Skip navigation
Documentation

Administration Overview - Using the Admin Panel

Contents

Every aspect of your Duo two-factor authentication system can be managed from the Duo Admin Panel. This includes creating and managing applications, enrolling and activating users, issuing and managing SMS passcodes and bypass codes, managing mobile devices, fine-tuning the user experience of your Duo installation, and more.

Accessing the Admin Panel

Logging In

To access the Duo Admin Panel, navigate to https://admin.duosecurity.com, enter your administrator account email address and password, and click Log In.

Admin User Login Prompt

After your login information is accepted, click on a second factor. Complete secondary authentication to continue on to the Admin Panel.

Admin User 2FA Prompt

Factor Description
Duo Push Sends an authentication request to the Duo Mobile app on your device. Tap approve on your phone to log in.
Text Me Sends a passcode via SMS to your phone. Type the passcode in the box where prompted and click Submit.
Call Me Calls you with a passcode. Type the passcode in the box where prompted and click Submit.

You must activate your administrator account for Duo Mobile separately from your user account to use Duo's push authentication with the Admin Panel. See Managing Administrative Users for instructions.

If you've forgotten your password, click the Forgot Password link. Enter the email address that you use to log in to your Duo administrator account and click Submit. Check your email for your password reset link.

Reset Forgotten Administrator Password

Admin Panel Overview

Dashboard

The Admin Panel dashboard gives you a snapshot of your organization's activity.

Admin Panel Dashboard

The information shown first on the Dashboard lists the number of total endpoints (or 2FA devices, depending on your plan),users, applications, and telephony credits that exist in your account. We round very large quantities for the dashboard display, but you can click any of the numbers to see an exact count.

The total endpoints summary information on the dashboard indicates how many of your endpoints have outdated operating systems, browsers, or plugins. Click the "out of date" link to view more detailed information on the Device Insight page.

You can also see how many available user licenses are included in your current plan. Clicking the "licenses remaining" link takes you to the Billing page, where you can change your number of licensed users.

The World View map shows where on Earth your users are accessing Duo protected services. Successful authentications are shown as a green checkmark, while a red X flags authentication failures. Authentication errors show up as a grey X, and authentication attempts denied by an enduser and marked as fraud are a red exclamation point. You can use the + and - buttons to zoom in and out on the map.

The Authentication Log lists information about the last ten logons, including the date and time, the username, which application was used, the second factor type used, whether the authentication was successful or not and why, the source IP address and location (if the logon originated from a public IP address), and the client OS, browser, and plugin information. You can click the "Full authentication log" link on the right to view additional events.

Along the far right side of the Admin Panel dashboard is our "What's New?" feed, where we'll call your attention to new features and enhancements to the Duo service.

Click on your name in the upper-right corner to access your administrator account action menu. Edit Profile lets you change the name associated with your administrator login, reset your password for the Admin Panel, update your secondary authentication phone number, and activate Duo Mobile for Admin Panel login. You can also click Log Out on this menu to end your Duo administrator session. You'll be logged out of the Admin Panel automatically after 60 minutes of inactivity.

Navigation

Manage or view different object types by clicking the links on the left side of the Admin Panel. You may be shown a subset of these links, depending on your assigned administrative role.

  • Dashboard: Return to the summary and authentication map.
  • Device Insight: Review information about clients and devices authenticating to Duo. See Device Insight. This tab only appears in Platform Edition.
  • Policies: Define and assign access policies by user group and per application. See Policy & Control. This tab only appears in Platform Edition.
  • Applications: View, add, and modify applications. See Protecting Applications.
  • Users: View, create, and modify users. See Managing Users.
  • Endpoints: Review operating system, browser, and plugin security status information about end user devices accessing Duo. See Endpoints. This tab only appears in Platform Edition.
  • 2FA Devices: View, create, and assign phones, hardware tokens, and other authentication devices. See Managing Devices.
  • Groups: Create and view groups. See Using Groups.
  • Administrators: Create and manage administrator access to Duo. See Managing Administrative Users and Administrative Roles.
  • Reports: View authentication events and administrator actions. See Reports.
  • Settings: Change global settings for your Duo service. See Changing Settings.
  • Billing: Manage payment methods, change your Duo subscription, view and download your monthly billing history, and purchase telephony credits or Duo hardware tokens.

You'll find Duo's support information on the left side of the Admin Panel as well. Paying customers may click the Support Tickets link on the left create and manage support cases in the customer portal. You'll need your Account ID information from the left side of the Admin Panel if you contact Duo support via phone or email.

Additionally, you'll find your Deployment ID on the left, under your Account ID. Clicking the Deployment ID takes you to the Duo Service Status page, where you can see the current operational status of Duo's cloud systems.

Click the Add New... button in the top right of the Dashboard to quickly create a new user, group, or application.

Quick Add

Use the search field at the top right of the Admin Panel to quickly find a particular user, phone or token device, group, or application.

Quick Search

Reports

All administrator roles except Billing can view reports. Clicking the Reports link on the left side of the Admin Panel takes you to the Authentication Log.

Authentication Log

You'll see a list of authentication attempts that shows the following information:

  • When the login was attempted
  • The username
  • Which application was used
  • They type of authentication event
  • Whether the logon attempt was successful or not (if access is denied, a reason is provided)
  • The client OS, browser, and browser plugin information (if using a web based application with Duo's inline authentication prompt
  • The location from which the logon attempt originated (if a publicly resolved IP address)
  • The client IP address (if the client sends IP information)
  • What type of Duo authenticator was used (Duo Push, SMS, phone call, etc)
  • Information about the device that was used for Duo authentication (phone number, location, IP address, etc.)

Authentication Log

Platform edition customers also see events for users that access an application without two-factor authentication as a result of setting the New User Policy setting to "allow access".

The authentication log may be filtered by user, application, or group.

Authentication Log Filtering

Click the Reports button in the upper right side of the log display and select CSV or JSON to download a copy of the log. You can also select URL to obtain a direct link to your current authentication log view. If you've added any filters to your current view of the log, the report only includes the filtered results.

The Admin Panel truncates authentication log entry display to the last three months or the most recent 10,000 events (whichever is shorter). To view older authentication events use our Admin API.

Telephony Log

The telephony log shows all the phone calls and SMS messages sent by Duo. These could be initiated by administrator login to the Admin Panel, user login to Duo protected services, or device enrollment and activations links sent to users and administrators (as shown in the "Context" column).

The number in the "Credits" column shows how many credits were deducted from your telephony credits balance for each phone call or message.

Telephony Log

Click the Reports button in the upper right side of the log display and select CSV or JSON to download a copy of the log. You can also select URL to obtain a direct link to your current telephony log view.

Administrator Actions Log

The administrator actions log shows activity by your organization's Duo administrators. Examples of logged administrator actions include:

  • Administrator to the Admin Panel
  • Tasks like adding, modifying, or deleting phones, users, tokens, applications, and other administrators
  • AD Sync start and end

Administrator Actions Log

Click on the link in the "Action" column to see more details.

Authentication Log Filtering

The authentication log may be filtered by administrator.

Authentication Log Filtering

Click the Reports button in the upper right side of the log display and select CSV or JSON to download a copy of the log. You can also select URL to obtain a direct link to your current administrator actions log view. If you've added any filters to your current view of the log, the report only includes the filtered results.

Log Retention

Duo authentication, telephony, and administrator action log entries are retained indefinitely by default. Change the log retention period to your desired maximum number of days in the “Logging” setting.

Troubleshooting

Need some help? Try searching our Knowledge Base articles or Community discussions. For further assistance, contact Support.

Ready to Get Started?

Sign Up Free