User Guide For DUO Authentication v1.7

GUOTAI JUNAN INTERNATIONAL HOLDINGS IT DEPARTMENT
User Guide for

DUO authentication
and
remote desktop to own company PC
1
Document version
Version Amend Date Content amend Amend by
1.0 11/12/2017 Manual create Kevin Law
1.1 7/2/2018 Added guideline for Kevin Law
update Global Protect
1.2 8/3/2018 Authentication without Kevin Law
internet connection or
anywhere do not
support google’s service
1.3 8/5/2018 Global Protect interface Kevin Law
change
1.4 30/10/2019 Client device OS require Kevin Law
version
1.5 14/8/2020 DUO Timeout value Charlie Mak
1.6 18/11/2020 Client device OS require Kevin Law
version
1.7 11/1/2021 1) Client device OS Kevin Law
require version
2) Global Protect
Gateway
2
Content
1) Device requirement & install DUO on mobile P.4
2) Procedure for activating DUO authentication on mobile P.5
3) Procedure for installing Global Protect Portal on End user device
a) Download Global Protect Portal P. 11
b) Install Global Protect Portal on Windows OS P. 15
c) Install Global Protect Portal on MAC OS P. 18
4) Procedure for DUO authentication to access company network P. 22
5) Procedure for remote desktop (Windows OS end user) P. 26
6) Procedure for remote desktop (MAC OS end user) P. 28
7) Procedure for disconnect P. 30
8) Procedure for upgrade Global Protect P. 31
9) FAQ P. 33
3
For security issue, remoting device and mobile device must fulfil
below requirement:
1) End user device suggested OS: a) Windows 10
b) Mac OS X 10.15 or above
2) End use device installed below listed antivirus,

running as real-time-protection and most latest updated patch
3) Mobile device suggested OS: a) iOS13.5 or above
b) Android 9 or above
4) Mobile device must not be “jailbreak” or “rooted”
Install “DUO” App on your mobile below start

Search “Duo Mobile” and install.
IPhone (App Store): Android (Google Play):
For those Android user cannot reach “google play store”(mainland area), please download the
app from below link:
http://dl.duosecurity.com/DuoMobile.apk
4
5
Procedure for activating DUO authentication on mobile

1) Once you are enrolled for DUO authentication, an email will be delivered to your own email,
press the URL to the activating page
2) Press “Start Setup”
6
3) Choose “Mobile Phone” and press “Continue”
4) Enter your phone number its registries region, also tick the box “XXXX XXXX This is the correct
number” (example: Choose Hong Kong for “+852”; China for “+86” )
7
5) Choose your mobile OS ( Only support iOS/ Android) and press “continue”
6) Ensure you have installed “DUO” on your mobile. If not, please refer to page 3.
Once confirmed “DUO” installed, press “I have Duo Mobile installed”
8
7) A barcode will be shown
8) Open “DUO” app on your mobile and press the “+”
DUO app icon DUO app interface
9
9) Press the “+”, below screen will display on your phone, use it to scan the barcode
Mobile screen for scanning
Below screen will be seen if the activation barcode was successfully scan
Mobile screen End user Device screen
Press “continue” on the End user Device
10
10) Select “Automatically send this device a Duo Push” and press “Finish Enrollment”
11) Completed for activating DUO authentication on mobile
11
Procedure for installing Global Protect Portal on End user computer

1) Open a web browser on end user device and browse “https://ap02.gtjai.com”
Scenario 1)
IOS (Apple) user with internet connection or android user can reach “google play store”
Follow step 2 - 5 and 9 - 10
Scenario2)
Android user cannot reach “google play store” (e.g. in mainland China), all users (IOS/ Android)
without internet connection on mobile or cannot get cell service
Follow step 6 – 10
2) Prepare your mobile (For security concern, the verification message will only valid for 60
seconds) and login with your own account (Same login as company PC login). After login, you
will get an notification on your mobile (please ensure “push up notification” function has been
enabled for DUO)
12
3)
4) Press the notification message and you will be re-direct as below
13
5) Press “Approve”
14
6) Passcode - For all android user cannot reach “google play store” (e.g. in mainland China),
without internet connection on mobile or cannot get cell service, DUO push is not available for
authentication. Passcodes is the other authentication method for these case. On your mobile
“Duo” app, press the key from the “DUO” app as shown as below
7) A 6 digit passcode is generated, for below example “380237” is the generated passcode.
8) Loginthe webpage with your own account (Same login as company PC login).
For example: login name: samchan; password: ABCD1234
You have to input “samchan” on the name column. For the password column, please enter
,
“ABC123 380237” where the “,” is used to separate the password and the generated passcode
from the DUO app
15
9) Below webpage will be re-direct after your approval from mobile
10) Select your appropriatedsoftware to download (Windows 32 bits or Windows 64 bits or Mac
32/64 bits)
10a) Install the Global Protect Portal (Windows version)
Press Run
16
Press “Next”
Select the directory to install and press “Next”

17
Press “Next”
Press “Close” and completed the installation
18
10b)Install the Global Protect Portal (Mac OS version)
Run the “GolobalProtect.pkg”
Press “continue”
19
20
Press “install”
21
Enter your own device password
Press “Close” and completed the installation
22
Procedure for DUO authentication to access company network

1) Open “Global Protect Portal”
2) Type “ap02.gtjai.com” and press “connect”
23
3) Prepare your mobile (For security concern, the verification message will only valid for 60
seconds) and login with your own account (Same login as company PC login). You will get an
notification message on your mobile
*** Android user cannot reach “google play store” (e.g. in mainland China), all users (IOS/
Android) without internet connection on mobile or cannot get cell service, please use the
passcode method to login (refer to page 14)
Mobile pop up notification message
24
4) Press the notification message and you will be re-direct as below
5) Press “Approve”
25
6) You will see “Connected” once a successful login
Successful Login icon
26
Procedure for remote desktop (Windows OS end user)

1) Open “Remote Desktop Connection” (Under Windows Accessories directory ) and type your
company computer IP (192.168.X.X), then press “Connect”
2) Enter login name and password (Your company device login)

(Example: login name = samchan; type “JAHK\samchan” in the login name column)
27
3) Press “Yes” to continue
4) Remote login success and you will see your IP shown on the header.
28
Procedure for remote desktop (MAC OS end user)

1) Ensure “Microsoft Remote Desktop” already installed on the MAC device, open it from
“Launchpad”
Microsoft Remote Desktop icon
2) Press “New” to create a new connection
3) Input “Connection name”: (example: Work), “PC name”: your company PC IP&“User Name and
Password”: Same login as company PC login
29
4) Double click the created connection to start remote connect
5) Press “continue
6) Remote login success and you will see your connection name shown on the header.
30
Procedure for disconnect

1) Click the icon
2) Click the “disconnection”
3) Disconnected
31
Procedure for upgrade Global Protect

1) Once there is a new version released for Global Protect (GP), user will be noticed to upgrade
the GP program.
2) Press “Yes” and then the download process will be run as a background job. While the
download completed, the GP program will ask for permission to install. Press “Yes” to start the
installation
P.S. Once the installation start, the VPN connection will be lost and the user have to reconnect
after the installation
32
3) Open the GP program and verify the version of GP
I. Click the Top right hand corner button on the “GlobalProtect” and click “About”
II. You can check the current version of the GP and it should be the same as the new
installed one.
33
FAQ
 How to check your company computer IP?

Press the “Windows start”, then search “cmd”. A search result with “Command Prompt”
will be shown
34
Type “ipconfig” and you will get result as below.

Found out the “Ethernet adapter Ethernet” section, the IP was shown on the “IPv4
Address” row.
 Why I cannot connect my company PC even pass the DUO authentication?

Remote desktop must be allowed remote connection before establish connection.
You can check it from “Control Panel-> System and Security -> Allow remote access”
The option for “Allow remote connections to this computer” must be enabled.
If it was disabled, please call our IT hotline “8800” for assist.
35
 Why Global Protect prompt alerting and denied my connection?

As security concern, the connection will ONLY accept updated OS version device with antivirus
real time protection, also the virus definition is latest.
 Why I cannot login with my password?
As the login name and password for DUO authentication is the same as the login on your
company PC, account maybe locked due to same policy.
If the account locked, please call our IT hotline “8800” for assist.
 Why I get a “DUO login notification” while I have not request to do so?
If you suspected the notification due to suspicious request, please DENY the request and
contact our IT hotline “8800” to investigate.
 What should I do if I change my mobile phone or mobile number?
Please contact IT hotline “8800” to update such information, otherwise, the DUO
authentication will fail.
36

User Guide For DUO Authentication v1.7

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

User Guide For DUO Authentication v1.7

Uploaded by

Copyright:

Available Formats

GUOTAI JUNAN INTERNATIONAL HOLDINGS IT DEPARTMENT

User Guide for

b) Mac OS X 10.15 or above

2) End use device installed below listed antivirus,

3) Mobile device suggested OS: a) iOS13.5 or above

4) Mobile device must not be “jailbreak” or “rooted”

Install “DUO” App on your mobile below start

Procedure for activating DUO authentication on mobile

2) Press “Start Setup”

3) Choose “Mobile Phone” and press “Continue”

7) A barcode will be shown

8) Open “DUO” app on your mobile and press the “+”

DUO app icon DUO app interface

Mobile screen for scanning

Mobile screen End user Device screen

Press “continue” on the End user Device

11) Completed for activating DUO authentication on mobile

Procedure for installing Global Protect Portal on End user computer

Follow step 2 - 5 and 9 - 10

9) Below webpage will be re-direct after your approval from mobile

10a) Install the Global Protect Portal (Windows version)

Select the directory to install and press “Next”

Press “Close” and completed the installation

10b)Install the Global Protect Portal (Mac OS version)

Run the “GolobalProtect.pkg”

Enter your own device password

Press “Close” and completed the installation

Procedure for DUO authentication to access company network

2) Type “ap02.gtjai.com” and press “connect”

Mobile pop up notification message

4) Press the notification message and you will be re-direct as below

6) You will see “Connected” once a successful login

Successful Login icon

Procedure for remote desktop (Windows OS end user)

2) Enter login name and password (Your company device login)

3) Press “Yes” to continue

Procedure for remote desktop (MAC OS end user)

Microsoft Remote Desktop icon

2) Press “New” to create a new connection

4) Double click the created connection to start remote connect

Procedure for disconnect

2) Click the “disconnection”

Procedure for upgrade Global Protect

3) Open the GP program and verify the version of GP

 How to check your company computer IP?

Type “ipconfig” and you will get result as below.

 Why I cannot connect my company PC even pass the DUO authentication?

If it was disabled, please call our IT hotline “8800” for assist.

 Why Global Protect prompt alerting and denied my connection?

 Why I cannot login with my password?

 What should I do if I change my mobile phone or mobile number?

You might also like