MFA policies - Additional methods for MFA policies
Currently, there is a MFA policy which is DUO. Whilst our engineers at the business use Duo, our accounts and FD don't. Can we make it so a user is enforced MFA but via the built-in options, so that a user can decide an app of there choice?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hello @JakeBaalham! 👋
Thanks for the question! Duo replaces all other forms of two-factor authentication and users who have setup other 2FA methods (like a security key) will be prompted to enroll in Duo after you setup Duo for 1Password.
You can read more here: Use Duo for your team
Can you tell me more about why you're just enrolling some users in Duo but not others? I'd be happy to file a feature request with our team.
-Dave
0 -
Hi, just because some of our staff don't have work phones, nor want one. So having another app on their personal phone is an annoyance and I'm guessing they may push back. But allowing MFA to text or an existing authentication app, they may not care as much. Even having a policy but allow the user to chose what method they can use- including the integration of Duo. I think this would be good.
0 -
Thanks for the reply. My understanding that you can configure what authentication options users see when using Duo from the Duo portal. You could bypass Duo authentication for certain users or add authentication methods like SMS texts: Duo Administration - Policy & Control | Duo Security
I would reach out to Duo support to look into those options. Let me know if that would work for your organization or if you'd still like me to file a feature request.
-Dave
1