09-30-2024 06:29 AM
Hello.
For one of our solutions we have enabled both Passcode and Push options in the Duo admin portal.
We have noticed we only see client-side IP addresses in the logs for users opting to use Push.
Is there a way to capture the IP address when users opt for the Passcode option?
Thank you
Solved! Go to Solution.
09-30-2024 09:07 AM
When using Duo Mobile Passcodes, the authentication is considered offline because the passcode is generated on the mobile device without requiring an internet connection. Since no network communication is involved in generating or using the passcode, there is no client-side IP address to capture and send to Duo's servers. This is why the IP address of the mobile (auth) device cannot be retrieved when using Passcodes.
On the other hand, Duo Push requires an internet connection for the authentication request to be sent from the mobile device to Duo's cloud infrastructure. As part of this communication, the mobile device's IP address is captured and logged in Duo's cloud, which is why you're able to see the IP address for Push-based authentication events but not for Passcode-based ones.
To clarify:
In this case, if capturing the IP address is crucial for your security or compliance requirements, you'll need to consider steering users towards Duo Push or other online methods of authentication, where the IP can be logged, rather than using the Passcode method.
09-30-2024 08:57 AM
Hi @seceng ,
Unfortunately, there is no way to retrieve the IP address of the mobile (auth) device when using Duo Mobile Passcodes since it is ostensibly an offline authentication method. Duo Push requires internet connectivity, which passes the IP address to Duo's cloud.
Regardless of Auth Method, if using the Duo Universal Prompt or a properly-configuerd RADIUS application, the IP address of the Access Device (the device the user is logging in from) will be visible in the Authentication Log (https://help.duo.com/s/article/2302?language=en_US).
Hope this helps!
09-30-2024 09:07 AM
When using Duo Mobile Passcodes, the authentication is considered offline because the passcode is generated on the mobile device without requiring an internet connection. Since no network communication is involved in generating or using the passcode, there is no client-side IP address to capture and send to Duo's servers. This is why the IP address of the mobile (auth) device cannot be retrieved when using Passcodes.
On the other hand, Duo Push requires an internet connection for the authentication request to be sent from the mobile device to Duo's cloud infrastructure. As part of this communication, the mobile device's IP address is captured and logged in Duo's cloud, which is why you're able to see the IP address for Push-based authentication events but not for Passcode-based ones.
To clarify:
In this case, if capturing the IP address is crucial for your security or compliance requirements, you'll need to consider steering users towards Duo Push or other online methods of authentication, where the IP can be logged, rather than using the Passcode method.
09-30-2024 10:21 AM
Maher and DuoPablo -
Thank you for the quick response.
That makes perfect sense.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide