Solved: No IP address when using Passcode option in Duo

seceng · ‎09-30-2024

Hello.
For one of our solutions we have enabled both Passcode and Push options in the Duo admin portal.

We have noticed we only see client-side IP addresses in the logs for users opting to use Push.
Is there a way to capture the IP address when users opt for the Passcode option?

Thank you

Maher Abdelshkour · ‎09-30-2024

When using Duo Mobile Passcodes, the authentication is considered offline because the passcode is generated on the mobile device without requiring an internet connection. Since no network communication is involved in generating or using the passcode, there is no client-side IP address to capture and send to Duo's servers. This is why the IP address of the mobile (auth) device cannot be retrieved when using Passcodes.

On the other hand, Duo Push requires an internet connection for the authentication request to be sent from the mobile device to Duo's cloud infrastructure. As part of this communication, the mobile device's IP address is captured and logged in Duo's cloud, which is why you're able to see the IP address for Push-based authentication events but not for Passcode-based ones.

To clarify:

Duo Push: Captures the IP address because it requires an internet connection to communicate with Duo's servers.
Duo Mobile Passcode: Does not involve any network communication (it’s purely offline), so there’s no opportunity to capture or log the mobile device's IP address.

In this case, if capturing the IP address is crucial for your security or compliance requirements, you'll need to consider steering users towards Duo Push or other online methods of authentication, where the IP can be logged, rather than using the Passcode method.

View solution in original post

DuoPablo · ‎09-30-2024

Hi @seceng ,

Unfortunately, there is no way to retrieve the IP address of the mobile (auth) device when using Duo Mobile Passcodes since it is ostensibly an offline authentication method. Duo Push requires internet connectivity, which passes the IP address to Duo's cloud.

Regardless of Auth Method, if using the Duo Universal Prompt or a properly-configuerd RADIUS application, the IP address of the Access Device (the device the user is logging in from) will be visible in the Authentication Log (https://help.duo.com/s/article/2302?language=en_US).

Hope this helps!

Maher Abdelshkour · ‎09-30-2024

When using Duo Mobile Passcodes, the authentication is considered offline because the passcode is generated on the mobile device without requiring an internet connection. Since no network communication is involved in generating or using the passcode, there is no client-side IP address to capture and send to Duo's servers. This is why the IP address of the mobile (auth) device cannot be retrieved when using Passcodes.

On the other hand, Duo Push requires an internet connection for the authentication request to be sent from the mobile device to Duo's cloud infrastructure. As part of this communication, the mobile device's IP address is captured and logged in Duo's cloud, which is why you're able to see the IP address for Push-based authentication events but not for Passcode-based ones.

To clarify:

Duo Push: Captures the IP address because it requires an internet connection to communicate with Duo's servers.
Duo Mobile Passcode: Does not involve any network communication (it’s purely offline), so there’s no opportunity to capture or log the mobile device's IP address.

In this case, if capturing the IP address is crucial for your security or compliance requirements, you'll need to consider steering users towards Duo Push or other online methods of authentication, where the IP can be logged, rather than using the Passcode method.

seceng · ‎09-30-2024

Maher and DuoPablo -

Thank you for the quick response.
That makes perfect sense.