Duo auth api - new user activation code timeout

Hi,

When a new user is enrolled but they don’t respond before the activation code times out (i.e. enroll status returns invalid) as far as i can see the only course of action is to use the admin api to delete the user and enroll them again so that they get a new activation code.

Is this correct or is there another way to generate a new activation code for a user that is already enrolled (but not activated)?

Thanks a lot,

Andy

Hi Andy,

Just to clarify for the community, there is a difference between Duo enrollment and activation, which you can read more about in the knowledge base. Enrollment is the process of entering a user and authentication device in Duo, while activation is the process of syncing a smartphone or tablet with the Duo cloud service via the Duo Mobile app.

To help us better answer your question, could you please clarify if you are talking about enrollment links sent via email to enroll users in Duo, or activation links sent to a device for Duo Mobile?

Hi Amy,

Thanks for the info, I’m probably not 100% au fait with the right terminology yet. Hopefully this will better describe - the /enroll endpoint (Auth API | Duo Security) returns the following and the user has to scan the qr code before expiration is reached. but if expiration is reached there seems to be no api function to reset the expiration for the user - the only course of action seems to be to delete the user first and then call /enroll again - is that correct?

Thanks a lot,

Andy

“stat”: “OK”,
“response”: {
“activation_barcode”: “https://■■■■■■■■■■■■■■■■■■■■■■■■/frame/qr?value=8LIRa5danrICkhHtkLxi-cKLu2DWzDYCmBwBHY2YzW5ZYnYaRxA”,
“activation_code”: “duo://8LIRa5danrICkhHtkLxi-cKLu2DWzDYCmBwBHY2YzW5ZYnYaRxA”,
“expiration”: 1357020061,
“user_id”: “■■■■■■■■■■■■■■■■■■■■”,
“username”: “49c6c3097adb386048c84354d82ea63d”
}
})

Hi Andy,

Ok great, thank you for the additional context! You will need to use the Admin API to generate an activation URL. You can read more about this in our Admin API docs under Phones>Create Activation Code (I included a direct link for you as well). Duo generates a new activation_url each time /admin/v1/phones/[phone_id]/activation_url is called.

Hope that helps!