cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
975
Views
0
Helpful
1
Replies

New user enrollment procedure

borsaid
Level 1
Level 1

We’re just getting our feet wet on the platform and one thing I’m confused about is how to handle the process of enrolling new users when the only thing we’re currently protecting is Windows Login (aka Microsoft RDP).

We have scripts so that when a user is added to Active Directory, they will get automatically synced to Duo as a bypass user. After 2 weeks, they are converted to a regular user. This is done because there is no self service enrollment with Microsoft RDP and if they weren’t set as a bypass, they wouldn’t be able to log in.

It appears when a user is set as bypass, they also are not able to enroll.

Are we missing something?

1 Reply 1

william.smith
Level 1
Level 1

A couple of options here that I’m aware of.

  1. Don’t bypass users, basically defeats the purpose of using DUO in the first place. Because you’re bypassing you’re never getting to the iFrame where you could allow a device enrollment. You can set it up in the policy to allow enrollment through the iFrame that appears. I’m sure it likely works the same way with the new DUO prompt (not sure if that is avail for RDP yet).

  2. Set up a device management portal. Have the user sign in with provided credentials and let them enroll their devices from there.

  3. Reach out before start date and activate devices via text. I have found this method to be the easiest and least hoops to have the end user step through. Just call them and explain that they need to use the DUO application for 2FA. They download it from the app/play store… then you send them the activation text and you’re good to go.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links