Learn about importing Duo users, groups, and administrators from your existing external directories into Duo.
Organizations with an existing on-premises Microsoft Active Directory domain or OpenLDAP directory, or a cloud-hosted Azure Active Directory (now known as Microsoft Entra ID) can import users, groups, and administrators into Duo with directory synchronization. Duo regularly updates information for imported users and administrators to reflect the latest user status and associated device information when available in the source directory. Deprovision synced accounts in Duo by disabling the external directory accounts or removing those users from the synced user or administrator groups.
Scheduled user synchronization of your full directory runs twice a day, and runs every 30 minutes for administrators. Run either type of full sync on-demand from the Duo Admin Panel. You can also run an individual user or administrator syncs on-demand from the Admin Panel or programmatically via Admin API.
Duo imports users and administrators directly from Azure (now known as Microsoft Entra), without any additional on-premises software installation.
Duo imports users and administrators via LDAP from Active Directory domains. When configuring AD sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your domain controller.
Duo imports users and administrators via LDAP from OpenLDAP directories. When configuring OpenLDAP sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your directory server.