Skip navigation

Enabling Duo's Self-Service Portal

Last Updated: May 20th, 2021


Empower your users with the ability to manage their authentication devices by enabling Duo's self-service portal for your applications.


Duo's self-service portal saves time for both administrators and end users by eliminating the need to contact IT staff for authentication device changes. Your users can add, edit, and remove authentication factors from the already familiar Duo Prompt page.


Self-Service Portal Availability

The self-service portal feature is part of the Duo Beyond, Duo Access, and Duo MFA plans.

The self-service portal is an available option for Duo web-based applications, VPN applications, and Microsoft applications that offer inline self-enrollment and authentication prompt, such as Juniper and Cisco SSL VPNs, WordPress, and Microsoft OWA.

Enabling the Self-Service Portal

Role required: Owner, Administrator, or Application Manager.

Duo's self-service portal is enabled on a per-application basis. To enable self-service for one of your applications:

  1. Log into the Duo Admin Panel and click Applications in the left sidebar.

  2. Click an application's name to open that application's properties page.

  3. The self-service portal configuration option is present under "Settings" if the application supports the self-service portal feature. Check the Let users manage their devices box to enable self-service for that application.

    Enable SSP

    Click the Save Changes button at the bottom of the application's properties page.

If you enable self-service for an application, consider disabling phone callback as an authentication method or applying some additional policy controls to the application, such as restricting User Location to your expected countries, or reducing your max credits per action telephony setting to only the credit amount needed for phone calls to your users' expected locations to avoid telephony misuse via the self-service portal.

Experience for users

With self-service enabled your users can enroll a new mobile phone, tablet, or landline. They can also rename an existing phone or tablet device, activate Duo Mobile, set a phone or tablet device as the default for Duo Push and phone call, or remove an existing device. Users may remove (but not add) hardware tokens from the device management portal as well.

After passing primary authentication, users see Add a New Device and My Settings & Devices links on the Duo two-factor authentication page. Duo authentication is required for access to the self-service pages.

Device Management Authentication Prompt Page

Your end users can quickly add another authentication device with the Add a New Device utility, while clicking My Settings & Devices prompts the user to complete two-factor authentication, then shows the device management portal.

My Settings & Devices

For additional information about using the self-service portal, see Add a New Device and My Settings & Devices in the Duo user guide.


Need some help? Try searching our Knowledge Base articles or Community discussions. For further assistance, contact Support.