Letting users manage their devices

We are interested in using the option to let users manage their down devices. I see that this is disabled by default (at least in the applications we’re using), so I was wondering why some orgs may not want to have that option available?


Hi @mauricej341, this is a great question! I’d love to hear from some Duo admins to get their perspective on this, but I can speak generally to what we’ve heard from customers before. Some admins are hesitant to allow users to manage their own devices because they don’t have as much granular control as they’d like with the Duo Policy today. Also, there is concern that bad actors could potentially use the self-service portal in malicious ways. That would require your user’s primary credentials and second factor of authentication to become compromised, so it’s unlikely, but it could happen. We specifically call out in our documentation some preventative measures you can take to avoid telephony misuse via the self-service portal.

Still, allowing your end-users to manage their own devices is ideal in most scenarios because of the savings in both cost and time. I hope that helps!

Hi Amy,

Thank you very much for the advice!