Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2163
Views
0
Helpful
1
Replies

Telephony Validation versus Authentication

Go to solution
mboyce1
Level 1
Level 1

‎12-20-2017 08:57 AM

Is it possible to disallow Phone Call for authentication while still allowing phone call for validation when using self-registration?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎12-22-2017 11:06 AM

If you disable “Phone Callback” as an authentication method then that also prevents it from being used in the self-enrollment portal.

Note that the phone number is only used for callback during enrollment if someone is trying to enroll a phone that was already assigned to a different user.

If someone is enrolling a brand new device and phone callback is disabled by policy, the user is able to enter the device’s phone number during enrollment and then continue on to install and activate Duo Mobile for push approvals. When they reach the end of the enrollment process phone call authentication wouldn’t be available, leaving the user to choose any other permitted method.

However, when phone callback is disabled by policy and a user tries to enroll a phone that already exists, that user is blocked from continuing past submitting the phone number. Instead of showing the screen where the user can select to call or text the number to verify ownership, we instead indicate that the number can’t be used for authentication.

Duo, not DUO.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎12-22-2017 11:06 AM

If you disable “Phone Callback” as an authentication method then that also prevents it from being used in the self-enrollment portal.

Note that the phone number is only used for callback during enrollment if someone is trying to enroll a phone that was already assigned to a different user.

If someone is enrolling a brand new device and phone callback is disabled by policy, the user is able to enter the device’s phone number during enrollment and then continue on to install and activate Duo Mobile for push approvals. When they reach the end of the enrollment process phone call authentication wouldn’t be available, leaving the user to choose any other permitted method.

However, when phone callback is disabled by policy and a user tries to enroll a phone that already exists, that user is blocked from continuing past submitting the phone number. Instead of showing the screen where the user can select to call or text the number to verify ownership, we instead indicate that the number can’t be used for authentication.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents