Learn about importing Duo users and groups from your existing external directories into Duo.
Organizations with an existing on-premises Microsoft Active Directory domain or OpenLDAP directory, or a cloud-hosted Azure Active Directory can import users, phones, and groups into Duo with directory synchronization. User information for imported users is updated regularly to reflect the latest user status and associated device information. Deprovision synced users in Duo by disabling the external directory accounts or removing those users from the synced groups.
Synchronization runs on a daily schedule, with the ability to initiate on-demand sync from the Admin Panel or programmatically via Admin API.
Duo imports users directly from Azure, without any additional on-premises software installation.
Duo imports users via LDAP from Active Directory domains. When configuring AD sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your domain controller.
Duo imports users via LDAP from OpenLDAP directories. When configuring OpenLDAP sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your directory server.