cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1372
Views
0
Helpful
1
Replies

Question about the offline access feature for DUO for windows logon

dariofriedsam90
Level 1
Level 1

Hello DUO community,

I am currently setting up DUO for windows logon/RDP for all critical servers of a customer. Everything is working fine so far.

However, there is one "user-experience" issue that we are unsure about. The customer wants to use the Offline Access feature (https://duo.com/docs/rdp#offline-access) and we were able to successfully test this for one of the servers.

However, we just realized (while setting this up for a second server) that you have to create a new Offline Access User/Account within the DUO mobile app for every additional server/endpoint (you are being prompted to scan a QR code and in turn create a new Offline Access account within the DUO mobile app for every new server you want to use this on). Since we are setting this up for access to critical servers, it would mostly be the same few people needing access to multiple different servers (10+). That would obviously lead to a huge amount of Offline Access Accounts within those people's DUO mobile app. The more servers they add the more confusing it gets within the DUO mobile app, having to search for the correct Offline Access account for the correct passcode.

Hence the question, if there is any way to only use a single offline access account within the user's DUO mobile app for ALL the different servers that have DUO for windows logon/RDP deployed? (Is it possible to consolidate multiple DUO mobile offline accounts into one within the same DUO mobile app?)

 

I would really appreciate some input on this, thanks a lot for your help in advance!

Cheers!

 

 

 

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

No, today it functions as you have observed, requiring separate offline setup and account for each user on each system.

Here are some prior discussions about this same question:

https://community.cisco.com/t5/managing-users/offline-access-with-rdp-when-you-have-100-s-of-systems/td-p/4877508

https://community.cisco.com/t5/managing-users/duo-offline-access/td-p/4880020

The offline access feature wasn't designed as an admin fail-safe for multiple server access. It's primary use case is to ensure users have access to their Windows systems during temporary offline periods. Read more about the use case in the Duo Blog: 

https://duo.com/blog/building-windows-offline 

https://duo.com/blog/offline-multi-factor-authentication-for-windows-is-now-available

You can contact Duo Support or your Duo account or customer success manager to submit a feature request that aligns with how you plan to use offline access.

Duo, not DUO.
Quick Links