cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2259
Views
0
Helpful
3
Replies

Whitelist Public IP to bypass Duo MFA Verification

BretA-EP
Level 1
Level 1

Can anyone tell me if it is possible to whitelist a couple of public IP addresses so that when a user at a site tries to log into our RDP system, it skips the Duo MFA process based on the public IP address he/she is coming in from?

Thank you for your assistance.

3 Replies 3

Amy2
Level 5
Level 5

Hi @BretA-EP, welcome to the Duo Community! I understand that you are currently using Duo for Windows Logon and RDP and you’d like to allow users accessing RDP from a few specific IP addresses to log on without being prompted for multi-factor authentication. This is possible using an Authorized Networks policy. You’ll want to set Authorized Networks to Allow access without 2FA from these networks and specify a block of IP addresses, IP ranges, or CIDRs as a comma-separated list.
Hope that helps!

P.S. Please note that this will only work for RDP sessions and not local console logins.

BretA-EP
Level 1
Level 1

Thanks Amy. I appreciate this information. I just want to make sure that I am clear on one thing with this process. If I add the authorized networks, then those users coming across the listed IPs will not get prompted for Duo authentication. However, if they are outside of those approved and listed IPs, then they would get prompted for Duo verification.

Am I correct?

Yes, that’s correct!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links