What does the "Authentication Method" column mean?

I am looking at the Authentication Log for a user, with access granted results. There are two columns, “access device” and Authentication Method". The “Access Device” column shows “Location Unknown” with an IP of 0.0.0.0. The “Authentication Method” column shows DUO Push, plus a geographical location or location unknown. Is the location in the Authentication Method where the DUO Push is from or what?

The access device is the client system where the user is logging in to the application. The authentication method is how the user completed 2FA approval.

In your example, the access device was likely an end-user client system accessing an application that does not send an IP address to Duo, like someone logging into a Windows system at the console and Duo for Windows Login is installed, or a Cisco ASA VPN AnyConnect client where the ASA sends authentication requests to Duo’s service as an LDAP AAA server. The location is “unknown” because the IP address 0.0.0.0 does not map to any geographical location.

The authentication method used to complete 2FA for that login was a Duo Push request sent to and approved on an Android or iOS device with Duo Mobile installed. If the IP address of the device is a public IP associated with a geographical location it will show a location, and if the IP is a private network or no IP value was provided from that device the location is unknown.

Here is some information about the authentication log and other reports: Duo Admin Panel Overview | Duo Security

So if it says DUO Push
Washington DC, United States
That is the location of the device that is requesting the push from DUO?

No, it is the location of the iOS or Android phone that received the Duo Push request and approved it. The device that requested login approval using Duo Push is the access device.

To borrow an illustration from our Duo for Windows Logon doc:

  • “RDP Client” is the access device. (initiating the login request in step 1)
  • The phone with the approval check is the authentication method (user approving the Duo Push in step 4)…