This document explains how you can set up the University MFA (NetIQ) system to use your DUO app as the generator of secure codes. In this way, you will be able to use the same app for logging in to the institute and university services. This setup has to be done through the university account services and will enable so-called TOTP authentication. Follow the steps below to set up UL MFA for TOTP.
You need to login to the university account services at https://account.services.universiteitleiden.nl. Use your ULCN account credentials for this.
This is followed by any MFA authentication that you may have chosen in the past.
On the Account Services page you will find near the bottom left of the page a tile denoting Multi-Factor Authentication. Select this tile by clicking on it to go to the setup of MFA additional options. You do need to login again using your ULCN credentials…
After entering your ULCN credentials you again need to choose the MFA type to allow you to continue logging in. In this case not all options are visible as the test account has not enrolled NetIQ, so you only see the three remaining options, by email or by SMS should always be there.
In your case you may only see the Email and SMS options. To continue choose the email option and provide the 6 digit code mailed to you in the next login step.
After that you will end up on the NetIQ selection page. That page shows all the options you may choose for authentication. In this example you see that NetIQ is not previously selected. In your case the blue button may be a 'Modify' button, as is visible under the TOTP block on the right in this example.
In case you have the 'Install' button below the TOTP block, you may click that to set up a non-NetIQ authenticator app. You will be directed to a new page:
This is the first step/page of four to enable the TOTP function. In your case you might not see the 'Delete' button and can directly continue to 'Next'.
The bottom paragraph explains to you in detail the next steps. Follow those steps and you will end up with TOTP as a viable authentication method. If you are shown the QRCode, take your phone's app (DUO) and scan the code. Select Accounts in the DUO app, and hit the '+ Add' on the top right. On the top of the next page you see the 'Use QR code' option. Select that and scan the QR code.
Once all this is done you can use your prefered TOTP application (DUO) as the MFA step in any of the university web applications.
From now on you can use the same app for LION 2FA and University MFA.
DUO has some nice documentation on how to add a TOTP facility, what they call, a 'Third-party Account'. Read their documentation