cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
127
Views
1
Helpful
1
Replies

DUO Custom Policy Question

itsupport
Level 1
Level 1

I am trying to create a policy so when admin accounts login to a windows computer, since they have elevated privileges, MFA is required, but when all other users login, it's not required. We already have them required to login over VPN. 

When I create the policy, add the group, and apply that policy to the install, it still requires me to MFA with my normal account. I haven't even tried the SA account yet. Stumped.

1 Accepted Solution

Accepted Solutions

We do this for our Citrix boxes.

Create a new application, so you'll use a different key and key for these boxes.

Then make sure you're importing 2 groups from AD for this, an admins group and one for everyone else.

Then in this application add a group policy, set it to apply to the admins and set the Authentication policy to require 2 factor.

Create a new group policy for this application, set it for your other group and set the Authentication policy to skipn2 factor.

Make sure the server policy is first.

View solution in original post

1 Reply 1

We do this for our Citrix boxes.

Create a new application, so you'll use a different key and key for these boxes.

Then make sure you're importing 2 groups from AD for this, an admins group and one for everyone else.

Then in this application add a group policy, set it to apply to the admins and set the Authentication policy to require 2 factor.

Create a new group policy for this application, set it for your other group and set the Authentication policy to skipn2 factor.

Make sure the server policy is first.
Quick Links