Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1300
Views
0
Helpful
4
Replies

Duo Offline Access

fordh
Level 1
Level 1

‎01-30-2023 10:41 AM

Good afternoon,

We are in the process of trialing duo at our ogranization, and have roughly 100 users who work from the field and they often do not have internet access. These users will typically float between 5 and 10 laptops, depending on the user. I am looking at duo offline access, and If I am understanding it properly, each user would need to set up an offline account for each of these laptops in addition to their normal online account.

I just want to ensure that I am understanding the information as it is presented, or if there is some other way to give them access short of allowing them to fail through when they do not have a connection to the internet.

Thank you in advance for any insight you might share.

0 Helpful
4 Replies 4

DuoKristina
Cisco Employee
Cisco Employee

‎01-31-2023 12:35 PM

You are correct, in the multiple laptop scenario you describe each individual user would need to enroll in Duo offline access on each individual laptop they might use prior to taking the laptop offline (or, as you mentioned, permitting fail open for any user of the laptop).

Duo, not DUO.
0 Helpful

amiguel
Level 1
Level 1

‎02-06-2023 11:16 AM

I believe there were some DUO documentations that states permanent offline access is not recommended. I could not find that documentation any where somehow. Would you have a reference to that documentation?

0 Helpful

fordh
Level 1
Level 1
In response to amiguel

‎02-06-2023 11:31 AM

And that is fine. The locations without access to the interet arent the norm, but they are common. I am trying to think worst case scenarios as we trial this product.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to amiguel

‎02-06-2023 02:12 PM

Here are some blog posts that talk about our approach to “temporary” offline MFA for Windows:

Evidence that offline MFA not intended to be a permanent situation as evidenced by the Prevent offline login after setting for the RDP/Windows Logon Duo application. We do not permit that to be set to an infinite value, and instead enforce a max of 1000 logins or 365 days.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents