Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
210
Views
1
Helpful
3
Replies

Deploying Duo for Windows Login to Multiple Devices

Go to solution
Mike Vanchiere
Level 1
Level 1

‎05-11-2024 07:34 AM

I am implementing Duo for Windows Login for the first time. I have successfully installed on several servers. This is working as expected.

Question: Is it necessary to create a new Application for each server that is protected? Or can I "reuse" one Application for several devices? If I can "reuse" an existing Application, how do I do this? When I start with the normal instructions and interface to install a new Application on a device, I don't see an option to select an existing Application.

Thanks.
Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
raulgc
Level 1
Level 1

‎05-13-2024 08:47 AM

Hello Mike.

What do you mean about reusing applications? You mean a duo application with their respective key and skey or do you mean you want a way to automatically install the application to multiple servers with the same executable??

Both are possible. In the case that you mean a duo application with the key and skey you just need to type the same key and skey to all machines, there's no problem in doing that as its the actual way to do it. Multiple applications of the same type are commonly used to deny or accept and apply different policies not to join multiple machines.

If you want to automatically install duo in multiple servers with the same ejecutable you will need to follow this guide from duo.
https://duo.com/docs/winlogon-gpo

View solution in original post

3 Replies 3

Go to solution
raulgc
Level 1
Level 1

‎05-13-2024 08:47 AM

Hello Mike.

What do you mean about reusing applications? You mean a duo application with their respective key and skey or do you mean you want a way to automatically install the application to multiple servers with the same executable??

Both are possible. In the case that you mean a duo application with the key and skey you just need to type the same key and skey to all machines, there's no problem in doing that as its the actual way to do it. Multiple applications of the same type are commonly used to deny or accept and apply different policies not to join multiple machines.

If you want to automatically install duo in multiple servers with the same ejecutable you will need to follow this guide from duo.
https://duo.com/docs/winlogon-gpo

Go to solution
Mike Vanchiere
Level 1
Level 1

‎05-14-2024 09:36 AM

 I'm just looking at your response. I ran across this same guide earlier this morning. I think this guide will answer my questions.

Thanks for your prompt response.

Mike

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎05-15-2024 02:50 PM

Hi @Mike Vanchiere !

As the previous responder noted, it is certainly permissible to reuse the same RDP application (meaning the same ikey/skey) when you install Duo for Windows Logon on your computers.

However, you'll find that when you review your authentication logs for that ikey/skey combo in Duo you'll have a slightly harder time figuring out which auth events came from which system with Duo installed. You'll need to look for hostname info within the Duo authlogs.

If you use unique RDP applications for different servers, It's easier to tell which is which from your authlogs. Also you can configure different per-application policies between them instead of many group policies to one application.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents