DUO - allow logon locally


#1

Hi,

We are using DUO Wondows logon 3.1.1 to enable MFA for our Jump servers. Is it necessary that, users who need to authenticate to those Jump servers should be under the GPO policy “Allow logon locally”.

we have around 500 users who need access to the servers (joined to organization’s domain), so should 500 users be added manually or domain GPO policy?

Anyway, we can bypass this without changing the domain GPO policies?

Regards,
Lavanya G


#2
  1. Yes, any user who will be logging into your jump server where Duo is installed needs the “Allow logon locally” right.

  2. If the domain policy overrides local policy then yes, you must edit the domain policy.

  3. The easiest way to grant this right to 500 users is to put them in a group and grant the right to the group in your GPO.