Skip navigation
Documentation

Duo Directory Synchronization

Last Updated: January 12th, 2024

Learn about importing Duo users, groups, and administrators from your existing external directories into Duo.

Overview

Organizations with an existing on-premises Microsoft Active Directory domain or OpenLDAP directory, or a cloud-hosted Microsoft Entra ID directory (formerly known as Azure Active Directory) can import users, groups, and administrators into Duo with directory synchronization. Duo regularly updates information for imported users and administrators to reflect the latest user status and associated device information when available in the source directory. Deprovision synced accounts in Duo by disabling the external directory accounts or removing those users from the synced user or administrator groups.

Scheduled user synchronization of your full directory runs twice a day, and runs every 30 minutes for administrators. Run either type of full sync on-demand from the Duo Admin Panel. You can also run an individual user or administrator syncs on-demand from the Admin Panel or programmatically via Admin API.

Entra ID Synchronization

Duo imports users and administrators directly from Entra ID, without any additional on-premises software installation.

Entra ID Sync Network Diagram

Learn more about Entra ID synchronization

Active Directory Synchronization

Duo imports users and administrators via LDAP from Active Directory domains. When configuring AD sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your domain controller.

AD Sync Network Diagram

Learn more about Active Directory synchronization.

OpenLDAP Synchronization

Duo imports users and administrators via LDAP from OpenLDAP directories. When configuring OpenLDAP sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your directory server.

OpenLDAP Sync Network Diagram

Learn more about OpenLDAP synchronization.