Duo Mobile
- General Duo Troubleshooting
- Duo Hybrid Environment reporting wrong Address to Duo
- Adding DUO to ScreenConnect
- Add virtual hardware token to Duo
General Duo Troubleshooting
- user cannot get in with wrong security groups
- wrong username alias
- possibly not in the right group at all
- azure might remove underscores and periods on azure joined machines
- might have to create an alias with the dash in the name but not the period
Duo Hybrid Environment reporting wrong Address to Duo
Just as an FYI, for Azure-only environments in Duo, for some reason the Windows Login app reports almost the "wrong" address to Duo.
This is why historically we've had to create an alias without the period in the middle, in Duo
There is a fix for it that does not involve aliases, but it involves a registry key and restarting the computer.
HKLM\SOFTWARE\Duo Security\DuoCredProv
UsernameFormatForService should instead be a "0" so it actually reports "firstname.lastname@domain.com" to Duo, in Azure-only environments. For some reason, Hybrid environments don't have this limitation and I don't know why.
Adding DUO to ScreenConnect
- Go to the duo admin center and log in
- switch to the CTS Computers - Internal tenant
- Navigate to Applications along the side and then select the Auth API Option
- Create a new Auth API policy or use the existing one
- Note down the api hostname, secret key, and integration key
- Navigate to the ScreenConnect Admin portal, and then web configuration settings
- scroll to the bottom of the page and input your duo information from earlier
- Edit any existing users you wish to use with duo and change the OTP option like so
- Under the OTP option enable "duo: username"
- This will be the username that is sent to duo. This must match the usernames in Duo.
Add virtual hardware token to Duo
Use the following website to create a secret key for TOTP 6 digit
DUO, requires the secret to be in HEX
ITG, requires in Base32
Should look like this
123456,cd074dac8ad1fb6fb3d513a713e160cd6a10c6f3,30