Duo 2FA, remember me does not work
I don't know if this question should be directed to Duo or you guys but I'm hoping that you can tell me.
When an account is added in a local 1Password installation a 2FA login is required and it triggers the Duo authentication prompt. The option "Remember me for 30 days" can't be ticked due to some third party cookie setting.
Is that some local browser setting, a setting in 1Password or should I raise this issue with Duo?
1Password Version: 7.1.1
Extension Version: Not Provided
OS Version: OS X 10.13.6
Sync Type: Not Provided
Referrer: forum-search:duo
Comments
-
Hi @amcds, welcome to our forum! :chuffed:
The frequency of how often account members must re-authenticate with Duo is controlled by the owners/administrators of your account; in the Duo configuration for the account is a "Remember Device Authentications" setting that controls how long in days to remember that a member has authenticated. You can learn more in our Duo configuration guide here: https://support.1password.com/duo/
As a general note, everything in the Duo pop-up in your screenshot is coming from the Duo side of things; on the 1Password side, only the Duo configuration exists, everything else comes from Duo directly.
I hope that helps - let me know if you have any more questions! :+1:
John
0 -
Hi @john_m
Thanks :)
Ok, but the question is actually who renders that site - is it the 1Password app or a local browser, because Duo is already set up to be able to use remember me, but the checkbox can't be ticked as the browser rejects the cookie that is supposed to store the number of days.
So are you (1Password) using the system default browser or some native browser?
/david
0 -
Hi @amcds,
1Password for Mac uses standard macOS controls for displaying most of its web content, so that dialog is likely based on Safari's rendering engine; the contents of the dialog are coming directly from Duo. With Duo enabled, you need to authorise each device associated with your 1Password account membership whenever the "Remember Device Authentications" time limit has passed; so for example, let's say you are signed into your account from the app on that Mac, and also from the app on an iPhone - you will need to separately authenticate each device with Duo, authenticating with one device won't automatically authenticate the other device for you. When an authentication check is made against Duo, if it passes you won't see the Duo prompt at all - so in essence, I believe the "Remember me for 30 days" checkbox there is irrelevant to 1Password, as "remembering" is based on the setting defined by your 1Password account owner or administrator.
Let me know if you have any more questions about it :chuffed:
John
0 -
Found that setting on the 1Password online account administration now (Settings->Duo)
Thank you for your help :chuffed:0 -
We're also facing this issue, with our Duo policy set to allow remembering device authentication for up-to 180 days. Unfortunately, it appears that the specific web view that 1Password uses to render the Duo controls does not permit cookies to be set, and so we receive the "you need to enable cookies …" warning as soon we click the "remember me …" checkbox.
Would you please consider enabling httpcookiestorage in the relevant webview? https://developer.apple.com/documentation/foundation/httpcookiestorage
0 -
Thanks for the update! I look forward to hearing more.
0 -
:) :+1:
0
