For security reasons, we want hardware tokens to be used to connect to AWS Workspaces instead of DUO mobile.
We currently have a RADIUS server in place and configured Amazon Workspaces MFA to use Duo. However, when logging into workspaces we cannot connect using Duo hardware token to authenticate the user but this works fine with Duo mobile
Hardware tokens either Duo Branded, or generic HOTP/TOTP should indeed work with the AWS Duo integration documented below:
First the tokens will need to be associated with users.
I would recommend ensuring the hardware token authentication method is also enabled in your policies to ensure the token method is actually allowed:
Duo Mobile generated passcodes and Duo Hardware Token passcodes are HOTP codes.
They do not require to be manually refreshed.
If they are manually refreshed too often they can become out of sync causing failed authentications and may need to be resynced.
If the issue persists, I recommend you reach out to Duo Support for assistance and be sure to follow through the steps and provide the Support Tool output as per the article below: https://help.duo.com/s/article/7680