Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2744
Views
0
Helpful
4
Replies

RSA tokens with Duo Auth for Windows Logon

Go to solution
jheath2
Level 1
Level 1

‎11-06-2019 02:37 PM

We are looking to implement using Duo Authentication for Windows Logon in order to force 2FA on Windows local console logins only. In my testing it is working fine for us using a mobile push or using YubiKeys. However, we are wanting to know if we can use RSA SecurID Hardware Tokens or similar products instead?

This will only be used for local console access using Duo Authentication for Windows Logon. Thank you for any response.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎11-07-2019 07:23 AM

You can use Yubikeys in OTP mode at Windows console logon for 2FA. We also support OTP hardware tokens from other vendors like Gemalto and Vasco (example. Duo also sells OTP hardware tokens for use with our service in packs of 10. You can order them from the Billing area of your Duo Admin Panel.

RSA tokens use proprietary algorithms, so they can’t be imported into Duo.

Token question aside, there is no way to require Duo Authentication for Windows Logon for only console logins. The available configurations are 2FA for RDP connections only, or 2FA for both RDP and local logins, set with the RdpOnly registry value set to 1 for RDP only and 0 for both.

Can Duo protect Remote Desktop Connection logons only?
Can Duo protect local console logins in Windows?

Duo, not DUO.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎11-07-2019 07:23 AM

You can use Yubikeys in OTP mode at Windows console logon for 2FA. We also support OTP hardware tokens from other vendors like Gemalto and Vasco (example. Duo also sells OTP hardware tokens for use with our service in packs of 10. You can order them from the Billing area of your Duo Admin Panel.

RSA tokens use proprietary algorithms, so they can’t be imported into Duo.

Token question aside, there is no way to require Duo Authentication for Windows Logon for only console logins. The available configurations are 2FA for RDP connections only, or 2FA for both RDP and local logins, set with the RdpOnly registry value set to 1 for RDP only and 0 for both.

Can Duo protect Remote Desktop Connection logons only?
Can Duo protect local console logins in Windows?

Duo, not DUO.
0 Helpful

Go to solution
jheath2
Level 1
Level 1
In response to DuoKristina

‎11-07-2019 08:47 AM

Thank you for the response. We may end up ordering the OTP tokens from Duo, but in the meantime do you know if this OTP hardware token will work for local console logins using Duo Authentication at Windows Logon? Symantec VIP Hardware Authenticator

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to jheath2

‎11-08-2019 12:46 PM

I think that token may be pre-configured for the Symantec VIP MFA service? I can’t say that I’m aware that any customer has imported it into Duo. It looks like it might be a TOTP (time-based) token. Duo’s service works best with HOTP (event-based) tokens.

In order to import a third-party OTP token into Duo, the vendor must be able to give you the token seeds for you to import into Duo (often this is a PKCS file).

Yubikeys are self-programmable so you don’t need the vendor to provide the seeds.

Duo, not DUO.
0 Helpful

Go to solution
jheath2
Level 1
Level 1
In response to DuoKristina

‎11-08-2019 01:00 PM

Excellent. Thank you for the information. We will test using tokens from Onespan (Vasco) and/or the ones directly from Duo. Appreciate it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents