Offline access for Duo Windows Logon helps you log on to Windows systems securely even when unable to contact Duo’s cloud service. You can activate one method for offline access, either Duo Mobile on iOS or Android or a U2F security key.
If your organization allows you to use this feature, you’ll see the offline activation prompt after successful Duo two-factor authentication when you log in to, unlock the workstation, or approve a user elevation request while the system is online and able to contact Duo’s service. Check with your organization’s Duo administrators or Help Desk to verify availability of Offline Access on your workstation.
Activating Offline Access with Duo Mobile
Â
Â
Duo’s offline access works with these security keys:
HyperFIDO tokens are not supported for offline access activation, nor are simple OTP passcode tokens or Duo D-100 hardware tokens. If you’re not sure whether your security will work, ask your organization’s Duo administrator or your IT Help Desk.
Once you’ve activated offline access for your account, when your computer isn’t able to contact Duo’s cloud service you’ll automatically be offered the option to login with an offline code or security key (depending on which type of device you activated earlier) after successfully submitting your Windows username and password during system logon or after entering your password in a UAC elevation prompt (if User Elevation is enabled).
If you activated Duo Mobile, tap the entry for your Windows computer in Duo Mobile to generate a passcode, enter it into the Duo prompt, and click Log In.
If you activated a security key, you should see it start blinking. Tap your security key to log in.
The offline two-factor authentication prompt shows you how many remaining offline logins you have left, or the last day you’ll be allowed to authenticate using offline access (depending on which option your organization’s administrator chose when enabling offline access in the Duo Admin Panel).
Once you reach the offline access limit, the Duo prompt informs you that you must complete online authentication to Duo before you can log in again with an offline passcode. Offline access refreshes when you perform an online Duo authentication.
If Duo Authentication for Windows Logon was installed with the fail mode set to “fail closed”, then a user who does not activate offline access on that computer may not log in while disconnected from the internet. Make sure to complete offline activation the next time the computer has internet access.
If you need to add the Windows Offline account to Duo Mobile on a different phone than you originally used for activation, you can do this from the online Duo MFA prompt.
IMPORTANT: Only one phone may be activated for offline access at a time. Activating offline access on another phone invalidates the previously activated phone.
If you restored the Duo Mobile accounts on your phone with Duo Restore, reactivating offline access won’t reconnect the offline account that was restored. Instead, a second account for offline access will be created. Avoid confusion by deleting the restored offline access account before performing reactivation from the online Duo for Windows MFA prompt.
[vc_row][vc_column][vc_column_text]
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_btn title=”SUBSCRIBE” color=”primary” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.galloptechgroup.com%2Fsubscribe%2F|title:Subscribe”][/vc_column][/vc_row]
GET YOUR FREE AUDIT FOR YOUR COMPANY’S EMAIL SECURITY AND DARK WEB MONITORING.
