Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
1
Helpful
1
Replies

Would AD sync create new accounts for aliases?

Go to solution
hashbrownnnnnn
Level 1
Level 1

‎05-30-2023 12:55 PM

This is probably not best practice, but I have a few AD accounts that share a DUO account as aliases.

AD Account:
Username1
Username2

DUO account:
Username1 (Username2 is an alias)

Would performing directory sync create a new DUO account for Username2?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
raphka
Cisco Employee
Cisco Employee

‎06-04-2023 08:12 PM

Hi hashbrownnnnnn, Welcome to the Duo Community!

In short, no Username2 would not be synced to Duo at all.

In Duo all users and aliases must be unique, they cannot be shared between users so that we know which user object to contact for 2fa during an authentication.

If you have created a user in Duo as:
“DUO account:
Username1 (Username2 is an alias)”

When you run the sync for:
“AD Account:
Username1
Username2”

The Username2 user would be skipped by the sync entirely as the Username2 user cannot be created in Duo as this already exists as the alias of another user.
The AD sync would log this in the sync event details that can be found in the Administrator Actions log.
Please see the article below for further details on reviewing the Duo Administrator Actions Log:
https://help.duo.com/s/article/4180

View solution in original post

1 Reply 1

Go to solution
raphka
Cisco Employee
Cisco Employee

‎06-04-2023 08:12 PM

Hi hashbrownnnnnn, Welcome to the Duo Community!

In short, no Username2 would not be synced to Duo at all.

In Duo all users and aliases must be unique, they cannot be shared between users so that we know which user object to contact for 2fa during an authentication.

If you have created a user in Duo as:
“DUO account:
Username1 (Username2 is an alias)”

When you run the sync for:
“AD Account:
Username1
Username2”

The Username2 user would be skipped by the sync entirely as the Username2 user cannot be created in Duo as this already exists as the alias of another user.
The AD sync would log this in the sync event details that can be found in the Administrator Actions log.
Please see the article below for further details on reviewing the Duo Administrator Actions Log:
https://help.duo.com/s/article/4180

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents