Skip to main content

System Status: 

  1. Home
  2. Technology
  3. Security
  4. Services
  5. Two-Step Login
  6. Two-Step Login: VPN

Two-Step Login: VPN

Last Updated: February 12, 2026 10:51:06 AM PST
Give feedback

Learn how to use two-step login with campus VPN connections.

Two-Step VPN Groups

New Secure Connect VPN Connections

New VPN group connections are being rolled out through the Secure Connect program. Read about the timeline.

Faculty, staff, and students who are required to use two-step login to connect must use a group labled "2-Step Secured." Otherwise, an error message will appear and the connection won't go through. Those who aren't required to use two-step login can use any group; however, "2-Step Secured" groups require use of two-step login.

Groups

2-Step Secured - Allthruucsd
2-Step Secured - split
SBL
SBL-dev
nac-test
secure-connect-allthru (New for campus-managed computers only)
secure-connect-split (New for campus-managed computers only)

New VPN Groups

As part of UC San Diego’s Secure Connect initiative, we are rolling out new VPN connection groups that require a device to meet defined security standards before a VPN tunnel is established, such as:

  • Intune‑managed compliance
  • Qualys vulnerability management 
  • Trellix endpoint detection

These “secure‑connect” options will gradually replace the current “2‑Step Secured” groups, helping prevent malicious traffic from reaching trusted resources while keeping the VPN experience simple and familiar.

Important Note: These new Secure Connect VPN options are for campus-managed work computers (computers set up and maintained by your department's IT team). If you use VPN from a personal device, continue using the existing "2-Step Secured" options until further notice.

Instructions

Once your unit's enablement date arrives:

  1. Open your VPN client (vpn.ucsd.edu)
  2. Select one of the “secure-connect” VPN connection options instead of “2-Step Secured”:
    1. secure-connect-split
    2. secure-connect-allthru
UC San Diego campus VPN tunnel options

Two-Step Login Options and VPN

Main/Default Device

Duo automatically engages your main device to complete the two-step login process. 

If you don't want to use the default device, consider the options below for entering a passcode or specifying an alternate device.

Note: Have your default device ready when you sign in to VPN. If you wait too long to confirm, the VPN will time out and your log in will fail.

 

vpn prompt screen shot

Passcode

To use a passcode, follow this process:

  1. Select a two-step group as described above
  2. Enter username and password as usual.
  3. Don't click OK just yet!
  4. Get your passcode:
    1. Open your DUO approval application on your phone or tablet.
    2. Click the link "Show" at the bottom. The Passcode will appear.
    3. The passcode changes frequently, so be sure to refresh your application screen each time you need a new passcode.

       screenshot of DUO application before showing code Screenshot of DUO app showing passcode

  5. Immediately after your password - no spaces - type a comma followed by the passcode. Here's how it would look, with standard credentials in black and added passcode in red:

    • Username: msalah
      Password: 11g0@lscorer,562737

      vpn split passcode screen shot
For more information, contact servicedesk@ucsd.edu or call (858) 246-4357.