Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2049
Views
0
Helpful
1
Replies

Enable offline authentication

Techie73
Level 1
Level 1

‎05-21-2019 03:47 PM

Hi,

I have enrolled several users but they are configured for failopen on the devices, so when offline they are able to bypass Duo.

If I now enable offline authentication and enrollment in the ‘windows RDP’ application, will this affect them in any way?

Once I have enabled offline access, can I just disable failopen for those users and they will be able to use Duo offline with the bypass codes?

Labels:
0 Helpful
1 Reply 1

mkorovesisduo
Level 4
Level 4

‎05-22-2019 06:47 AM

Hi Techie73, once you check the “Enable offline login and enrollment” box on your RDP/Windows Logon application’s properties page in the Duo Admin Panel and save your settings, all users will be prompted to complete offline enrollment the next time they see the Duo prompt for Windows Logon and their system has access to the internet. You can see the expected behavior in our instructional video here (video should start at 4:25):

Note that you can limit offline access to certain Duo groups by checking the “Limit access by groups” box and adding Duo user groups.

To answer your second question, yes, you can disable failopen for those users. They will not be using conventional “bypass codes,” however, they will be using Security Keys or Duo Mobile-generated passcodes.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents