Learn about importing Duo users and groups from your existing external directories into Duo.
Organizations with an existing on-premises Microsoft Active Directory domain or OpenLDAP directory, or a cloud-hosted Azure Active Directory can import users, phones, and groups into Duo with directory synchronization. User information for imported users is updated regularly to reflect the latest user status and associated device information when available in the source directory. Deprovision synced users in Duo by disabling the external directory accounts or removing those users from the synced groups.
Scheduled synchronization of your full directory runs twice a day, or on-demand when initiated from the Admin Panel. You can also run an individual user sync on-demand from the Admin Panel or programmatically via Admin API.
Duo imports users directly from Azure, without any additional on-premises software installation.
Duo imports users via LDAP from Active Directory domains. When configuring AD sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your domain controller.
Duo imports users via LDAP from OpenLDAP directories. When configuring OpenLDAP sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your directory server.