Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
2
Replies

Disable adding new platform authenticators, but keep existing

Go to solution
traceyreed
Level 1
Level 1

‎01-22-2025 01:39 PM

Hi,

We are looking to disable adding new platform authenticators (Windows Hello, TouchID, etc.), but keep the current platform authenticators that our customers currently have associated with their Duo account. 

I found the article - https://duo.com/docs/policy#authentication-methods, but it doesn't mention what would happen to currently-added platform authenticators. By disabling, would it also disable or delete these?

Thank you,

--
Tracey Reed

System Administrator - Identity and Access Management

Michigan Technological University 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎01-22-2025 01:49 PM - edited ‎01-22-2025 01:51 PM

If you disable any authentication method in policy, it doesn't delete existing registered authenticators of that type from users, but it will prevent them from being used to authenticate any more to applications subject to the modified policy (and prevents enrolling additional authenticators of that type).

ETA we are working on a separate enrollment policy feature, which I think would let you do what you want (disallow the authenticator type in enrollment policy but let existing still be used in authentication policy).

Please contact your Duo Care team or Duo sales expert if you have one to be added to the feature request. If you do not have either of those types of contacts, you can also make the same request via Duo Support.

 

Duo, not DUO.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎01-22-2025 01:49 PM - edited ‎01-22-2025 01:51 PM

If you disable any authentication method in policy, it doesn't delete existing registered authenticators of that type from users, but it will prevent them from being used to authenticate any more to applications subject to the modified policy (and prevents enrolling additional authenticators of that type).

ETA we are working on a separate enrollment policy feature, which I think would let you do what you want (disallow the authenticator type in enrollment policy but let existing still be used in authentication policy).

Please contact your Duo Care team or Duo sales expert if you have one to be added to the feature request. If you do not have either of those types of contacts, you can also make the same request via Duo Support.

 

Duo, not DUO.
0 Helpful

Go to solution
traceyreed
Level 1
Level 1
In response to DuoKristina

‎01-23-2025 07:20 AM

Hi DuoKristina,

Thank you for clarifying. That would be a great feature to add a separate enrollment policy feature for this.

--

Tracey

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents