Shared Account - to run application

adencool1 · ‎04-25-2019

We have a few windows servers, that run desktop legacy apps

these apps currently run on a limited account, and if any issues the oncall engineer can log in and restart etc…

does anyone have a work around with duo how we can setup this?

example:
user1 - duo user
user2 - duo user
appuser - this needs to shared to the other accounts, but run in this users profile

mkorovesisduo · ‎04-25-2019

Hi adencool, what are you trying to work around exactly?

Do you want all of those users to be prompted to complete Duo 2FA?

adencool1 · ‎04-26-2019

Hi mkorovesisduo

yes ideally. as i understood once installed all users will required to do duo 2fa? or is it the case if say “appuser” is not mapped to a duo user, then they will not get prompted for duo 2fa?

mkorovesisduo · ‎04-26-2019

Whether or not a user will be prompted for 2FA after you have protected an application with Duo depends on a variety of Duo policies and administrative controls.

For example, you can configure a Group Access Policy to control whether users within a specific Duo group are prompted for 2FA. Alternatively, you can set a Duo user’s status to Bypass, which would allow them to access any Duo-protected application without completing 2FA.

However, the default behavior for any Duo-protected application without modifying any policies or administrative settings is to prompt users for 2FA or prompt them to enroll. Note that if you are using our Duo Authentication for Windows Logon and RDP integration, users cannot be prompted to enroll via the Duo Windows prompt. You will have to add them to your Duo user database by other means.