Duo Central is a cloud-hosted portal that your users can visit to get access to all of your organization's applications and links.
Duo Central, part of Duo Single Sign-On, is a cloud-hosted portal that your users can visit to get access to all of your organization's applications and links.
Before you start using Duo Central make sure to meet all the requirements described below:
Role required: Owner, Administrator, or Application Manager
Log in to the Duo Admin Panel, click Single Sign-On in the navigation bar on the left, and then click Duo Central.
Review the information on the "Duo Central" page. Once you're ready, click Get Started. You'll be taken to a new page.
The Duo Central Configuration & Policy tab allows you to configure a help link, custom URL, custom policies and more.
On the Duo Central Configuration & Policy tab the Duo Central name field controls the name shown to your users during a Duo Push to log into Duo Central and the name they see in their browser tab.
The URL is the website address users will visit to log into Duo Central. If you do not already have a custom subdomain set, you can click Create your custom subdomain to do so.
The Get Help link field allows you to enter a support URL from your organization that your users will be able to access from the Duo Central page to get support.
The Self-Service Portal lets users add, update, and remove authentication devices from the Duo prompt. See the self-service portal documentation.
To enable this feature for Duo Central, check the Show "My Settings and Devices" link in Duo 2FA prompt.
You can restrict active Duo user access to Duo Central by checking the box Only allow authentication from users in certain groups next to "Permitted Groups". Learn more about permitted groups.
Note that when this setting is configured it only applies at the login to Duo Central, not to visibility of tiles once logged in to Duo Central. It also only affects users who exist in Duo with "Active" status. This does not affect application access for existing users with "Bypass" status or users who do not exist in Duo when the effective New User Policy for the application is set to allow access to unenrolled users.
Under "Policy" you can create and assign application and group policies to Duo Central that control device security, allowed authenticators, and more. Learn more about policies.
Once you've made all the changes, click Save Settings. You'll be redirected to the Tiles tab.
At the top of the Duo Central configuration page you can:
The new Universal Prompt provides a simplified and accessible Duo login experience for web-based applications, offering a redesigned visual interface with security and usability enhancements.
|Universal Prompt||Traditional Prompt|
We've already updated the Duo Central application hosted in Duo's service to support the Universal Prompt, so there's no action required on your part to update the application itself. You can activate the Universal Prompt experience for users of new and existing Duo Central applications from the Duo Admin Panel.
Before you activate the Universal Prompt for your application, it's a good idea to read the Universal Prompt Update Guide for more information about the update process and the new login experience for users.
Activation of the Universal Prompt is a per-application change. Activating it for one application does not change the login experience for your other Duo applications.
The "Universal Prompt" area of the application details page shows that this application is "New Prompt Ready", with these activation control options:
Enable the Universal Prompt experience by selecting Show new Universal Prompt, and then scrolling to the bottom of the page to click Save.
Once you activate the Universal Prompt, the application's Universal Prompt status shows "Update Complete" here and on the Universal Prompt Update Progress report.
Should you ever want to roll back to the traditional prompt, you can return to this setting and change it back to Show traditional prompt.
Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications in-scope for Universal Prompt support. You can also activate the new prompt experience for multiple supported applications from the report page instead of visiting the individual details pages for each application.
There are two different types of tiles you can add to Duo Central:
On the Duo Central "Tiles" tab click Add tile. A pop-up will appear.
In the "What do you want to add to Duo Central?" pop-up click Add application tile. You'll be taken to a new page.
On the "Add Application Tiles" page you can select any of your existing Duo-protected applications to be added to Duo Central. Upon checking the box next to the application if the application does not have a checkmark in the "SSO" column you'll need to provide the Login URL of this application.
Once you've selected all your Duo applications you'd like to add as tiles click Add tiles. You'll be returned to the Duo Central "Tiles" tab.
On the Duo Central "Tiles" tab click Add tile. A pop-up will appear.
In the "What do you want to add to Duo Central?" pop-up click Add bookmark tile. You'll be taken to a new page.
On the "Add Bookmark Tile" page type in the name of the tile into the Display Name. You should see the name automatically updated in the "Tile preview".
Type the URL you'd like the tile to link to into the URL field. Please note that URLs must start with http:// or https://.
Under "Tile Preview" you can click Add custom logo to upload a custom image to your tile. The tile preview will automatically update to reflect the new image. If you'd like to remove the image click Delete custom logo.
Next to "Permitted Groups" you can use Duo groups to control which users see a bookmark. By default all users will can see a bookmark but you can restrict this by click Display only to permitted groups and then choosing which groups should be able to see the bookmark.
Once you've made all your changes, click Save at the top of the screen. You'll be returned to the Duo Central "Tiles" tab.
On the Duo Central "Tiles" tab find the tile you'd like to edit and click Edit under the "Actions" column. You'll be taken to a new page.
Depending on type of tile, you'll be able to edit different properties.
SSO Application tiles will let you edit the name and custom logo. Changing the name will also update the application's name as well. To change the permitted groups you'll need to visit the application's configuration page.
Non-SSO Application tiles will allow you to edit the name, login URL, and custom logo. Changing the name will also update the application's name as well. To change the permitted groups you'll need to visit the application's configuration page.
Bookmark tiles will allow you to edit the name, URL, logo, and permitted groups.
Once you've made all your edits to a tile click Save at the top of the page. You'll be returned to the Duo Central "Tiles" tab.
On the Duo Central "Tiles" tab find the tile you'd like to edit and click Delete under the "Actions" column.
A pop-up will appear asking you to confirm the tile deletion. Deleting an application tile does not delete the Duo-protected application. Click Yes, remove tile from Duo Central.
The tile will be deleted and you'll be returned to the Duo Central "Tiles" tab.
Once you've configured Duo Central and added tiles you're ready to login!
Navigate to the URL link found on the Duo Central "Configuration & Policy" tab.
You'll be required to authenticate through your Duo Single Sign-On authentication source and complete Duo two-factor authentication.
Once you've successfully authenticated into Duo Central you can: