Skip navigation

Duo Security is now a part of Cisco

About Cisco

Documentation

Administration Overview - Using the Admin Panel

Last Updated: September 9th, 2019

Contents

Every aspect of your Duo two-factor authentication system can be managed from the Duo Admin Panel. This includes creating and managing applications, enrolling and activating users, issuing and managing SMS passcodes and bypass codes, managing mobile devices, fine-tuning the user experience of your Duo installation, and more.

Video Overview

Accessing the Duo Admin Panel

The browser used to access the Admin Panel must support TLS 1.2, which most modern browsers do by default. If you are concerned about compatibility, please update your browser or check your browser’s SSL implementation here: https://www.ssllabs.com.

To access the Duo Admin Panel:

  1. Navigate to the Duo Admin Panel at https://admin.duosecurity.com.

  2. Enter your administrator account email address. If you're logging in from a private computer or device, you can check the Save my email address for next time option. Don't do this if you are on a shared kiosk or public computer.

    Admin User Login: Enter Username

  3. The next step depends on whether your organization has federated Duo administrator logins with an external single sign-on identity provider (IdP), and the experience differs when SSO login is required from when it is optional.

    Password Login Only

    Your organization has not configured SAML login for admins, so no SSO options are presented. Enter your administrator password, and click Log in.

    Admin User Login: Enter Password

    SSO Login Required

    Your organization prefers that administrators sign in using SSO. Click the Continue to identity provider button to be taken to your organization's identity provider (IdP) where you'll sign in with your primary user credentials.

    Admin User Login: SSO Identity Provider

    SSO Login Optional

    You can choose how to sign-in. Clicking the Log in using Single Sign On button takes you to your organization's IdP to complete primary authentication.

    If you were assigned a password for the Duo Admin Panel you may use that instead of SSO. Click Log in using password to show the password entry form. Enter your administrator password, and click Log in.

    Admin User Login: Select Credential

    If you checked the Save my email address for next time option, then we'll also save your login preference and won't ask you to choose between single sign-on or password authentication again. You can switch between methods by clicking the link to use the other option instead.

  4. After successful authentication via SSO or by entering the correct Duo admin password, you then must authenticate using a second factor. Complete login verification by selecting one of the available methods.

    • Duo Push: Approve a login verification request sent to your smartphone with the Duo Mobile app. You must activate your administrator account for Duo Mobile separately from your user account to use Duo's push authentication at the Admin Panel. See Use Duo Push for Administrator Authentication for instructions.
    • Text Me: Receive an SMS message containing a one-time passcode. Enter this into the Passcode field and click Submit. This passcode is valid for five minutes.
    • Call Me: Receive a phone call communicating a one-time passcode. Enter this into the Passcode field and click Submit. This passcode is valid for five minutes.
    • Passcode: Enter a one-time passcode received via SMS or phone call, or generated by Duo Mobile or a hardware token.

    The two-factor authentication methods available may differ depending on your organization's Admin Authentication Methods settings. If, for example, your organization disabled the "Phone Callback" method, you won't see the "Call Me" 2FA option when you log in.

    Admin User Login: Complete 2FA

Forgotten Password

If you've forgotten your password, click the Forgot Password link shown after you enter your email address. Enter the email address that you use to log in to your Duo administrator account and click Submit. Check your email for your password reset link.

Reset Forgotten Administrator Password

Account Lockout

Entering the wrong password or passcode for your admin account or letting the push or phone call 2FA approval request time out) increments the failed login count. After ten failed login attempts, your admin account will be locked out. Duo will send you an email containing a link you can click to immediately unlock your account. Otherwise, your admin account will automatically unlock after 24 hours.

If you don't have access to email and you can't wait 24 hours for your account to unlock itself, then you can ask another Duo admin at your organization for help. See Unlocking an Administrator for more info about manually unlocking an admin account.

Admin Panel Overview

Dashboard

The Admin Panel dashboard gives you a snapshot of your organization's activity.

Admin Panel Dashboard

When viewing the dashboard keep in mind that we round very large quantities for the dashboard display, but you can click any of the numbers to see an exact count.

The information shown first on the dashboard provides a quick overview of users with bypass or locked out status, inactive users who haven't logged in using Duo for the last 30 days, and your total end user count. Click on any of these items to view a filtered list of users.

Click the "Licenses Remaining" link to view the Deployment Progress report, which tracks how many end users there are in your Duo deployment, how many applications you've protected with Duo, the average number of 2FA devices per user, and the top authentication method used over the last 24 hours.

The endpoints summary information on the dashboard indicates how many of your endpoints have outdated operating systems and shows how that number has changed over the last week. Click the "Out of Date OS" or "Total Endpoints" link to view more detailed information on the Device Insight page.

Click anywhere on the interactive graph of your most recent authentication successes and failures to view the Authentication Log, filtered to display the related events.

The Authentication Log lists information about the last ten Duo login attempts, including the following:

  • Date and time of the access attempt
  • Whether the authentication was successful or not and why
  • The Duo username
  • Which application was accessed
  • Access device information, such as the source IP address and location (if the login originated from a public IP address), the client OS, browser, and plugin information, and trusted status
  • Second factor device information, such as the type of Duo factor used, the device's phone number, and source IP address and location (if the Duo Push response originated from a public IP address)

You can click the "Full authentication log" link to view all login events.

