Entra ID Cloud-only Authentication Expected Experience


This description represents via words and pictures what an uw.edu Entra ID user can expect to experience at sign-in.

Step 1: The Microsoft sign-in page.

Screenshot of a Microsoft sign-in web page

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page. You should enter your user principal name (UPN), e.g. pottery@uw.edu.

Important: The "Can't access your account?" link in this Microsoft interface is non-functional for UW Microsoft accounts. Clicking it will result in a "Get back into your account" page which will not be constructive. To recover your account, use the UW NetID system.

Screenshot of a Microsoft sign-in web page with an email entered in the email field Note: you may be asked to choose a work/school account or personal account immediately after step 1. See /tools-services-support/it-systems-infrastructure/msinf/other-help/faq/aad-terms/#accountTypes for more info.

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your @uw.edu UPN and reacts by giving you the appropriate UW authentication experience. Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom. You enter your UW NetID password into the password field.

Screenshot of the UW-branded Microsoft sign-in page

Important: The "Forgot my password" link in this Microsoft interface will result in sending you to the UW NetID password help page.

Step 3: Duo 2FA challenge (may not be required)

Assuming you entered a valid password, if 2FA is required, you'll be asked to choose a 2FA method, then when you choose Duo, directed to a Duo 2FA page from duosecurity.com, then finally asked if this is your device. The sequence of expected screens is as follows:

Step 3a: Verify your identity screen. Note the UW logo. Your preferred 2FA method will be listed, with Duo as the expected method you should see listed, provided you are eligible for UW Duo and have registered a method via identity.uw.edu. Please select Duo.

Verify your identity screen in Entra sign in flow

Step 3b: Duo 3 digit code challenge. Note the UW logo. This screen will only show the last 4 digits of any phone number used as an authentication method. For privacy purposes, we've blurred these in the screenshot below. You will go to your registered Duo device, and enter the 3 digit code shown here into the Duo Mobile app's challenge.

Enter code in Duo Mobile screen in Entra sign in flow

Step 3c: Is this your device?  Note the UW logo. This screen asks whether this is a shared device or a device that only you use. Respond accordingly. If you answer yes, Duo will save a persistent cookie for this browser on this device to reduce the number of times you are required to satisfy Duo. This doesn't eliminate future Duo prompts entirely, but does reduce the number.

Is this your device? screen in Entra sign in flow

Depending on your web browser's configuration, somewhere in the above sequence you may also see a prompt asking "Do you trust uw.edu?". If so, click "Continue".

 Screenshot of the "Do you trust uw.edu" page

Step 4: Stay signed in (SSI)

After you've successfully passed the Duo 2FA challenge (or just the password challenge, if 2FA wasn't required), you should be redirected to the following page, with a question about whether you want to stay signed in. This controls whether the browser on this device retains a persistent session cookie to minimize future sign in prompts. This doesn't eliminate future sign ins entirely, but does reduce the number.

Screenshot of the "Stay signed in?" page

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom. You can select either option. If using a public or shared computer, such as a kiosk, you should choose No. After selection, you should be redirected to the application that started the Entra ID sign-in process.