duo remote access login

by Dr. Letha Dicki Published 2 years ago Updated 1 year ago

How do I use duo on the RD web portal?

When logging on to the RD Web portal, users receive the Duo enrollment or authentication page after primary authentication. Remote applications may no longer be launched from the "RemoteApp and Desktop Connections" app feed after Duo is installed on your RD Web server.

How can duo help with remote work?

This adage has employees connecting to corporate networks via web and cloud apps, as well as remote access services like VPNs and RDP to do their job. Learn how to enable the remote workforce, spot security vulnerabilities, and reduce the risk of a breach. Duo's mission is to secure yours. Learn more about Duo's full suite of capabilities:

Why can't I log in to my duo account?

If the user does not perform online Duo authentication before the maximum number of days specified here is reached, they can no longer log in offline, and so must connect to Duo's service in order to log in at all. Users may activate offline access using either the Duo Mobile application for iOS or Android, or a U2F security key.

How do I set up duo authentication?

Navigate to Security → Authentication Factors and click the New Auth Factor button. Choose Duo Security from the "Partners" section to enable Duo. Fill out the form as follows and click Save when done. Select the attribute from the list that contains values that match your end users' Duo usernames.

How do I log into my duos from another device?

Select the new phone's operating system. Install Duo Mobile on the new phone and scan the QR code to activate. The new phone is added and listed with your other enrolled devices. You can click Add another device to start the enrollment process again and add another authenticator.

How do I login to my Duo account?

If you activated Duo Mobile, tap the entry for your Windows computer in Duo Mobile to generate a passcode, enter it into the Duo prompt, and click Log In. If you activated a security key, you should see it start blinking. Tap your security key to log in.

How do I log into my duos without a phone?

Using Duo without Cellular Service or While TravelingSimply open the app and tap the Passcode button. Depending on your device, this button may say Generate Passcode or Generate Token Code. It may also simply contain an image of a key.Enter the code provided in the Passcode field of the Duo verification screen.

How do I log into Duo Mobile on a new phone?

If your new phone has the same phone number as your old one and is the same operating system (iOS, Android, etc)Login to Duo.Click the button to Send Activation Code. Result: You will receive a text message with a link to the application. ... You will also receive a second text message with the activation link.

Can Duo be used on a computer?

Video calls with anyone in your contacts who uses Duo: Call friends and family across different devices like Android, iOS, computers, Nest Hub, Nest Hub Max, Lenovo Smart Display, and JBL Link View.

Can I install Duo on two devices?

It is customizable – you can set it up to send you a push, provide a passcode, or call you on a mobile device. And now, you can enroll multiple devices – cell phones, tablets, or landlines - to ensure that you can log in when you need to on the device you have at hand.

What happens to Duo if I lost my phone?

I lost my phone. Contact your Duo administrator immediately if you lose your phone or suspect that it's been stolen! If your organization enabled Duo's self-service feature and you had previously enrolled a second authentication device you can use My Settings & Devices to delete your lost or stolen phone.

Can Duo work without a phone number?

Google Duo is now letting users sign up without having to give their phone number. According to a report, this option is only available if you're using the Android version of the app on tablets — other users still need to use their phone number to create their account.

Can I use Duo without the app?

According to Android Police, Duo users can now call people who don't have the app installed and who haven't registered with the service. It works like any other Duo communication, except that at the end of any call, recipients who don't have the app installed will then be prompted to install Duo.

Where is QR code on Duo Mobile?

Open Duo Mobile and tap Add in the upper right of your accounts list to go to the account type selector. If the new account you want to add shows you a QR code to scan with an authenticator app, tap Use QR code from Duo Mobile's Add account list. Scan the QR code with your camera to add the account.

How do I get my Duo password?

1. Use your smartphone to generate passcodes from the Duo Mobile app. To use, simply open the app and press the gray icon in the upper right-hand side of the app for iOS and Android (pointed by the red arrow in the image below) or the Generate Passcode button on Microsoft OS devices.

How do I find the QR code on my Duo phone?

What is duo authentication?

Duo Authentication for Microsoft Remote Desktop Web Access adds two-factor authentication protection to RD Web portal browser logons. When logging on to the RD Web portal, users receive the Duo enrollment or authentication page after primary authentication.

How to protect an application in Duo?

Click Protect an Application and locate the entry for Microsoft RD Web in the applications list. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. You'll need this information to complete your setup. See Protecting Applications for more information about protecting applications in Duo and additional application options.

What is Universal Prompt?

The new Universal Prompt provides a simplified and accessible Duo login experience for web-based applications, offering a redesigned visual interface with security and usability enhancements.

How to see progress on Duo?

Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications in-scope for Universal Prompt support. You can also activate the new prompt experience for multiple supported applications from the report page instead of visiting the individual details pages for each application.

How to enforce two factor authentication?

