How link a Duo account User to a Windows logon user


#1

Newbie alert. I started a small experiment which should lead to much use by our org of Duo. I’ve (1) created a Duo account for our organization with ties to the Duo app on my phone and (2) added an active User called “kumquat” w. my email address to that account. I want to use Duo to control TFA access for an existing local user “kumquat” on a brand new computer. Since the Duo Authentication for Windows Logon install on a new computer does not provide the mechanism, how do I provide the needed link between the “kumquat” user on this new computer and the “kumquat” User activated in my Duo account? I’m missing something in the documentation.


#2

I’m not sure I understand your statement “Since the Duo Authentication for Windows Logon install on a new computer does not provide the mechanism”. Are you referring to inline enrollment? No problem then if you’ve already created the “kumquat” user in Duo.

  1. Install Duo for Windows Logon on the computer.
  2. Log in as “kumquat”.
  3. The Duo application on the local computer checks the Duo service to see if the user “kumquat” exists.
  4. If “kumquat” exists and has a valid and permitted 2FA device attached (a smartphone with or without Duo Mobile, a landline, a hardware token, etc.), then the Duo application on the computer prompts “kumquat” to 2FA with one of those devices.

#3

Thx. Looks like the lack was in not understanding that the content of the (encrypted) text that one copies from the administrator’s Microsoft RDP application Details into the target Duo Win Logon installer is the link that I was looking for. That ties my Duo account and its Users to the specific computer. Tried and working now.