Solution for an Emergency response Team

A customer of ours uses DUO as a tool for remote access. Me and a colleague are registered and can access the landscape personalized. We however look for an idea or solution to have some sort of centralized verification method for an Emergency response force.

We have personal that is ready to help customers 24/7 and this ever shifting personal would need access to those duo protected systems as well, should a problem arise.

Would it be possible to send the authentication request to an email address?

How are others solving this kind of issue?

Thank you very much for your help and suggestions!

Alessandro

Hi Alessandro,
Welcome to the Duo Community, and thanks for sharing your question here! As you can imagine, this is a question that comes up occasionally from other customers as well, so you’re not alone here. I’m sure other admins would have good advice and pointers for you, and for now, I can share my perspective on this.

No, Duo does not support email as an authentication method, and here’s why: Email is not a secure OTP delivery since it is not tied to specific device and has weak security controls protecting that OTP access. It also does not offer reliable delivery for OTP. You can read more about this in the help article on whether Duo uses email as an authentication method.

You can accomplish this in other ways though. Please note that Duo recommends against both having a shared set of credentials for multiple users or having a single authentication device assigned to multiple users, as each of these can weaken your security posture.
Do your rotating personnel share credentials, or do they each have their own login name and password?

  • In cases of shared credentials, you can add multiple devices to a single Duo user (see our help article for one-to-many object ratios in Duo for details on the limits there), so everyone in your rotating personnel could authenticate using their own phone or security token.
  • In cases where everyone has their own unique credentials, but you’d like them to use the same authentication device, you can add the same device to multiple users. Take a look at this help article for more info on that.