Windows Logon Timeout during Duo Authentication

#1

We are currently rolling out Duo for our Windows clients (using the Duo Authentication for Windows app) and we’re running into issues when users take too long to perform the 2nd authentication with Duo. Authentication flow goes something like this:

  1. User logs in to the client user their AD username/password.
  2. The Duo window pops up requesting an authentication method (Push, Call, or Code)
  3. User takes too long accepting the push or entering a code generated by the Duo Security app
  4. Upon successful authentication, the Duo window closes and Windows goes back to the login prompt after timing out.

It seems to me this is more of a Windows setting, so I’m wondering if anyone knows of a GPO where this timeout can be increased.

0 Likes

#2

Hey @Julian_Diaz There are two things at play here,

One is the time Duo allows for an authentication to timeout, which is limited to 60 seconds in Windows Logon.

The other is how long windows can allow the Logon Authentication UI to be open, which is configurable here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUIt

0 Likes