Cisco AnyConnect what happens if you forget your phone


#1

OK, I have Duo working with Cisco AnyConnect client (not the SSL website). The question is, what happens if a user forgets their phone? I don’t understand how they would be able to authenticate with the Cisco AnyConnect client without the Duo Mobile app.


#2

A single Duo user can have multiple authentication devices. You’d want to make sure that your users have a backup device attached that they can use if they forget their (primary) phones.

These backup devices could be:

In the AnyConnect interface, you’d specify the alternate device by name or enter the passcode in the secondary auth prompt. So a user could enter a six digit code from a hardware token, or specifying calling their second phone with “phone2”, etc. Our AnyConnect user guide has more examples.

Thanks for trying Duo!


#3

OK but I’m using the AnyConnect Client and my logon screen look like this (see attached)

After I put my network password in I get a push authentication from Duo and I just hit approve on my cell.


#4

Which Cisco deployment instructions did you use?

It seems like you might have used these instructions? If so, you should be able to append your factor choice to your password as documented here.