Announcing General Availability of Duo’s Device Health App-Based Manual Integration Feature for Trusted Endpoints
Today we announce the general availability of Duo’s manual integration feature based on the Duo Device Health Application. The manual integration feature allows IT administrators to manage devices that are not present in an enterprise device management system, such as ‘bring your own devices’ (BYOD) and contractor owned devices. The manual integration feature also provides an easy way to upload device inventory, add a single device, or delete and edit the device information via the Duo Admin panel. Furthermore, the administrator can view the list of devices added via manual integration in the Duo Admin panel. This feature is available to all Duo Beyond edition customers.
We recommend using the mobile device management (MDM)-based integration for devices that are present in an MDM supported by Duo. For non-corporate managed devices – such as contractor, partner or vendor devices – and for BYOD devices, we recommend using the Manual Integration to add the devices to Duo Device inventory via the Duo admin panel. This feature also allows you to upload a CSV file containing device identifiers, a description and a trust expiration date.
Trust Expiration Date
The trust expiration date helps you define the duration for which the device is considered trusted. After this date, the device is considered ‘untrusted’ and not allowed to access enterprise data. This ensures that you can control the time period during which a particular device gets access to enterprise data.
A trusted device will expire at 00:000:00 UTC on the chosen expiry date. Expired devices are not removed from the inventory but will not be trusted in the same way they would if they were not in the inventory. They are also shown with an “Expired” label in the table to indicate that they have expired.
What is the Duo Trusted Endpoints feature?
Duo's Trusted Endpoints feature secures your sensitive applications by ensuring that only known devices can access Duo-protected services. When a user authenticates via the Duo Prompt, we'll compare device identifiers collected by the Duo Device Health application installed on that endpoint with the identifiers of known Windows and macOS devices stored in Duo. You can monitor access to your applications from managed and unmanaged devices, and optionally block access from devices not managed by your organization.
To use the manual integration feature, you will need to know the unique device identifier for each Windows, macOS or Linux device that you plan to add. We have provided helpful information and a script that will help you retrieve this identifier.
You will also need to install the Duo Device Health App on the end user's desktop or laptop for it to work with a trusted endpoint.
1. Select “Add Integration”
2. Scroll down to “Manual Integration” and select the operating system of the end user device
3. Select the right OS, then click “Add” to go to the screen below; if you need help retrieving the unique device identifier, click the “How to Retrieve Device IDs” on this page
4. Provide the device identifier, the trust expiration date and, optionally, a device description like so:
5. Once the administrator clicks on the “Add devices to inventory,” the device will be added to the Duo Device Cache
6. Finally, the administrator will need to change the integration status to “Active” to turn on this integration for all devices; alternatively, the administrator can test this feature with a group of devices prior to activating it for all of them
To learn more, see Duo Documentation, and to learn more about the other trusted endpoint integrations, visit the Trusted Endpoints documentation page. We look forward to hearing your feedback.
All Duo customers have access to Level Up, our online learning platform offering courses on a variety of Duo administration topics. To access Level Up content, sign in with the same email address you use to sign into the Duo Admin Panel.