cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
212
Views
1
Helpful
2
Replies

No Admin Access Duo Mobile iOS

snpower
Level 1
Level 1

I was previously employed by a university that utilized DUO; since then I have moved to a private employer that also uses Duo. I have a dozen or so logins (Paypal, Amazon, etc.) listed in Duo Mobile iOS. I am attempting to add BitWarden but apparently need admin access… this is when I realized I’ve probably never had it! I do not have a record of a username for login.

My guess is I will have to start over - create my own Duo account and setup all these logins/services again?

2 Accepted Solutions

Accepted Solutions

DuoKristina
Cisco Employee
Cisco Employee

> I am attempting to add BitWarden but apparently need admin access...

Admin access to what? Are you talking about the Duo Admin Panel?

So, organizations that use Duo, like your university and your employer, protect their applications with Duo by configuring a connection between the app and Duo's cloud service, or they install some connector software that creates the connection between the app and Duo's cloud service. This opens up use of Duo Push authentication requests from our service to the user's phone when they log into one of these Duo-protected apps.

I think the logins you have in Duo Mobile are what we call "third-party accounts", meaning these services aren't connected to Duo's cloud service, and you don't receive push requests for logins. Instead, you went to the security settings for Paypal, Amazon, etc., and went through a 2FA/MFA setup process where you scanned a QR code shown by that site in Duo Mobile, and now when you log into those sites you generate a passcode (OTP) in Duo Mobile for verification.

Bitwarden offers BOTH a direct Duo MFA integration, where someone that uses Bitwarden and subscribes to Duo can directly protect all their org's Bitwarden logins with Duo Push, and they also offer the ability for individual Bitwarden users to set up their own 2FA for OTP passcode verification using any app that supports this: Duo Mobile, Google Authenticator, Authy, etc.

You can choose whichever one of those solutions you like.

If you decide to use their direct Duo MFA integration, you need to sign up for a Duo account at https://signup.duo.com first. This will give you a 30-day Duo Advantage trial, which downgrades to Duo Free after that time is up (plus a bunch of Duo marketing emails). The Bitwarden application is available in Duo Free, so you can keep using it without paying Duo anything. This solution requires more work on your part to setup:

  1. Sign up for Duo.
  2. Create your first Duo admin user and secure that admin account with a verification method.
  3. Log in to Duo's Admin Panel as the admin user and then create a regular end-user for yourself (the username should match your Bitwarden login).
  4. Activate that user for Duo Mobile push notifications.
  5. Create a Bitwarden application in Duo.
  6. Log into Bitwarden and enter the application info from Duo in Bitwarden.
  7. When you log into Bitwarden you receive a Duo Push request in Duo Mobile.

If you choose to just use Duo Mobile as a passcode authenticator app then all you need to do is log into Bitwarden and go to your security settings, choose to use Duo as your authenticator app, and scan the code shown by Bitwarden with the Duo Mobile app. You should also save any backup codes Bitwarden offers you so you can log in if you lose your phone. When you log into Bitwarden you'll be prompted to enter a passcode, which you'd generate with Duo Mobile.

Be sure that you have Duo Mobile set up to backup your third-party accounts! If you don't, you'll lose those OTP accounts if you switch phones, and possible lose access to log into those applications. See the Duo Restore guide to learn how.

Duo, not DUO.

View solution in original post

snpower
Level 1
Level 1

Thank you for the detailed and helpful answer. Using Duo Mobile as a passcode authenticator app is what I have chosen to do.

View solution in original post

2 Replies 2

DuoKristina
Cisco Employee
Cisco Employee

> I am attempting to add BitWarden but apparently need admin access...

Admin access to what? Are you talking about the Duo Admin Panel?

So, organizations that use Duo, like your university and your employer, protect their applications with Duo by configuring a connection between the app and Duo's cloud service, or they install some connector software that creates the connection between the app and Duo's cloud service. This opens up use of Duo Push authentication requests from our service to the user's phone when they log into one of these Duo-protected apps.

I think the logins you have in Duo Mobile are what we call "third-party accounts", meaning these services aren't connected to Duo's cloud service, and you don't receive push requests for logins. Instead, you went to the security settings for Paypal, Amazon, etc., and went through a 2FA/MFA setup process where you scanned a QR code shown by that site in Duo Mobile, and now when you log into those sites you generate a passcode (OTP) in Duo Mobile for verification.

Bitwarden offers BOTH a direct Duo MFA integration, where someone that uses Bitwarden and subscribes to Duo can directly protect all their org's Bitwarden logins with Duo Push, and they also offer the ability for individual Bitwarden users to set up their own 2FA for OTP passcode verification using any app that supports this: Duo Mobile, Google Authenticator, Authy, etc.

You can choose whichever one of those solutions you like.

If you decide to use their direct Duo MFA integration, you need to sign up for a Duo account at https://signup.duo.com first. This will give you a 30-day Duo Advantage trial, which downgrades to Duo Free after that time is up (plus a bunch of Duo marketing emails). The Bitwarden application is available in Duo Free, so you can keep using it without paying Duo anything. This solution requires more work on your part to setup:

  1. Sign up for Duo.
  2. Create your first Duo admin user and secure that admin account with a verification method.
  3. Log in to Duo's Admin Panel as the admin user and then create a regular end-user for yourself (the username should match your Bitwarden login).
  4. Activate that user for Duo Mobile push notifications.
  5. Create a Bitwarden application in Duo.
  6. Log into Bitwarden and enter the application info from Duo in Bitwarden.
  7. When you log into Bitwarden you receive a Duo Push request in Duo Mobile.

If you choose to just use Duo Mobile as a passcode authenticator app then all you need to do is log into Bitwarden and go to your security settings, choose to use Duo as your authenticator app, and scan the code shown by Bitwarden with the Duo Mobile app. You should also save any backup codes Bitwarden offers you so you can log in if you lose your phone. When you log into Bitwarden you'll be prompted to enter a passcode, which you'd generate with Duo Mobile.

Be sure that you have Duo Mobile set up to backup your third-party accounts! If you don't, you'll lose those OTP accounts if you switch phones, and possible lose access to log into those applications. See the Duo Restore guide to learn how.

Duo, not DUO.

snpower
Level 1
Level 1

Thank you for the detailed and helpful answer. Using Duo Mobile as a passcode authenticator app is what I have chosen to do.

Quick Links