08-13-2019 02:36 PM
Can a user be re-enabled after certain number of days if their account has only been set to “disabled” versus explicitly chosing the userid and selecting the “Delete” option?
08-14-2019 06:53 AM
Hi RDeYoung,
When you delete a user, there is a window of 7 days before that user is permanently deleted from Duo. During this time, it is possible to restore the user account from the trash. You can find more info on deleting and restoring users in the documentation on Managing Duo Users.
Disabling a user is a status change that denies the user access from authenticating with Duo, and would be used in cases such as when an employee leaves a company, for example. A user set to Disabled remains that way indefinitely and can be restored to have access at any time in the future.
Hope that helps!
08-14-2019 07:28 AM
One more thing to note: With the Inactive User Expiration setting, you can choose to automatically remove inactive users from Duo after a set period.
When this setting is enabled, users who do not authenticate for the specified number of days are moved into the Trash and put into the pending deletion status. You can learn more about this here: Using the Duo Admin Panel and Changing Settings | Duo Security
03-01-2023 01:41 PM
This doesn’t apply to those users who are synced, correct? We have a number of inactive users who may not utilize Duo, but take up half the licenses. What is a way to exclude some of these accounts, i.e. service accounts, or how to change configuration to not include every single account? Or would this be too risky?
Do disabled accounts take up a license as well? I’ve recently noticed some still showing in ‘Users’ although in AD it is disabled.
03-02-2023 09:26 AM
Yes, disabled accounts consume a license. If a username exists in Duo, it is consuming a license.
You would need to remove the users from the sync (and therefore from Duo) to reduce license usage. This does also remove the user’s enrolled devices, so they would essentially need to be synced in like a new user and register their phone or other authentication method when they are no longer inactive at your organization.
03-03-2023 06:52 AM
If a user is not in a Duo synced group would they be blocked access from apps that utilize Duo? I.e. using email externally, but not in Duo group; would prompt to enroll appear or would it be bypassed?
03-03-2023 01:12 PM
If a username doesn’t already exist in Duo (as a synced or manually-created user), and they log in to an application protected with Duo without a permitted group restriction where you have the new user policy set to require enrollment, then the user would get prompted to enroll as a new Duo user.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide