# Duo Mobile

# General Duo Troubleshooting

1. user cannot get in with wrong security groups 
    1. wrong username alias
    2. possibly not in the right group at all
    3. azure might remove underscores and periods on azure joined machines 
        1. might have to create an alias with the dash in the name but not the period

# Duo Hybrid Environment reporting wrong Address to Duo

<span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak" dir="ltr">Just as an FYI, for Azure-only environments in Duo, for some reason the Windows Login app reports almost the "wrong" address to Duo.</span>

<span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak" dir="ltr">This is why historically we've had to create an alias without the period in the middle, in Duo</span>

<span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak" dir="ltr">There *is* a fix for it that does not involve aliases, but it involves a registry key and restarting the computer.</span>

[![image.png](https://docs.coltscomputer.services/uploads/images/gallery/2025-05/scaled-1680-/bavxX7FTvRj2TRKk-image.png)](https://docs.coltscomputer.services/uploads/images/gallery/2025-05/bavxX7FTvRj2TRKk-image.png)

HKLM\\SOFTWARE\\Duo Security\\DuoCredProv

UsernameFormatForService should instead be a "0" so it actually reports "firstname.lastname@domain.com" to Duo, in Azure-only environments. For some reason, Hybrid environments don't have this limitation and I don't know why.

# Adding DUO to ScreenConnect

[https://docs.connectwise.com/ConnectWise\_ScreenConnect\_Documentation/Get\_started/Administration\_page/Security\_page/Enable\_two-factor\_authentication\_for\_host\_accounts/Configure\_two-factor\_authentication\_with\_Duo](https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/Get_started/Administration_page/Security_page/Enable_two-factor_authentication_for_host_accounts/Configure_two-factor_authentication_with_Duo)

1. Go to the [duo admin center](http://admin.duosecurity.com/) and log in
2. switch to the CTS Computers - Internal tenant
3. Navigate to Applications along the side and then select the Auth API Option
4. Create a new Auth API policy or use the existing one
5. Note down the api hostname, secret key, and integration key
6. Navigate to the ScreenConnect Admin portal, and then web configuration settings
7. ![](https://cts-computers.itglue.com/2066033/docs/16561549/images/24296070)
8. scroll to the bottom of the page and input your duo information from earlier
9. Edit any existing users you wish to use with duo and change the OTP option like so
10. ![](https://cts-computers.itglue.com/2066033/docs/16561549/images/24296097)
11. Under the OTP option enable "duo: username"
12. This will be the username that is sent to duo. This must match the usernames in Duo.

# Add virtual hardware token to Duo

<div id="bkmrk-use-the-following-we">Use the following website to create a secret key for TOTP 6 digit</div><div id="bkmrk-totp-generator-%28xanx">[TOTP Generator (xanxys.net)](https://www.xanxys.net/totp/)</div><div id="bkmrk-">  
</div><div id="bkmrk-duo%2C-requires-the-se">DUO, requires the secret to be in HEX</div><div id="bkmrk-itg%2C-requires-in-bas">ITG, requires in Base32</div><div id="bkmrk--1">  
</div>[![20553828.png](https://docs.coltscomputer.services/uploads/images/gallery/2024-08/scaled-1680-/U9Q7QGaa4Mie2NXj-20553828.png)](https://docs.coltscomputer.services/uploads/images/gallery/2024-08/U9Q7QGaa4Mie2NXj-20553828.png)

[![20553883.png](https://docs.coltscomputer.services/uploads/images/gallery/2024-08/scaled-1680-/qykEi5iJ011odnTO-20553883.png)](https://docs.coltscomputer.services/uploads/images/gallery/2024-08/qykEi5iJ011odnTO-20553883.png)

Should look like this

123456,cd074dac8ad1fb6fb3d513a713e160cd6a10c6f3,30

<div id="bkmrk--4">  
</div><div id="bkmrk--5"></div>