If you want to enforce two-factor authentication for all your clients, you should ensure that they must connect through RD Web Access with Duo and/or RD Gateway with Duo. If clients can establish a direct connection to your RD Connection Broker and/or Session Host (s), then they may be able to bypass two-factor authentication. Block direct RDP access to these hosts to mitigate the potential for bypass.

What happens after Duo updates?

After Duo makes the necessary software update available and you've installed it, you'll return to the settings on this page to activate the Universal Prompt for your Microsoft RD Web users.

What port does Duo use?

This application communicates with Duo's service on TCP port 443. Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If your organization requires IP-based rules, please review this Duo KB article.

What is Duo authentication?

Duo Authentication for Windows Logon adds Duo two-factor authentication to Windows desktop and server logins, both at the local console and incoming Remote Desktop (RDP) connections. Starting with version 4.1.0, two-factor authentication may also be enabled for credentialed User Access Control (UAC) elevation requests, depending on your organization's Windows UAC configuration.

How to remove Duo authentication for Windows login?

If you'd like to remove Duo Authentication for Windows Logon from your system, open the Windows Control Panel "Programs and Features" applet, click on the "Duo Authentication for Windows Logon" program in the list, and then click Uninstall.

What is the default username for Duo?

The Duo username (or username alias) should match the Windows username. When you create your new RDP application in Duo the username normalization setting defaults to "Simple", which means that the if the application sends the usernames "jsmith," "DOMAINjsmith," and "jsmith@domain.com" to Duo at login these would all resolve to a single "jsmith" Duo user.

What happens if you block a user on Duo?

If the Duo application denies access to your users, ensure that you have enrolled them in Duo with a username or username alias that matches the username they use to log into Windows, and with a 2FA device attached that is activated for Duo Push, can receive phone calls from Duo, or can generate a one-time passcode. If you applied a new user policy that allows access without 2FA and expect it to allow the blocked users through that the blocked users do not exist in Duo. Refer to these articles to learn more about user enrollment states and how they combine with policy settings to affect user logins.

How to force offline reactivation?

To force offline reactivation for a previously activated user on a given Windows system, use the Registry Editor (regedit.exe) with administrator privileges to delete the entire registry key that includes the username from HKLMSOFTWAREDuo SecurityDuoCredProvOffline .

What is Duo 4.2.0?

Version 4.2.0 of Duo Authentication for Windows Logon adds support for local trusted sessions, reducing how often users must repeat Duo two-factor authentication. The Remembered Devices policy now includes a setting for Windows logon sessions, which when enabled offers users a “Remember me” checkbox during local console login for the duration specified in the policy.

When do you see the Duo authentication prompt?

If you enabled User Elevation in Duo for Windows Logon v4.1.0 or later , you'll see the Duo authentication prompt after you enter your password for a credentialed elevation request. The application you were trying to launch runs after you approve the Duo two-factor request. If you chose to remember the device at the Windows desktop login, then you won't need to approve Duo authentication for UAC either until the trusted Duo session ends.

How to apply Duo MFA policy?

To apply the new Duo MFA policy to individual users, navigate to Users → All Users. Click on a listed user to open the User Info page , and change the Security Policy pull down menu setting to your new Duo MFA policy. Click the Save User button to apply the change.

Is Duo application secure?

The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!

Does Duo require hostname whitelisting?

If you plan to permit use of WebAuthn authentication methods (security keys, U2F tokens, or Touch ID), Duo recommends enabling hostname whitelisting for this application and any others that show the inline Duo Prompt before onboarding your end-users.

Mit Duo in Microsoft Windows einloggen

Bei der Duo-Authentifizierung für die Anmeldung über Windows ist Auto-Push standardmäßig aktiviert.

Gespeicherte Geräte

Wenn Sie sich bei der lokalen Windows-Konsole anmelden, wird möglicherweise die Option Remember me for… (Meine Daten speichern für...) angezeigt, wenn Ihr Administrator die Duo-Funktion für gespeicherte Geräte aktiviert hat.

Genehmigung der Benutzerrechteerweiterung mit Duo

Mit der optionalen Konfiguration der Erweiterung von Benutzerrechten wird die Duo-Zwei-Faktor-Authentifizierung der passwortgeschützten hinzugefügt. Windows-Benutzerkontensteuerung (User Account Control, UAC) Erweiterungsversuche.

Offlinezugriff für Windows Logon

Der Offline-Zugriff für die Duo-Windows-Anmeldung ermöglicht es Ihnen, sich auch dann sicher bei Windows-Systemen anzumelden, wenn Sie den Cloud-Service von Duo nicht erreichen. Sie können eine Methode für den Offline-Zugriff aktivieren: entweder Duo Mobile unter iOS oder Android oder einen U2F-Sicherheitsschlüssel

Remote-access Guide