Our organization is growing and it is more difficult to identify internal staff by voice. So when the I/T help desk gets a call from a fellow employee to unlock their user account (for Windows, as an example), we do not have an easy way to verify that the caller is who they say they are. What we would like to do is give every employee a Duo keyfob, and when someone calls us for an unlock, the I/T staff can push a random six digit code to that users keyfob. The caller would then read that number back to the I/T staff (who can obviously see and know the code) which would then verify that we are speaking with the correct person. This would then allow us to unlock that users account. Is this possible to accomplish, and if so, how?
Hi, we recently released a feature called Help Desk Push that can achieve what you’re after. Using this feature, your help desk staff can send Duo Push requests to users on-demand to verify their identity. Each push request also includes a confirmation code.
In order to use this feature, the end user must have Duo Mobile installed and activated on a device.
This should be an improvement over the basic security questions. It be be even more useful if we can utilize this via an API or an integration into the ticketing systems (ConnectWise Manage in our case).
Is there any capability to do this while using the Duo fob? Some staff at some businesses are not permitted to have their mobile phones at their work stations due to the nature of their jobs and therefore this would not be as effective as giving them a fob.
No, not at this time. I recommend you reach out to your Account Executive, CSM, or Duo Support to file a feature request about this.