Along the far right side of the Admin Panel dashboard is our "What's New?" feed, where we'll call your attention to new features and enhancements to the Duo service.

Click the Add New... button in the top right of the Dashboard to quickly create a new user, group, or application (you can also click the navigation link of the left for the type of object you want to create).

Quick Add

Click on your name in the upper-right corner to access your administrator account action menu. Edit Profile lets you change the name associated with your administrator login, reset your password for the Admin Panel, update your secondary authentication phone number, and activate Duo Mobile for Admin Panel login. You can also click Log Out on this menu to end your Duo administrator session. You'll be logged out of the Admin Panel automatically after 60 minutes of inactivity.

Navigation

Manage or view different object types by clicking the links on the left side of the Admin Panel. You may be shown a subset of these links, depending on your assigned administrative role.

You'll find Duo's support information on the left side of the Admin Panel as well. Paying customers may click the Support Tickets link on the left create and manage support cases in the customer portal. You'll need your Account ID information from the left side of the Admin Panel if you contact Duo support via phone or email.

Additionally, you'll find your Deployment ID on the left, under your Account ID. Clicking the Deployment ID takes you to the Duo Service Status page, where you can see the current operational status of Duo's cloud systems.

Viewing Information

Use the search field at the top right of the Admin Panel to quickly find a particular user (by username or alias), phone or token device, group, or application.

Quick Search

Clicking most of the navigation items on the left of the Admin Panel window takes you to a table view of those objects (i.e. clicking Users shows you a table of Duo users).

Information tables in Duo are either paginated, where you can change the page size from 250 to 100 items and click forward and back between pages, or the table shows a Load More button at the bottom of the current data view that you can click to show more information. Most tables have a search field in the upper right that you can use to filter records in place.

If the table has an Export button, you can click that to download information in CSV, JSON, or PDF format, or select URL to obtain a direct link to your current view. If you've filtered the information in the table using search, the downloaded information only includes those search results.

Reports

All administrator roles except Billing can view reports. Clicking the Reports link on the left side of the Admin Panel takes you to the Authentication Log.

Authentication Log

The default view shows authentication events for the previous 24 hours. You'll see a visual representation of authentication successes and failures, and a list of authentication attempts that shows the following information:

  • When the login was attempted
  • Whether the login attempt was successful or not (if access is denied, a reason is provided)
  • The username
  • Which application was used
  • The access client's operating system -Click browser, and browser plugin information (if using a web based application with the inline Duo Prompt
  • The location from which the login attempt originated (if a publicly resolved IP address)
  • The client IP address (if the client sends IP information)
  • What type of Duo authenticator was used (Duo Push, SMS, phone call, etc)
  • Information about the device that was used for Duo authentication (phone number, location, IP address, etc.)

Authentication Log

Duo Beyond, Access, and MFA plan customers also see events for users that access an application without two-factor authentication as a result of setting the New User Policy setting to "allow access".

To narrow down the authentication logs shown, click on "Last 24 Hours - No filters applied" (the default) at the top of the page to expand the filtering options. You can expand the time range up to a maximum of 180 days, filter the authentication log information by typing in all or part of a user, application, or group name, or select from other criteria like second factor devices used to authenticate or authentication log success or failure reasons.

Authentication Log Filtering

Click the Export button in the upper right side of the log display and select JSON or CSV to download a copy of the authentication log. You can also select Print to go directly to your browser's print dialog. If you've added any filters to your current view of the log, the report only includes the filtered results.

Telephony Log

The telephony log shows all the phone calls and SMS messages sent by Duo. These could be initiated by administrator login to the Admin Panel, user login to Duo protected services, or device enrollment and activations links sent to users and administrators (as shown in the "Context" column).

The number in the "Credits" column shows how many credits were deducted from your telephony credits balance for each phone call or message.

Telephony Log

Click the Export button in the upper right side of the log display and select CSV, JSON, or PDF to download a copy of the log. You can also select URL to obtain a direct link to your current telephony log view.

Administrator Actions Log

The administrator actions log shows activity by your organization's Duo administrators. Examples of logged administrator actions include:

  • Administrator login to the Admin Panel
  • Tasks like adding, modifying, or deleting phones, users, tokens, applications, and other administrators
  • Directory sync start and end and any updates made by the sync

Click on any of the column headings to sort log entries by that column.

Administrator Actions Log

Click on the link in the "Action" column to see more details.

Authentication Log Filtering

The authentication log event display may be filtered by administrator.

Authentication Log Filtering

Click the Export button in the upper right side of the log display and select CSV, JSON, or PDF to download a copy of the log.You can also select URL to obtain a direct link to your current administrator actions log view. If you've added any filters to your current view of the log, the report only includes the filtered results.

Log Retention

Duo authentication, telephony, and administrator action log entries are retained indefinitely by default. Change the log retention period to your desired maximum number of days in the “Logging” setting.

Troubleshooting

Need some help? Try searching our Knowledge Base articles or Community discussions. For further assistance, contact Support.