01-23-2025 11:20 PM
Is there a workaround for users/groups synced from a directory to modify Duo groups? For example, certain users from AD have no groups assigned to them as only individual users. Can groups be created in Duo? Additionally, if there are AD groups for users, is there another way to group specific users in Duo
01-24-2025 08:42 AM - edited 01-24-2025 08:42 AM
You can only sync users in to Duo if they are members of a group in AD and you have selected that group in your Duo AD sync configuration.
While there are ways to manually create users in Duo if you can't import them via sync, and to manually create groups in Duo containing these manually-created users, I do not suggest you try this because it is a lot of manual admin work and your time could likely be better spent doing other things.
I recommend you just create a "Duo Users" (or whatever name you prefer) group in AD and add those AD users who are in no other groups to that group, and then update your Duo AD sync config to import that new group too. That way as long as users are added to that group in AD your Duo users will be kept up to date via sync without you needing to do extra work in the Admin Panel.
01-26-2025 01:47 PM
What DuoKritina is saying is typically how many customers do it.. They start with a test group "Duo Users" with a few test users, and then expand the group to all users. Then it is easy to manage. ofcourse if you want to do different policies on a group basis, then having different groups would help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide