cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6211
Views
0
Helpful
9
Replies

Directory Sync custom schedule

jsiergiej1
Level 1
Level 1

Has anyone figured out a way to initiate a directory sync other than via the sync now button or system scheduled 10am sync time? I’d like to kick off a sync automatically at a time other than set time of 10am in the DUO admin panel, which I can’t change.

We remove remote access to users for 5 days per year by automatically adding/removing them from an AD group at midnight of the day they leave/return. The scheduled sync time of 10am won’t work for us since users obviously connect at 8am or before. If the sync didn’t happen yet and they get in, we have to answer to auditors. If they’re still disabled when they return and then they can’t get in, we have to deal with support calls.

9 Replies 9

Steve_M
Level 1
Level 1

I wanted to move our sync time as well, but was told that is not an option. I submitted a feature request. Don’t know if this is planned for a future release or not.

AlexHart
Level 1
Level 1

I would like to request this as well.
Here’s another request: Request for the ability to adjust the sync time and interval

Semicolon
Level 1
Level 1

Its not awesome; but you may be able to leverage the Duo Admin API to make an API to sync a single user (repeat as necessary for each user), adding that step to the annual disabling/enabling process shouldn’t be too bad.

I can’t believe that this is still an outstanding issue for a security product. Every publicly traded company that is integrating into their directory is going to need this feature to be able to handle SOX audits at a minimum. Browsing the Admin API, I’m not seeing a directory sync command, so the last resort is to reproduce the code logic that manually adds/removes users to the DUO groups outside of the directory sync. It works, but that is by no means an enterprise solution. We really need the ability to sync with an AD group more than once a day. I can see saying no to more than once an hour, but otherwise, this is just silly.

bguyette
Level 1
Level 1

I would like to request this as well.  Coming from OneLogin to Duo the syncing is already biting us.  Once an hour I can explain better than sorry you missed your window until midnight. 

DuoKristina
Cisco Employee
Cisco Employee

Hi there. To submit feature requests for Duo please contact your Duo account exec or customer success manager. If you don't have one of these you can contact Duo Support to submit or upvote feature requests. Community posts don't automatically create feature requests for our product team.

Duo, not DUO.

Diego Azevedo
Level 1
Level 1

As per the link below, you can request to be added to an "open" feature request for the ability to adjust the sync time and interval.

https://help.duo.com/s/article/2224?language=en_US

johnmcaarthyy
Level 1
Level 1

I had the same issue with the fixed 10 am sync time in Duo, which didn’t work for our team’s early access needs. To work around this, we used the Duo Admin API to trigger syncs for individual users at custom times, though it’s not ideal. You can also reach out to your Duo account exec or support to request or upvote a feature for flexible sync schedules. It’s not perfect, but it’s a temporary fix until Duo updates this feature.
Furthermore you can see more details by visiting: https://help.duo.com/s/article/2224?language=en_US.

DuoKristina
Cisco Employee
Cisco Employee

Happy to share that we've added an option for high-frequency automatic Active DirectoryOpenLDAP or Entra ID user syncs in our D303 release. This will automatically start another sync about 30 minutes after the previous sync ends. Please see the "Adjust Sync Frequency" section of the documentation for your external directory type to learn how to enable.

Duo, not DUO.
Quick Links