09-06-2023 12:27 AM
Hello DUO community,
I am currently setting up DUO for windows logon/RDP for all critical servers of a customer. Everything is working fine so far.
However, there is one "user-experience" issue that we are unsure about. The customer wants to use the Offline Access feature (https://duo.com/docs/rdp#offline-access) and we were able to successfully test this for one of the servers.
However, we just realized (while setting this up for a second server) that you have to create a new Offline Access User/Account within the DUO mobile app for every additional server/endpoint (you are being prompted to scan a QR code and in turn create a new Offline Access account within the DUO mobile app for every new server you want to use this on). Since we are setting this up for access to critical servers, it would mostly be the same few people needing access to multiple different servers (10+). That would obviously lead to a huge amount of Offline Access Accounts within those people's DUO mobile app. The more servers they add the more confusing it gets within the DUO mobile app, having to search for the correct Offline Access account for the correct passcode.
Hence the question, if there is any way to only use a single offline access account within the user's DUO mobile app for ALL the different servers that have DUO for windows logon/RDP deployed? (Is it possible to consolidate multiple DUO mobile offline accounts into one within the same DUO mobile app?)
I would really appreciate some input on this, thanks a lot for your help in advance!
Cheers!
09-11-2023 11:32 AM
No, today it functions as you have observed, requiring separate offline setup and account for each user on each system.
Here are some prior discussions about this same question:
https://community.cisco.com/t5/managing-users/duo-offline-access/td-p/4880020
The offline access feature wasn't designed as an admin fail-safe for multiple server access. It's primary use case is to ensure users have access to their Windows systems during temporary offline periods. Read more about the use case in the Duo Blog:
https://duo.com/blog/building-windows-offline
https://duo.com/blog/offline-multi-factor-authentication-for-windows-is-now-available
You can contact Duo Support or your Duo account or customer success manager to submit a feature request that aligns with how you plan to use offline access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide