Solving the Identity Crisis with Username Aliases


Steve Won’s new blog post walks you through the problem we’re solving with Duo’s new Username Aliases feature. Yes, you can now have a total of up to five usernames per user object.

Read the blog post here:, and please share any comments or questions here in the community!


An additional guide to the new Username Aliases feature is available in our Knowledge Base here:


One more piece of content!

A guide to migrating your existing users to the Username Aliases feature is also available in the Duo Knowledge Base here:


So glad to see this feature finally arrive! Thanks.

What capabilities exist for using automation to interact with these alias fields, either via AD Sync or other import to populate short names, full SAM Account or other numeric identifier that exist either in our SSO or our Directory? This is a must-have to make this feature scalable. Thanks!



Hey Dan,
As described in our guide at, you can indeed configure your Active Directory Sync to important an additional maximum of four directory attributes as usernames for each Duo user each time it runs. I hope that answers your question and makes the feature even more useful for you! Please let me know if you need additional info about configuring the sync to support aliases or anything else!


This is definitely a great feature. Would it be possible to add to this logic to have the ability to specify for each username alias which Duo group it should be tied to? As its currently configured, one user account will have access to all the Duo groups that are defined. However, I want the option to say only allow access for this username alias to this specific Duo group and not the rest. Thanks!


Hey romiller, thanks for the suggestion. Right now, it is not possible to assign different group memberships to aliases for the same username.