Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2158
Views
0
Helpful
1
Replies

DUO - allow logon locally

Go to solution
gandlal
Level 1
Level 1

‎06-18-2018 08:14 AM

Hi,

We are using DUO Wondows logon 3.1.1 to enable MFA for our Jump servers. Is it necessary that, users who need to authenticate to those Jump servers should be under the GPO policy “Allow logon locally”.

we have around 500 users who need access to the servers (joined to organization’s domain), so should 500 users be added manually or domain GPO policy?

Anyway, we can bypass this without changing the domain GPO policies?

Regards,
Lavanya G

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-18-2018 08:44 AM

  1. Yes, any user who will be logging into your jump server where Duo is installed needs the “Allow logon locally” right.

  2. If the domain policy overrides local policy then yes, you must edit the domain policy.

  3. The easiest way to grant this right to 500 users is to put them in a group and grant the right to the group in your GPO.

Duo, not DUO.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-18-2018 08:44 AM

  1. Yes, any user who will be logging into your jump server where Duo is installed needs the “Allow logon locally” right.

  2. If the domain policy overrides local policy then yes, you must edit the domain policy.

  3. The easiest way to grant this right to 500 users is to put them in a group and grant the right to the group in your GPO.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents