This article shares information about each of the connection methods available to you when using the UA VPN.
A VPN, or Virtual Private Network, provides a secure way for your off-campus device to connect to the UA's network. This is an especially valuable tool when you are on an unsecured wireless network (for example, coffee shops, and airports).
UA VPN requires you to log in with Two-Factor Authentication (2FA). To set up 2FA, visit Two-Factor Authentication (Duo).
______________
Department VPN
The 2FA sign-in process for departmental VPNs is different than the standard VPN that is covered in this article. Please refer to VPN - Connect Using Department Profile for relevant instructions.
About VPN
A VPN, or Virtual Private Network, provides a secure way for your off-campus device to connect to the UA's network. This is an especially valuable tool when you are on an unsecured wireless network (for example, coffee shops, and airports).
UA VPN requires you to log in with Two-Factor Authentication (2FA). To set up 2FA, visit Two-Factor Authentication (Duo).
Note: The 2FA sign-in process for departmental VPNs is different than the standard VPN that is covered in this article. Please refer to VPN - Connect Using Department Profile for relevant instructions.
Using Push (Duo)
This method sends a push notification to your phone to verify the login.
- Open the Cisco Secure Client.
- If the field next to the connect button is blank, enter vpn.arizona.edu.
- Select Connect.
- Once you have selected the Connect button, a WebAuth login window will open up:
- Enter your NetID
- Enter your Password
- Once you select Login, the Duo Universal Prompt will use your default 2FA log in option. The default option is the option that you last used with 2FA. Most users choose the Push option so this will be the most common default option.
- Approving the request on your phone is all it takes to utilize the Push feature when signing in.
- If you wish to use a different 2FA log in, select Other options.
- Select Accept on the Cisco Secure Client.
- You are now connected to the VPN.
Passcode (Duo)
Text Messaging (SMS)
This method lets you use one of the passcodes you receive via text messages on your phone.
-
- Open the Cisco Secure Client.
- If the field next to the connect button is blank, enter vpn.arizona.edu.
- Select Connect.
- Once you have selected the Connect button, a WebAuth login window will open up:
- Enter your NetID
- Enter your Password
- Upon selecting Login, the Duo Universal Prompt will use your default 2FA log in option. The default option is the option that you last used with 2FA. If you opted for SMS passcodes during your last sign-in, the system will remember this preference.
- In the Text Message Passcode field, enter the passcode you received via text message.
- Select Send a new passcode if you do not receive a text message.

- Select OK and the VPN will try to connect.
- Select Accept on the Cisco Secure Client.
- You are now connected to the VPN.
Yubikey (Hardware Token)
This procedure allows you to utilize your Yubikey (Hardware Token) for the sign-in process.
- Open Cisco AnyConnect Secure Mobility Client.
- If the field next to the Connect button is blank, enter vpn.arizona.edu. You only have to do this the first time you connect to the VPN.
- Select Connect.
- Enter your NetID and Password in the WebAuth login window and select LOGIN.
- The Duo Universal Prompt will use your default 2FA login option. The default option is the one you last used with 2FA. To use a different method, click the Other Options button and select the correct method from the list. In this case, the YubiKey passcode.
- Your computer screen directs you to enter a passcode.
- Plug your Yubikey into one of your USB ports.
- Press the touch-sensitive circle on the Yubikey to generate a code that appears in the Passcode field on the 2FA webpage.
- Select Accept once the screen refreshes.
Note: Some Yubikey models may have a button instead of the touch sensitive circle.
Feitian (Hardware Token)
Bypass Codes (Generated from 2FA Portal)
With this method, you can sign in with a Bypass code generated online from your 2FA account.
Bypass codes are generated in batches of 10 on the 2FA Portal page, and each can only be used once, but they can be used in any order.
- Open Cisco AnyConnect Secure Mobility Client.
- If the field next to the Connect button is blank, enter vpn.arizona.edu. You only have to do this the first time you connect to the VPN.
- Select Connect.
- Enter your NetID and Password in the WebAuth login window and select LOGIN.
- The Duo Universal Prompt will use your default 2FA login option. The default option is the one you last used with 2FA. To use a different method, click the Other Options button and select the correct method from the list. In this case, Bypass Code.
- Your computer screen directs you to enter a Bypass code.
- Enter one of your unused Bypass Codes and select Verify. The VPN window closes once the connection is established.
Using the "noSSO" Profile
For certain use cases that do not support SSO, please use the vpn.arizona.edu/nosso profile. When signing in, ensure that "nosso" is typed in lowercase to avoid receiving errors.
Examples of such use cases include:
- CLI/headless connections
- Start Before Logon (SBL)
- Unsupported embedded browsers
- Use of VPN on a PAW
These use cases are the same as the login process for departmental VPNs where the legacy web auth/Duo is retained. For example, this will require you to designate the 2FA Method during log in.