I was wondering if it is possible to force users to complete offline enrollment when logging into a computer that has the “Duo Authentication for Windows Logon and RDP” client installed?
Hi @JuniorSA, great question! Thanks for sharing it here with the community. No, it is not possible to hide the “Enroll Later” option or otherwise force users to complete offline enrollment. Users always have the option to skip enrollment if they want.
Hi! So sorry for the delay in getting back to you. I was out sick for a while and am just now seeing your follow-up question. It is not currently possible to view offline enrollment events in the Duo Admin Panel. We do have a feature request for this functionality, which you can add your support to by working with the Duo Support team, or your Account Executive or Customer Success Manager if you are a Duo Care customer.
I would really like to be able to choose to OPT out of seeing the offline enrollement page in general! I don’t want to enroll or click enroll later. I’d rather on the previous screen where i was prompted for MFA to be able to select if i want to enroll offline or not. TecMFA does a great job of this when intergrating into OKTA. So i’m use to this feature and not being bothered. I’m trying to switch over I just hate losing features.
@bkerstiens that can be achieved at the local computer level by performing this regedit:
REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv” /v “OfflineAvailable” /t REG_DWORD /d 0 /f
But I agree, something in the installation GUI would be nice to disable this.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
