Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
3
Replies

What does the "Authentication Method" column mean?

stephenkeating
Level 1
Level 1

‎11-10-2022 07:38 AM

I am looking at the Authentication Log for a user, with access granted results. There are two columns, “access device” and Authentication Method". The “Access Device” column shows “Location Unknown” with an IP of 0.0.0.0. The “Authentication Method” column shows DUO Push, plus a geographical location or location unknown. Is the location in the Authentication Method where the DUO Push is from or what?

Labels:
0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎11-10-2022 08:07 AM

The access device is the client system where the user is logging in to the application. The authentication method is how the user completed 2FA approval.

In your example, the access device was likely an end-user client system accessing an application that does not send an IP address to Duo, like someone logging into a Windows system at the console and Duo for Windows Login is installed, or a Cisco ASA VPN AnyConnect client where the ASA sends authentication requests to Duo’s service as an LDAP AAA server. The location is “unknown” because the IP address 0.0.0.0 does not map to any geographical location.

The authentication method used to complete 2FA for that login was a Duo Push request sent to and approved on an Android or iOS device with Duo Mobile installed. If the IP address of the device is a public IP associated with a geographical location it will show a location, and if the IP is a private network or no IP value was provided from that device the location is unknown.

Here is some information about the authentication log and other reports: Duo Admin Panel Overview | Duo Security

Duo, not DUO.
0 Helpful

stephenkeating
Level 1
Level 1

‎11-10-2022 08:29 AM

So if it says DUO Push
Washington DC, United States
That is the location of the device that is requesting the push from DUO?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to stephenkeating

‎11-10-2022 09:06 AM

No, it is the location of the iOS or Android phone that received the Duo Push request and approved it. The device that requested login approval using Duo Push is the access device.

To borrow an illustration from our Duo for Windows Logon doc:

2X_4_40a92af092401c9a9aa1314fc6021872933a21a4.png

  • “RDP Client” is the access device. (initiating the login request in step 1)
  • The phone with the approval check is the authentication method (user approving the Duo Push in step 4)…
Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents