Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
1
Helpful
4
Replies

Disabling SMS for various users

tiffany202
Visitor

‎03-09-2026 08:20 AM

Hello,

My organization currently has SMS as an auth method. We want to disable this method soon, but have a large number of various users still using it. A suggestion was to allow those using it for the time being, but disable the option for others (to not increase the usage more). How could I structure a policy to either allow those who use it continue or to disable it for the others to not have as a choice? I thought maybe some sort of user group, but they are all synced in by different groups (usually by dept) and how it could be tested out.

 

0 Helpful
4 Replies 4

Ken Stieers
VIP
VIP

‎03-09-2026 08:34 AM

Create a new group in Duo.
Add the users to it manually.
Create a User Policy and set the auth methods to NOT include SMS
Apply that to the applications.



0 Helpful

tiffany202
Visitor
In response to Ken Stieers

‎03-09-2026 08:42 AM

Thank you. Since our Global policy allows SMS, would these 2 policies conflict with each other? I haven't had much experience with creating them or adding apps, so this is all very new to me.

0 Helpful

Ken Stieers
VIP
VIP
In response to tiffany202

‎03-09-2026 08:55 AM

I'm the engine will apply this setting over the global one because its more specific.
You could build out a test app that mirrors one of the apps you have and use the Policy Calculator (under Policy/Policy Calculator) to see how it all comes together without affecting live authentications.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to Ken Stieers

‎03-09-2026 12:05 PM - edited ‎03-09-2026 12:06 PM

I'd actually suggest the opposite:

  1. Create a new custom policy that allows SMS.
  2. Create a group of just the users who still need to use SMS for now. If you sync users and groups from an external directory, you will need to create the group of SMS users in the external directory and add it to your sync config.
  3. Apply the custom policy allowing SMS from step 1 as a user-group policy to the group of SMS users in step 2.
  4. Global Policy - disable SMS so that no new users can enroll it.
  5. As you get SMS users to set up a different authentication method, remove them from the SMS users group,
  6. Delete the SMS users group and custom policy when no users need to log in with SMS anymore.

 

Result:

  • New users can't enroll SMS, so the pool of SMS users doesn't increase.
  • Graceful migration of users from SMS use to no SMS.
  • Easy cleanup when SMS use is done.
Duo, not DUO.
Quick Links
     
             Action Required: Duo CA Bundle Update      Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents