The username you have entered is not enrolled with DUO Security

Hi

A while back i setup DUO and setup 2FA for my laptop, i dont remember how, but ever since then i get the message The username you have entered is not enrolled with DUO Security when i try to login to my laptop.

I had to change my account type to bypass in order for me to login to my laptop again. How do i fix the username issue, I login to my laptop using the work email(office 365) but it doesnt seem to recognize this as my username

**Note: This post has been edited by the admin to remove personal information that poses a privacy or security concern. Please take a look at our Community Guidelines for more info.

1 Like

Hi @LSA4,

Just a heads up, I edited your post to remove your email/username, because it’s a violation of our community guidelines to share personal information here (for your own safety and security, really). :slight_smile:

This help article on “Why am I unable to log in to Windows after installing Duo Authentication for Windows Logon?” is a good place to start for troubleshooting this. You’re seeing this error because the account you’re using to log in to Windows does not match a Duo user in the system.

Something to be aware of is that Duo administrator accounts are separate from Duo user accounts, so you might need to enroll as a user as well. Try the troubleshooting steps in that article above ^ and let me know how it goes!

2 Likes

Your username in Duo may be your “sAMAccountName” if you synced users up from AD. Try setting “mail” as an alias so that you can sign in either with username or email.

2 Likes

Hi, Super interesting bug here.

When you use AD SYNC to populate your users, it can silently add the domain to the username. However, this isn’t visually represented anywhere in the user panel. After, if you are to add a user that is not part of the domain, ie. SMITH (your personal laptop login) this user can also have a domain silently appended. And you will get the login error: " The username you have entered is not enrolled with Duo Security. Please contact your system administrator. " because your laptop is not part of the work domain.

To fix this, add the local hostname with the login user of your laptop.

Edit your user from the Duo Dashboard under users. Add a new alias with the local hostname of your laptop \ local user login.

Dashboard > Users > smirth
[+] Add a username alias: homepc\smith

This has worked on many occasions for me.

Hope it helps.
P@
MatrixIT - IT Matters. Secure IT.

@Patrickz

Duo does not import additional usernames from synced domains via AD sync other than what you configure in the UI. There is no silent adding of the domain name, which is why there is nothing reflecting this in the Admin Panel.

The Duo for Windows application on the PC is sending the NTLM domain name from the PC login to Duo, and if username normalization is not on for the application then Duo tries to match the full name sent from the Windows PC to a username in Duo. When username normalization is on for the Duo application, the service drops any prefix or suffix from the username sent by the client application and uses the resulting username value to match to a user in Duo.

Thanks for the suggestion of editing users to add the down level logon name that includes the local PC hostname as the NETBIOS domain name.

For domain-joined workstations where users log in with domain credentials, an even easier solution is to add a username alias to import in the synced attributes of your AD sync configuration with msDS-PrincipalName as the source attribute. This automatically pulls in the DOMAIN\samaccountname username from AD into Duo with no manual editing of users on the part of the admin.

1 Like