FREE DEMO: DUO for RDWeb Authentication Methods cannot be restricted

I’m performing product evaluation for my customer, and we’re looking at DUO for RDWeb (Microsoft Remote Desktop WebAccess).

Currently I have a demo setup using the “Free Trial” on the main DUO.COM webpage, so I can evaluate the product as well as the online guides / support.

I have a test deployment of Microsoft RDS and Duo Authentication for Microsoft Remote Desktop Web (DUO for RDweb) is correctly linked to my demonstration account. I am unable to modify the DUO Prompt authentication options - even if I restrict the Global Policy options or define an Application Policy I still get only the SMS Passcode entry as the authentication method.

Is this a limitation of DUO for RDWeb, a restriction under the free demo, or is this provided under one of the other editions of DUO?


Hi @JKROBERTSON, welcome to Duo! You can restrict any authentication method for end-users of Duo using Policies as you’ve noted here. In the Policies section of the Duo Admin Panel, you can choose the authentication methods from the global, application, and group policy level. More information is available in our Authentication Methods documentation. This is true of Duo MFA, Access, and Beyond editions and should work even in the free trial I believe.

If you do not have Duo Mobile installed and activated for your test user account, you will not see Duo Push as an authentication option. Please try installing and activating Duo Mobile. Some other reasons you may not see all authentication options in the Duo Prompt are covered in the help article here. Hope that helps! Let me know if you have any other questions we can assist with.

I suspect this is the root cause of my issue, and I’ll check this out and report back.

1 Like

[Updated] Hi Amy / team, you were correct and the user was not correctly activated for the assigned mobile telephone number. we’d performed this activation under an Administrator account so had assumed that this would activate the Duo Mobile for all users marked as aliases but that clearly did not happen under the user account. I believe they’d also added the telephone number as a 2FA device, so that may have confused the overall issue. Once that was corrected, we had the Push notification active in our testing. I’ve made a note of this so we can correct this when we move forward with Cisco Duo.

Thanks for your prompt reply on the topic.

1 Like

Thanks for updating us! I’m glad to hear that worked for you.