cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
105
Views
3
Helpful
3
Replies

No IP address when using Passcode option in Duo

seceng
Level 1
Level 1

Hello.
For one of our solutions we have enabled both Passcode and Push options in the Duo admin portal. 

We have noticed we only see client-side IP addresses in the logs for users opting to use Push.
Is there a way to capture the IP address when users opt for the Passcode option?

Thank you 

1 Accepted Solution

Accepted Solutions

When using Duo Mobile Passcodes, the authentication is considered offline because the passcode is generated on the mobile device without requiring an internet connection. Since no network communication is involved in generating or using the passcode, there is no client-side IP address to capture and send to Duo's servers. This is why the IP address of the mobile (auth) device cannot be retrieved when using Passcodes.

On the other hand, Duo Push requires an internet connection for the authentication request to be sent from the mobile device to Duo's cloud infrastructure. As part of this communication, the mobile device's IP address is captured and logged in Duo's cloud, which is why you're able to see the IP address for Push-based authentication events but not for Passcode-based ones.

To clarify:

  • Duo Push: Captures the IP address because it requires an internet connection to communicate with Duo's servers.
  • Duo Mobile Passcode: Does not involve any network communication (it’s purely offline), so there’s no opportunity to capture or log the mobile device's IP address.

In this case, if capturing the IP address is crucial for your security or compliance requirements, you'll need to consider steering users towards Duo Push or other online methods of authentication, where the IP can be logged, rather than using the Passcode method.

View solution in original post

3 Replies 3

DuoPablo
Cisco Employee
Cisco Employee

Hi @seceng ,

Unfortunately, there is no way to retrieve the IP address of the mobile (auth) device when using Duo Mobile Passcodes since it is ostensibly an offline authentication method. Duo Push requires internet connectivity, which passes the IP address to Duo's cloud.

Regardless of Auth Method, if using the Duo Universal Prompt or a properly-configuerd RADIUS application, the IP address of the Access Device (the device the user is logging in from) will be visible in the Authentication Log (https://help.duo.com/s/article/2302?language=en_US). 


Hope this helps!

When using Duo Mobile Passcodes, the authentication is considered offline because the passcode is generated on the mobile device without requiring an internet connection. Since no network communication is involved in generating or using the passcode, there is no client-side IP address to capture and send to Duo's servers. This is why the IP address of the mobile (auth) device cannot be retrieved when using Passcodes.

On the other hand, Duo Push requires an internet connection for the authentication request to be sent from the mobile device to Duo's cloud infrastructure. As part of this communication, the mobile device's IP address is captured and logged in Duo's cloud, which is why you're able to see the IP address for Push-based authentication events but not for Passcode-based ones.

To clarify:

  • Duo Push: Captures the IP address because it requires an internet connection to communicate with Duo's servers.
  • Duo Mobile Passcode: Does not involve any network communication (it’s purely offline), so there’s no opportunity to capture or log the mobile device's IP address.

In this case, if capturing the IP address is crucial for your security or compliance requirements, you'll need to consider steering users towards Duo Push or other online methods of authentication, where the IP can be logged, rather than using the Passcode method.

seceng
Level 1
Level 1

Maher and DuoPablo -

Thank you for the quick response. 
That makes perfect sense. 

Quick Links