Mac OS lock screen doesn’t prompt for Duo MFA

When the user account is logged out it works fine.

Is there a way to set up it so it enforces 2FA authentication after the machine goes to sleep or locked?

Hi @jloesch ,

Currently, we do not support users being prompted for MFA on macOS after screen saver unlock (as opposed to startup or after fully logging out of a user session).

Please feel free to submit this as a feature request with your Duo Account Executive, Customer Success Manager (if applicable), or our Support Team.

Hope this helps!

Thank you for the confirmation

If you have plans to use Security keys like Yubikey for MacOS login, check out Yubikey’s implementation for MacOS login. Security key is required for the FDE login, user login and login from screen lock/screensaver. IMO Duo’s implementation is still immature.