cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2620
Views
0
Helpful
2
Replies

Can I integrate 2FA for active directory users on a local domain?

Socrates1
Level 1
Level 1

I have integrated Duo 2FA for Microsoft RDP, OpenVPN, and few other applications, have installed duo on a seperate VM in a Windows 2016 environment.
Everything is working fine… But
However I would like all the users logged into the local domain from their laptops be authenticated using 2FA.
1X_af741439f17e555a84551fab1097f08ba8689d26.png

While installing I have this option as seen above in the pic unchecked.
Yet when i log into my laptop with one of the users based of AD, i dont get authentication prompt and rather get logged in directly into my system.
Do i need to install the client on my local PC to make this work?

2 Replies 2

jamieis
Cisco Employee
Cisco Employee

Hi @Socrates,

Thanks for being a Duo customer!

The Duo Windows Logon needs to be installed on any computer that you’d like to receive 2FA when logging in locally to that computer.

For an easier rollout, we do support distributing the installation using Group Policy

Thanks,

Jamie

Socrates1
Level 1
Level 1

Jamie, this is fantastic. I am gonna try this out and update ya’ll.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links