cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
5
Helpful
1
Replies

DUO ByPass question

RICHARD MESSINGER
Rising star
Rising star

Is there a recommended way to have a specific User account bypass doing MFA with DUO?

Customer has DUO setup for access to their routers and switches.  But they have a software that needs to ssh into the devices that obviously does not have the ability to do MFA.  Can there be a setting that exempts a service account from the general rules of MFA and be able to turn that account on and off as needed?

 

Thanks

1 Reply 1

MaxShantar
Cisco Employee
Cisco Employee

To do this, you will need to create a special "bypass" group in Duo, and then add the specific user account to this group. The user will then be able to authenticate to systems protected by Duo MFA without being prompted for a second factor.

Here are the steps to create a bypass group and add a user to it:

  1. Log in to the Duo Admin Panel and navigate to the "Groups" page.
  2. Click the "Create New Group" button.
  3. In the "Group Name" field, enter a name for the bypass group (e.g. "MFA Bypass").
  4. In the "Group Type" field, select "Bypass".
  5. Click the "Save" button.
  6. On the "Groups" page, click the name of the bypass group you just created.
  7. On the group page, click the "Add Users" button.
  8. In the "Add Users" dialog, search for and select the specific user account that you want to add to the bypass group.
  9. Click the "Add" button to add the user to the group.

After completing these steps, the user will be able to authenticate to systems protected by Duo MFA without being prompted for a second factor. You can manage the members of the bypass group and add or remove users as needed.

It is important to note that allowing a user to bypass MFA can compromise the security of your systems. This should only be done for specific user accounts that have a valid reason for bypassing MFA, and the bypass group should be managed carefully to ensure that only the appropriate users are added to it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers