General request for Feature request upvotes

Good Afternoon! I’m an Owner use of a Duo implementation which has been active across multiple applications for several years. As an Identity and Access specialist, I rarely am heavily involved with Application setup, but my team does use the Admin console quite heavily and my Feature Requests that I’ve sent to Duo Support have the most impact on Admin console usability and functionality. Unfortunately, I may be the only such requester for these features and hope that other Duo customers will see value in my requests and submit their own Feature Requests to increase the priority of my own. My top requests:

  1. Currently the .csv export of users contains fields for several phones, but will not extract any Tokens (we use Yubikeys) attached to those users. We must also pull the Tokens listing and back-link to users. Please add Tokens to the Users extract.

  2. Our Administrator Actions report contains nearly one million entries and takes nearly 30 minutes to download as a .csv. The on-screen HTML version contains only Sort functions or per-Admin filters. If we wish to see who added a specific user a week ago, for example, we must either page through until we see the user, or extract the entire log to filter. Please allow retained archival of older Administrator Actions, filtering on multiple field in the HTML display, and the ability to extract details for a specific time period rather than All Actions since go-live.

  3. Our Help Desk Role did not have the ability to sync Single Users and we needed multiple reps to have that functionality, so all Service Desk Representatives now have the User Manager role. This has caused erroneous full-directory syncs, Manual addition of users, and changes to Directory attributes by Service Desk reps as their security is now much too broad. Per the feature request above, tracking down who did what is an onerous process. Please add the ability to sync Single Users as a standalone feature and enable that feature in the Help Desk role - it might be useful to have that as a toggled option so that other facilities can opt out if needed.

Thank you for any support you can provide as we strive to make Duo more manageable by our team of hard-working Identity and Access Management professionals!

Kimberly Sucy
Supv., Identity & Access Management
RRH Information Services & Technology
Tel: (585) 922.5697
Email: kimberly.sucy@rochesterregional.org

Hi Kimberly,

While I have verified that these specific requests have been filed in our internal platform, please share any future feature requests with your Account Executive, Customer Success Manager if applicable, or our Support Team.

I am currently investigating ways to collaborate with the community on beta product feedback and other programs in the future, but we are not planning on making this a feature request platform. Having said that, we certainly welcome your feedback, discussion, and questions regarding the product here.

Thanks - It was not my intent to make this a platform for feature requests, but as Duo Support said “This does not mean it is guaranteed to be implemented but if enough customers request the feature it will increase the chances” and some of these are things I’ve been requesting from Duo support for years, I really do need to be an advocate for ideas that I feel will lead to enhanced functionality for all. The current means of suggesting features does not let me know which ideas are being discussed or how much support they have, or give me a place to provide further supporting evidence. I truly do feel that the reporting capabilities in Duo are its sole drawback and a great area for improvement.

Hi Kim. We also put in for #3. However instead of waiting, we created an HTML page utilizing the Admin API to sync a single user. It took me maybe a couple of hours to complete and is a great option if you want to remove the User Manager access. We had a Help Desk person change our LDAP settings and that was the breaking point for us.

I’m willing to share what we did. It is nothing complex by any means. However note that we then had to put in an additional feature request for the Help Desk role to be able to have the “Resend enrollment email” link from inside a user. Currently administrators need to do that function if necessary.

-Seth

2 Likes

I logged in as an admin assigned the “User Manager” role and I cannot adjust or change any of the LDAP directory settings from within the Duo Admin portal. I can do this with an account assigned as “Owner” but not “User Manager”.

I agree with #3 though, that would be a great feature to add/remove to the Help Desk role, similar to the checkbox for allowing or not allowing the Help Desk role to assign bypass codes.

#1 and #2 can be done quite easily using the API: GET from the /admin/v2/logs/authentication… do you have any IT development personnel on staff that are familiar with utilizing API?

It has been a while since that happened, so that’s great to know a User Manager can no longer change any LDAP settings. Thank you Buster.

Sounds like the Admin API could really solve all the problems here, if it is something you’re willing to do.