Duo Authentication for Windows Logon on screen lock


#1

Hi folks,

We are currently using Duo Authentication for Windows Logon for RDP access to some machines and it’s working great! We are now considering enabling Duo 2FA for console logon too. It seems, however, that when console 2FA is enabled it also kicks in when unlocking your computer after the screen saver kicks (we require a password after screen lock). Is there a way to force 2FA on initial logon but not on screen lock?

Cheers,
Kevin


#2

Greetings Kevin!

It is not possible to exclude workstation unlock from Duo Authentication at this time. In fact, this behavior is by design. If you’d like to submit a feature request for the ability to bypass 2FA when unlocking a logged-in workstation I encourage you to contact your Customer Success Manager or Duo Support.

Thanks for using Duo!


#3

I am eager to this enabled as a feature. it is cumbersome to have to type in the password and MFA each time a workstation locks after 15 min


#4

We feel that requiring MFA at initial login and workstation unlock provides better system protection (since most Windows users tend to stay logged in while their system is unattended or sleeping). However, everyone’s environment and use case is different. I encourage you to contact your Customer Success Manager or Duo Support to submit a feature request for workstation unlock without 2FA.