Let’s say we have to use Radius or another option that does not permit inline device/user enrollment. Is there a way to indirectly enroll users that does not involve sending them to duo.com? Does the authproxy have a static web page that can be accessed on the LAN where this is done? Any other options?
No, there is no way to enroll users that doesn’t involve someone taking action at duo.com (no static page on the LAN).
There are a few options, described in our enrollment documentation:
- Directory Sync: import users from AD, LDAP, or Azure directories into Duo. The sync process can email an enrollment link to users, which they follow to a portal hosted by Duo to set up their first authentication device.
- Bulk Self-enrollment: The Duo admin pastes a CSV list of usernames and emails into the Duo Admin Panel. Emails get sent to the users with an enrollment link, which they follow to a portal hosted by Duo to set up their first authentication device.
- CSV Import: The Duo admin uploads a CSV file with user information, which can include phones. This does not send out enrollment emails like directory sync and bulk self-enrollment.
- The Duo admin manually adds users and phones to Duo from the Admin Panel.
- The admin uses our Admin API to programmatically cerate users.