Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
3
Helpful
3
Replies

Users that share devices | MFA solution

Go to solution
Gigawatt
Level 1
Level 1

‎06-08-2022 02:57 PM

Hello,

Just thought I would reach out to the community on this one. Couple of us are trying to come up with a MFA solution for a group of users that are going to be access a cloud based SaaS.

The users are preferred not to have any personal cell phones on them so we were thinking of just created AD account with or without email, haven’t decided yet.

1st option:
would be assign them hard tokens but if they don’t have email it could be problematic having them enroll in Duo.

2nd option would be that they could share a company phone interchanging it between shifts. I did test this on Duo with a test account and it is possible to have 2 accounts on 1 number.

Again, just though I would reach out to the community and see what they thought.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amy2
Level 5
Level 5

‎06-15-2022 11:12 AM

Hi @Gigawatt, great question! I was hoping another admin from the community would weigh in on this, but since you haven’t gotten a reply yet, I’ll share my thoughts. I think hardware tokens or Yubikeys would be the best option here.

I’m concerned if you have a shared company phone, the risk of it being lost or misplaced might be higher than if it were a personal device. What if someone forgets to hand it off during a shift change? If you go that route, I’d definitely recommend setting a screen lock policy that requires the device to have a PIN or password to protect the device.

There is also a limit of 100 users to a phone, so if you have more than 100 users, you will need more than one company device.

View solution in original post

3 Replies 3

Go to solution
Amy2
Level 5
Level 5

‎06-15-2022 11:12 AM

Hi @Gigawatt, great question! I was hoping another admin from the community would weigh in on this, but since you haven’t gotten a reply yet, I’ll share my thoughts. I think hardware tokens or Yubikeys would be the best option here.

I’m concerned if you have a shared company phone, the risk of it being lost or misplaced might be higher than if it were a personal device. What if someone forgets to hand it off during a shift change? If you go that route, I’d definitely recommend setting a screen lock policy that requires the device to have a PIN or password to protect the device.

There is also a limit of 100 users to a phone, so if you have more than 100 users, you will need more than one company device.

Go to solution
Gigawatt
Level 1
Level 1
In response to Amy2

‎06-20-2022 06:28 AM

Thanks for this reply @Amy , and I apologize for the late response just got back from a week of much needed vacation. I will pass this info to my counterpart and manager. The DUO community is great!

Go to solution
Amy2
Level 5
Level 5
In response to Gigawatt

‎06-21-2022 06:59 AM

Thanks! I hope you enjoyed your vacation, and I’m so glad to hear you got to take that needed time.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents