Duo Central is a cloud-hosted portal that your users can visit to get access to all of your organization's applications and links.
Duo Central, part of Duo Single Sign-On, is a cloud-hosted portal that your users can visit to get access to all of your organization's applications and links.
Before you start using Duo Central make sure to meet all the requirements described below:
Role required: Owner, Administrator, or Application Manager
Log in to the Duo Admin Panel, click Single Sign-On in the navigation bar on the left, and then click Duo Central.
Review the information on the "Duo Central" page. Once you're ready, click Get Started. You'll be taken to a new page.
The Duo Central Configuration & Policy tab allows you to configure a help link, custom URL, custom policies and more.
On the Duo Central Configuration & Policy tab the Duo Central name field controls the name shown to your users during a Duo Push to log into Duo Central and the name they see in their browser tab.
The URL is the website address users will visit to log into Duo Central. If you do not already have a custom subdomain set, you can click Create your custom subdomain to do so.
The Get Help link field allows you to enter a support URL from your organization that your users will be able to access from the Duo Central page to get support.
The Self-Service Portal lets users add, update, and remove authentication devices from the Duo prompt. See the self-service portal documentation.
To enable this feature for Duo Central, check the Show "My Settings and Devices" link in Duo 2FA prompt.
You can restrict active Duo user access to Duo Central by checking the box Only allow authentication from users in certain groups next to "Permitted Groups". Learn more about permitted groups.
Note that when this setting is configured it only applies at the login to Duo Central, not to visibility of tiles once logged in to Duo Central. It also only affects users who exist in Duo with "Active" status. This does not affect application access for existing users with "Bypass" status or users who do not exist in Duo when the effective New User Policy for the application is set to allow access to unenrolled users.
Under "Policy" you can create and assign application and group policies to Duo Central that control device security, allowed authenticators, and more. Learn more about policies.
Under Settings you can configure a voice greeting, add administrative notes, and assign administrative units.
Once you've made all the changes, click Save Settings. You'll be redirected to the Tiles tab.
At the top of the Duo Central configuration page you can:
Duo's next-generation authentication experience, the Universal Prompt, is coming to web-based applications that display the current Duo Prompt in browsers.
Migration to Universal Prompt for your Central application is a two-step process:
We've already updated the Duo Central application hosted in Duo's service to support the Universal Prompt when it's ready, so there's no action required on your part to update the application. The "Universal Prompt" section of this application's details page in the Admin Panel reflects this status today as "Waiting on Duo".
When the Universal Prompt becomes available, you'll return here to activate it for users of this application. The status will change to "New Prompt Ready", and you'll see the control here for turning it on or off. Until then, your users continue to experience the current Duo prompt.
Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications in-scope for Universal Prompt support.
Read the Universal Prompt Update Guide for more information about the update process to support the new prompt, and watch the Duo Blog for future updates about the Duo Universal Prompt.
If you're interested in participating in a private preview of the Universal Prompt experience, please apply using this form.
There are two different types of tiles you can add to Duo Central:
On the Duo Central "Tiles" tab click Add tile. A pop-up will appear.
In the "What do you want to add to Duo Central?" pop-up click Add application tile. You'll be taken to a new page.
On the "Add Application Tiles" page you can select any of your existing Duo-protected applications to be added to Duo Central. Upon checking the box next to the application if the application does not have a checkmark in the "SSO" column you'll need to provide the Login URL of this application.
Once you've selected all your Duo applications you'd like to add as tiles click Add tiles. You'll be returned to the Duo Central "Tiles" tab.
On the Duo Central "Tiles" tab click Add tile. A pop-up will appear.
In the "What do you want to add to Duo Central?" pop-up click Add bookmark tile. You'll be taken to a new page.
On the "Add Bookmark Tile" page type in the name of the tile into the Display Name. You should see the name automatically updated in the "Tile preview".
Type the URL you'd like the tile to link to into the URL field. Please note that URLs must start with http:// or https://.
Under "Tile Preview" you can click Add custom logo to upload a custom image to your tile. The tile preview will automatically update to reflect the new image. If you'd like to remove the image click Delete custom logo.
Next to "Permitted Groups" you can use Duo groups to control which users see a bookmark. By default all users will can see a bookmark but you can restrict this by click Display only to permitted groups and then choosing which groups should be able to see the bookmark.
Once you've made all your changes, click Save at the top of the screen. You'll be returned to the Duo Central "Tiles" tab.
On the Duo Central "Tiles" tab find the tile you'd like to edit and click Edit under the "Actions" column. You'll be taken to a new page.
Depending on type of tile, you'll be able to edit different properties.
SSO Application tiles will let you edit the name and custom logo. Changing the name will also update the application's name as well. To change the permitted groups you'll need to visit the application's configuration page.
Non-SSO Application tiles will allow you to edit the name, login URL, and custom logo. Changing the name will also update the application's name as well. To change the permitted groups you'll need to visit the application's configuration page.
Bookmark tiles will allow you to edit the name, URL, logo, and permitted groups.
Once you've made all your edits to a tile click Save at the top of the page. You'll be returned to the Duo Central "Tiles" tab.
On the Duo Central "Tiles" tab find the tile you'd like to edit and click Delete under the "Actions" column.
A pop-up will appear asking you to confirm the tile deletion. Deleting an application tile does not delete the Duo-protected application. Click Yes, remove tile from Duo Central.
The tile will be deleted and you'll be returned to the Duo Central "Tiles" tab.
Once you've configured Duo Central and added tiles you're ready to login!
Navigate to the URL link found on the Duo Central "Configuration & Policy" tab.
You'll be required to authenticate through your Duo Single Sign-On authentication source and complete Duo two-factor authentication.
Once you've successfully authenticated into Duo Central you can: