Preventing specific users from Being Deleted by Trash process

gsweers · ‎02-13-2026

It would be great if we can get a flag to select on specific user accounts to prevent the trash process from deleting specific accounts. These are typically domain admin accounts for servers that have hardware tokens or offline codes assigned, but are not frequently signed in. Once they delete the hardware token goes with them and does not come back on recovery or gets emptied by trash and has to be recreated and we have the recovery process to then deal with on the local machine.

DuoKristina · ‎02-13-2026

> Once they delete the hardware token goes with them

Are you saying that deleting a user also deletes the OTP hardware token (visible at Devices > Hardware Tokens in the Admin Panel) previously attached to Duo. You should not find this to be the case. Permanently deleting a user from Duo does not also delete a D100 or third-party OTP hardware token that was attached to that permanently deleted user.

If when you say "hardware token" you are referring to a U2F security key used for offline login to Windows systems where Duo for Windows Logon is installed - valid.

You can contact your Cisco Duo account or customer success team to submit your feature request to mark specific users as "Do not delete" by any automated process. If you don't have a dedicated contact, you can submit feature requests via Duo Support.

Duo, not DUO.