Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1475
Views
2
Helpful
3
Replies

Reducing user friction

calspfin09278
Level 1
Level 1

‎07-20-2021 06:46 AM

Is there a way to reduce the number of times a Windows 10 user has to login for the various applications we have linked to Duo? Can it be more like the experience we have with Azure AD-based SSO?

Background: We are testing Duo against Azure AD integration as our SSO platform. The goal is to reduce the user friction by providing a seamless login experience on as many platforms as possible.

Our tests with Azure AD Hybrid mode have allowed the users to be automatically logged in based on their AD domain credentials, or by the fact the browser has already logged in to Office 365.

We are not having the same success on Duo. The employee is required to log in to Duo every time they open an application registered with the platform. The only way around that is using Duo Central, but that also requires the employee to log in every time they close the tab.

0 Helpful
3 Replies 3

Amy2
Level 5
Level 5

‎07-26-2021 07:17 AM

Hi @calspfin09278, thanks for sharing your question here in the Duo Community! I think your best bet for reducing the number of times authentication is requested would be to employ a Remembered Devices policy. You can read more about how Remembered Devices work in this help article.

This feature is similar to the “remember me” checkbox most users are familiar with when logging in to many websites. When the remembered devices feature is enabled, users are offered a “Don’t prompt me again on this device” checkbox during login. When users check this box, they will not be challenged for secondary authentication when they log in again from that device for a set period of time.

You, as the admin, can control the amount of time before authentication is required again, and also have the option to enable remembered devices Per each application or For all protected web applications.

calspfin09278
Level 1
Level 1

‎07-26-2021 08:26 AM

I will give this a try. Thank you for your insight.

crider
Level 1
Level 1

‎03-20-2023 07:55 AM

Hello calspfin09278, I know this is an old post but wondering if you achieved any success with this? I am facing the same issue with my end-users and it’s frustrating for them. I’m trying to determine if there’s any config changes that can be made to alleviate all the 2FA prompts or if we need to move to a different solution entirely.

It’s especially bad when a user changes their AD password, which then forces them to relogin and 2FA to every linked O365-based application (Office apps, Teams, OneDrive, Email, and more).

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents