Examples given with Duo WinLogon offline access.
To deprovision:
- Enable offline auth on the RDP application in the Admin Panel and sign into a client with Duo for Windows Logon installed for an online auth; complete offline registration.
- Edit the properties of that RDP application in the Admin Panel to disable offline access.
- Perform another online login + Duo 2FA on the Windows client.
- It will deprovision offline access for the user and create an `o2fa_user_deprovisioned` event.
To reenroll:
- Enable offline auth on the RDP application in the Admin Panel and sign into a client with Duo for Windows Logon installed for an online auth; complete offline registration.
- Perform a second online authentication at the Windows client, but instead of completing 2FA click the Replace/Reconnect an offline device link on the right side of the Duo 2FA prompt, and go through offline registration again.
- It will create an `o2fa_user_reenrolled` event.
Examples:
"response": [
{
"action": "o2fa_user_provisioned",
"description": "{\"user_agent\": \"DuoCredProv/4.2.2.1755 (Windows NT 10.0.2009.22621.2361; x64; Workstation)\", \"hostname\": \"win11\", \"factor\": \"duo_otp\"}",
"isotimestamp": "2024-01-09T20:53:48+00:00",
"object": "Microsoft RDP",
"timestamp": 1704833628,
"username": "kristina"
},
{
"action": "o2fa_user_deprovisioned",
"description": "{\"user_agent\": \"DuoCredProv/4.2.2.1755 (Windows NT 10.0.2009.22621.2361; x64; Workstation)\", \"hostname\": \"win11\", \"factor\": \"duo_otp\"}",
"isotimestamp": "2024-01-09T21:03:00+00:00",
"object": "Microsoft RDP",
"timestamp": 1704834180,
"username": "kristina"
},
{
"action": "o2fa_user_reenrolled",
"description": "{\"user_agent\": \"DuoCredProv/4.2.2.1755 (Windows NT 10.0.2009.22621.2361; x64; Workstation)\", \"hostname\": \"win11\", \"factor\": \"duo_otp\"}",
"isotimestamp": "2024-01-09T21:12:39+00:00",
"object": "Microsoft RDP",
"timestamp": 1704834759,
"username": "kristina"
}
],
Duo, not DUO.
