Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2454
Views
5
Helpful
1
Replies

DUO ByPass question

RICHARD MESSINGER
Level 7
Level 7

‎11-29-2022 11:06 AM

Is there a recommended way to have a specific User account bypass doing MFA with DUO?

Customer has DUO setup for access to their routers and switches.  But they have a software that needs to ssh into the devices that obviously does not have the ability to do MFA.  Can there be a setting that exempts a service account from the general rules of MFA and be able to turn that account on and off as needed?

 

Thanks

Labels:
0 Helpful
1 Reply 1

MaxShantar
Cisco Employee
Cisco Employee

‎12-11-2022 07:17 AM

To do this, you will need to create a special "bypass" group in Duo, and then add the specific user account to this group. The user will then be able to authenticate to systems protected by Duo MFA without being prompted for a second factor.

Here are the steps to create a bypass group and add a user to it:

  1. Log in to the Duo Admin Panel and navigate to the "Groups" page.
  2. Click the "Create New Group" button.
  3. In the "Group Name" field, enter a name for the bypass group (e.g. "MFA Bypass").
  4. In the "Group Type" field, select "Bypass".
  5. Click the "Save" button.
  6. On the "Groups" page, click the name of the bypass group you just created.
  7. On the group page, click the "Add Users" button.
  8. In the "Add Users" dialog, search for and select the specific user account that you want to add to the bypass group.
  9. Click the "Add" button to add the user to the group.

After completing these steps, the user will be able to authenticate to systems protected by Duo MFA without being prompted for a second factor. You can manage the members of the bypass group and add or remove users as needed.

It is important to note that allowing a user to bypass MFA can compromise the security of your systems. This should only be done for specific user accounts that have a valid reason for bypassing MFA, and the bypass group should be managed carefully to ensure that only the appropriate users are added to it.

Customers Also Viewed These Support Documents