06-08-2022 08:44 AM
Can anyone tell me if it is possible to whitelist a couple of public IP addresses so that when a user at a site tries to log into our RDP system, it skips the Duo MFA process based on the public IP address he/she is coming in from?
Thank you for your assistance.
06-10-2022 07:54 AM
Hi @BretA-EP, welcome to the Duo Community! I understand that you are currently using Duo for Windows Logon and RDP and you’d like to allow users accessing RDP from a few specific IP addresses to log on without being prompted for multi-factor authentication. This is possible using an Authorized Networks policy. You’ll want to set Authorized Networks to Allow access without 2FA from these networks and specify a block of IP addresses, IP ranges, or CIDRs as a comma-separated list.
Hope that helps!
P.S. Please note that this will only work for RDP sessions and not local console logins.
06-10-2022 08:10 AM
Thanks Amy. I appreciate this information. I just want to make sure that I am clear on one thing with this process. If I add the authorized networks, then those users coming across the listed IPs will not get prompted for Duo authentication. However, if they are outside of those approved and listed IPs, then they would get prompted for Duo verification.
Am I correct?
06-10-2022 08:15 AM
Yes, that’s correct!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide