Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2767
Views
6
Helpful
6
Replies

Feature request: Bypass Mode

BusterDoney
Level 1
Level 1

‎02-20-2020 08:39 AM

Please, please could we get the option to deny the permission for admins with the “User Manager” role to set users to bypass mode? Or at least a radial button in the Duo Admin Portal under Settings to DISABLE the option of Bypass Mode altogether?

We have many systems administrators in our organization, each responsible for a branch of the organization. They need to be able to manage the users under their branch (hence the User Manager role). However, we have a strict enterprise policy of not allowing any user to be able to bypass Duo. They can get a temp bypass code no problem but we don’t want them to be able to bypass mfa.

For now our workaround is to use a Splunk integration which triggers a script to reset a user to Active based on a Duo bypass mode event. Sometimes this can take a few minutes to execute the workflow and reset the user back to ACTIVE and that window of time is too long for our desired security posture.

Thanks!

6 Replies 6

robertctate
Level 1
Level 1

‎04-26-2022 11:11 AM

I couldn’t agree more. Please make this a feature. I would like to have the option to not allow some of our admins, user administrators and help desk folks to NOT be able to put people into bypass. It’s their “easy fix” for situations which they don’t know how or don’t want to resolve. I would rather they dealt with the issue, create a bypass code, or issue a hardware token temporarily.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to robertctate

‎04-29-2022 10:00 AM

Thank you for sharing your thoughts. To file an official feature request, please reach out to the Duo support team or your account executive or customer success manager (if you have one).

Duo, not DUO.
0 Helpful

BusterDoney
Level 1
Level 1

‎04-29-2022 11:42 AM

Kristina,

I have raised this request with our customer success manager. I posted this 2 years ago in the hopes of gaining more eyes on the feature request from other customers as well. This is still a problem for us and Duo customers.

-Buster

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to BusterDoney

‎05-02-2022 11:06 AM

Raising awareness is a good idea, and if other customers see this and agree with the ask they should also contact Duo via the aforementioned channels to give support to the feature request.

Duo, not DUO.

BusterDoney
Level 1
Level 1
In response to DuoKristina

‎09-22-2022 03:07 PM

I do not see any mention in the release notes but is this a new feature available now in the Duo Admin portal? It appears that we can now enable/disable this ability for the User Manager role, this is a big deal for us!

2X_a_a338aaba10c5264d211bd00897c2d6c2d8d70465.png

DuoKristina
Cisco Employee
Cisco Employee
In response to BusterDoney

‎09-22-2022 03:25 PM

Yes, @buster. This option became available earlier this month and is documented here and was mentioned in the 9/2/22 release notes here.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents