Skip navigation
Documentation

Duo Directory Synchronization

Last Updated: March 10th, 2022

Learn about importing Duo users and groups from your existing external directories into Duo.

Overview

Organizations with an existing on-premises Microsoft Active Directory domain or OpenLDAP directory, or a cloud-hosted Azure Active Directory can import users, phones, and groups into Duo with directory synchronization. User information for imported users is updated regularly to reflect the latest user status and associated device information when available in the source directory. Deprovision synced users in Duo by disabling the external directory accounts or removing those users from the synced groups.

Scheduled synchronization of your full directory runs twice a day, or on-demand when initiated from the Admin Panel. You can also run an individual user sync on-demand from the Admin Panel or programmatically via Admin API.

Azure AD Synchronization

Duo imports users directly from Azure, without any additional on-premises software installation.

Azure Sync Network Diagram

Learn more about Azure AD synchronization

Active Directory Synchronization

Duo imports users via LDAP from Active Directory domains. When configuring AD sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your domain controller.

AD Sync Network Diagram

Learn more about Active Directory synchronization.

OpenLDAP Synchronization

Duo imports users via LDAP from OpenLDAP directories. When configuring OpenLDAP sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your directory server.

OpenLDAP Sync Network Diagram

Learn more about OpenLDAP synchronization.