Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
86
Views
1
Helpful
2
Replies

PC admin account with more than one user ?

Go to solution
NigelG
Level 1
Level 1

‎07-31-2024 05:42 AM

We are new to this so probably a basic question

We have Admin accounts on PC's all called administrator but we want multiple engineers to have the ability to log into those for admin purposes. What's a good way to achieve this. We don't really want unique admin accounts for each possible engineer to log in with. 

These are desktop PC's with local logins not AD etc

Many thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎07-31-2024 06:33 AM

Although in general I would never recommend using a shared administrator account (how do you audit privileged activity by individual admins?), if you must you can associate up to 100 phones or tokens with an individual user in Duo representing your shared credential.

This would look like:

  1. one "administrator" user in Duo
  2. a phone or hardware token for each of the multiple engineers added in Duo and attached to that one "administrator" user
  3. change the autopush default for Duo for Windows Logon so it doesn't automatically send a 2FA request to the first phone attached to the "administrator" user
  4. whomever logs into a Duo-protected Windows system as "administrator" can choose the phone that belongs to them in the Duo 2FA prompt to proceed, or enter the passcode from their hardware token.

Read more in the Duo KB article Can multiple users authenticate with a shared account on a system protected with Duo for Windows Logon? 

Duo, not DUO.

View solution in original post

Go to solution
NigelG
Level 1
Level 1

‎08-01-2024 12:39 AM

excellent thanks for the info

View solution in original post

0 Helpful
2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎07-31-2024 06:33 AM

Although in general I would never recommend using a shared administrator account (how do you audit privileged activity by individual admins?), if you must you can associate up to 100 phones or tokens with an individual user in Duo representing your shared credential.

This would look like:

  1. one "administrator" user in Duo
  2. a phone or hardware token for each of the multiple engineers added in Duo and attached to that one "administrator" user
  3. change the autopush default for Duo for Windows Logon so it doesn't automatically send a 2FA request to the first phone attached to the "administrator" user
  4. whomever logs into a Duo-protected Windows system as "administrator" can choose the phone that belongs to them in the Duo 2FA prompt to proceed, or enter the passcode from their hardware token.

Read more in the Duo KB article Can multiple users authenticate with a shared account on a system protected with Duo for Windows Logon? 

Duo, not DUO.

Go to solution
NigelG
Level 1
Level 1

‎08-01-2024 12:39 AM

excellent thanks for the info

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents