used in conjunction with other security systems.  Even if you log-in to a system that requires you to use MFA with the Central Authentication System (CAS), such as Gmail for example, you may still need to use MFA again with the VPN system, depending on which VPN Group you select.  Most staff and faculty were required to use MFA with the CAS system on or before March 5, 2018.


  • Step 1: Open the VPN program
  • Step 2: Select the correct VPN group and enter your credentials
  • Step 3: Approve the "push" via your phone, or manually enter your MFA code in the "Second Password" field

Step-by-step Instructions

If you have NEVER used MFA, please see the instructions to enroll here: Obtaining MFA for the first time.  Otherwise, please proceed to the instructions to connect below.

Step 1: Load the computer program called Cisco Anywhere Connect, and connect to the address 

Tip: Cisco Anywhere Connect is installed on most university machines, but you can also download it from Terpware (links)

Step 2: Select any "Group" choice from the drop down box and enter your information.

(Click to enlarge)

    • Your Username is your Directory ID (i.e. your email without the "" part)
    • Your Password is your normal UMD Password (i.e. the one you would use to sign into gmail or timesheets)
    • Type "push" in Second Password field

Step 3: You will receive a "push" notification on your phone asking you to confirm your log-in.

Image result for duo mobile

 Click here if you do not receive a push on your phone...

If you do not receive a push on your phone

Step 4: Open your Duo Mobile app and click the key icon next to the account you are using to generate a passcode

Step 5: You should already have Cisco Anywhere Connect open from Step 1 above, select any "Group" connection from the drop down box

Instead of entering the word "push" in the Second Password field, you will enter the code generated by your phone app

    • Your Username is your Directory ID (i.e. your email without the "" part)
    • Your Password is your normal UMD Password (i.e. the one you would use to sign into gmail or timesheets)
    • Your Second Password is the MFA code generated by your DuoMobile phone app or your token

You should now be logged in to the VPN/MFA system. You can now proceed to log-in normally to MFA-protected systems such as


What is MFA?

Multi-Factor Authentication (MFA) is a method to confirm that "you are who you say you are" when accessing a system, using something other than your password to authenticate you. Your password is generally the first factor, and this "other thing" becomes the second factor.  Using both makes it "multi-factor".  In addition to passwords, "factors" can include:

  • "something you know" (for example, your mother's maiden name), 
  • "something you have" (like your phone or a "token"), 
  • or "something you are" (i.e. biometrics, which the University does not currently use).  

MFA is used for the Central Authentication System (CAS) as well as certain Groups on the VPN system.   As a result, you may encounter the MFA prompt multiple times (for example, if you log-in to both Gmail and the VPN). 

What is VPN?

Virtual Private Networking (VPN) is a tool that encrypts data as they travel from a system to your computer, and back. Data are only sent to you after you have confirmed that "you are who you say you are."  This is why MFA is required first, in order to access the VPN system. As noted above, MFA is not only required for the VPN system.  Even if you have logged-in to the VPN, you may encounter the MFA prompt again when logging-in to Gmail and other campus systems.  Links to download the VPN client are located below.

How do I get the Cisco AnyConnect VPN tool?

VPN Tips

  • Once connected to the VPN, your connection should hold for at least 24 hours unless you turn off your computer or put it to sleep. 
  • To make access to Tableau and other systems more convenient, consider logging-in to the VPN as part of your morning routine when you log-in to your computer.

More Resources

 These links repeat some information that is summarized in the previous sections.