Empower your users with the ability to manage their authentication devices by enabling Duo's self-service portal for your applications.
Duo's self-service portal saves time for both administrators and end users by eliminating the need to contact IT staff for authentication device changes. Your users can add, edit, and remove authentication factors from the already familiar Duo Prompt page.
The self-service portal feature is part of the Duo Beyond, Duo Access, and Duo MFA plans.
The self-service portal is an available option for Duo web-based applications, VPN applications, and Microsoft applications that offer inline self-enrollment and authentication prompt, such as Juniper and Cisco SSL VPNs, WordPress, and Microsoft OWA.
Role required: Owner, Administrator, or Application Manager.
Duo's self-service portal is enabled on a per-application basis. To enable self-service for one of your applications:
Log into the Duo Admin Panel and click Applications in the left sidebar.
Click an application's name to open that application's properties page.
The self-service portal configuration option is present under "Settings" if the application supports the self-service portal feature. Check the Let users manage their devices box to enable self-service for that application.
Click the Save Changes button at the bottom of the application's properties page.
If you enable self-service for an application, consider disabling phone callback as an authentication method or applying some additional policy controls to the application, such as restricting User Location to your expected countries, or reducing your max credits per action telephony setting to only the credit amount needed for phone calls to your users' expected locations to avoid telephony misuse via the self-service portal.
With self-service enabled your users can enroll a new mobile phone, tablet, or landline. They can also rename an existing phone or tablet device, activate Duo Mobile, set a phone or tablet device as the default for Duo Push and phone call, or remove an existing device. Users may remove (but not add) hardware tokens from the device management portal as well.
After passing primary authentication, users see Add a New Device and My Settings & Devices links on the Duo two-factor authentication page. Duo authentication is required for access to the self-service pages.
Your end users can quickly add another authentication device with the Add a New Device utility, while clicking My Settings & Devices prompts the user to complete two-factor authentication, then shows the device management portal.