I have been reading through the Duo guides to set things up in preparation for company-wide deployment. I am a little unclear on how to set up inline/self-enrollment for use with Windows logon (Microsoft RDP app).
Basically, I would like to have the Duo agent installed on user workstations and then have new Duo users log in and then get prompted to set up the Duo app ON THAT PC and then use the push notification.
The problem I am running into is:
- If I add the user in Duo (user name and email), when the user logs in, it just said the user is not activated in Duo.
- If I add a phone to that user, when the user logs onto the Windows PC, they only have the option to get sent a text code. There are no instructions to install the Duo app and enable push.
It seems like the only way I can get it like I want is if I first enroll the users and they get emailed the link to set up the Duo app. The problem with that, is once Duo is installed on ALL computers, then new employees/Duo users won’t be able to log into Windows to check their email to setup Duo to log into Windows.
How can I actually set it up so that the non-Duo enrolled user can log into Windows with their AD account and then instructions on the screen to install the Duo app, scan the QR code and then use the push notification to get in??
