10-17-2022 09:54 PM
Hi,
I want to have 2FA after the login prompt for Azure-joined Windows client,
I follow the instruction below, but still doesn’t work (error “The username you have entered is not enrolled with DUO Security”).
https://help.duo.com/s/article/3832?language=en_US
Any advice? Is there any where I can see what username is sent to the duo security? Cannot find any log in the report section.
Thanks and have a nice day.
10-18-2022 11:16 AM
Hi @weixing73 ,
Welcome to the community!
I’ve run into this issue a couple of times and this is what has helped me:
Format that I’ve found for the username is usually:
FirstnameLastname
You can also add upto 8 different aliases on a user, so you can add a couple of different combinations for it to look for.
10-18-2022 11:18 AM
To clarify, our default New User Policy is set to Deny access to unenrolled users, which is why that probably shows up in our authentication logs.
11-07-2022 07:28 PM
Finally make it work. Need to set the “New User Policy” to “Allow access without 2FA”, so I can capture the actual username in the “Authentication Log”. I set it back to “Deny access” after I capture the actual username.
Anyway, the format for my case is: azuread\[displayname]
Thanks for the help and have a nice day.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide