Duo Security Send Enrollment Email Again

Duo provides several enrollment methods to add together users to the system. Self-enrollment allows users to add themselves to Duo and walks them through setting upwards a device for ii-gene authentication. Larger organizations may prefer one of the automatic enrollment options, like synchronizing users from an external Microsoft directory. Administrators can create individual Duo users at any time (manual enrollment).

Overview

Users — and their phones, tablets, or hardware tokens — must exist enrolled into Duo before they tin can get-go using the organization. Enrolling may include the optional stride of activating the user for Duo Mobile, which allows your users to generate passcodes from the Duo Mobile app or apply one-tap authentication with Duo Push. In order to use Duo Button, users will demand to install the Duo Mobile app on their devices and so add their Duo account to the app. This process will only have the user a few minutes.

Important

Duo administrator accounts are only used to log on to the Admin Panel. They can't be used to access devices or applications using Duo ii-factor authentication. Be certain to likewise enroll your Duo admins every bit users if they demand to log on to Duo protected services.

Users (identified by their usernames) are shared betwixt applications, then a user only needs to consummate enrollment and activation in Duo in one case to gain access to multiple applications. User access tin can exist restricted to specific applications through permitted groups for individual applications.

An enrolled user is an end user who accesses Duo-protected services or applications, who exists in Duo as a user with an associated two-cistron authentication method. A partially-enrolled user is one who exists in Duo with a username but has no two-gene authentication methods. These users still need to consummate device enrollment and activation to fully use Duo.

There are three methods of user enrollment: automatic enrollment, self-enrollment, and manual enrollment. The automatic enrollment and self-enrollment methods save you the time and effort of manually adding your Duo users.

• Automatic enrollment: Admins tin add together a group of users and so send them activation links that the user follows to consummate their enrollment. Users are created in Duo immediately.
  • Active Directory sync: For customers who already rely on an Active Directory (Advertisement) domain. Larn how to apply Advertising sync.
  • OpenLDAP sync: For customers who use an OpenLDAP directory for authentication. Learn how to use OpenLDAP sync.
  • Azure AD sync: For customers using an Azure Active Directory (AAD) domain every bit their user identity store. Learn how to utilize Azure sync.
  • Import users: Admin can create detailed entries for each user with a elementary CSV file. Run across more information well-nigh importing users.
• Self-enrollment: Users add themselves to Duo through a browser interface and pace through the installation and configuration of Duo Mobile. Cocky-enrollment takes less than ii minutes for almost users.
  • Inline self-enrollment: Features an interactive setup process that is seamlessly integrated with the user's next login. Inline cocky-enrollment is available for applications featuring browser-based logins too as Duo Unix.
  • Bulk self-enrollment: Creates new users in Duo without any 2FA devices and sends an enrollment link to the users via e-mail in a single operation.
• Manual enrollment: Admins manually add individual users and send activation links.

Duo Beyond and Duo Access Program Users: Global Policy settings affect access to the enrollment portal used past bulk self-enrollment. Do non apply any global restrictions that could foreclose user enrollment. For example, if yous configure the User Location policy setting to deny access to a country, then the policy volition also block whatsoever of your users who effort to enroll in Duo from that country via a bulk enrollment link.

Automatic Enrollment

An alternative to self-enrollment is to apply Duo's automatic enrollment features to create users, associate them with devices, then generate a Duo Mobile activation link for each user. The automatic enrollment features are Directory Sync and Import Users.

Directory Sync

Role required: Possessor, Ambassador, or User Manager.

Since many big organizations already rely on an on-premises Active Directory (AD) server or OpenLDAP Directory, or a cloud-hosted Azure AD directory to manage their users, Duo offers tools to import users and groups from those identity stores into Duo, with the option of automatically sending an enrollment email to every user imported without an fastened phone who has a valid email address.

Come across the Active Directory Sync, OpenLDAP Sync, or Azure Advertizement Sync instructions.

Import Users

Role required: Owner, Administrator, or User Manager.

Duo provides an Import Users characteristic that tin import user information from a properly formatted CSV (comma-separated values) file. The import users feature differs from majority enrollment in that information technology allows the admin to supply additional user details (east.g., entries tin be created already populated with a phone number and device platform, grouping memberships, multiple devices, etc.). Also, users imported this mode can be managed from the Duo Admin Panel right abroad.

Although the import users function is primarily intended to add users, y'all tin as well use it to update information for existing users and to delete Duo users whose accounts are no longer needed.

Unlike bulk enrollment, the import users tool does not automatically ship enrollment emails to users. Follow the Activating Duo Mobile After Enrollment instructions beneath to send activation links to your imported users.

Self-Enrollment

Duo recommends allowing users to enroll themselves whenever possible, either using inline cocky-enrollment or bulk cocky-enrollment. In either example, users add together themselves to Duo by post-obit online instructions to install Duo Mobile on their mobile devices and add their accounts. Self-enrollment only takes two minutes and each user volition simply need to do it once.

See the Finish User Enrollment Guide for a complete walkthrough of cocky-enrollment.

Inline Cocky-Enrollment

Part required: Owner, Ambassador, or Application Manager.

Inline self-enrollment is available for most web-based applications: SSL VPNs, Outlook Spider web Admission, WordPress, etc., as well as Duo Unix applications (Duo Unix users are given an enrollment link that they tin can copy and paste into a web browser).

To ready up inline self-enrollment for an application:

1. Log into the Duo Admin Panel. Click Applications in the left sidebar, and then select the awarding whose enrollment policy you'd like to alter.

2. Select Require Enrollment. Unenrolled users volition now be prompted to enroll the next time they attempt to log in with their existing username and password.

   

Bulk Self-Enrollment

Role required: Owner, Ambassador, or User Managing director.

If your application blazon doesn't support inline self-enrollment (as is the case with OpenVPN, RDP and RDGateway, certain VPN clients, and some others), and so you lot can use the bulk cocky-enrollment tool to send enrollment links to your users via e-mail. If your organization uses email filtering, be sure to allow the sender no-reply@duosecurity.com.

1. Log into the Duo Admin Panel. Click Users in the left sidebar, and then click the Bulk Enroll Users submenu or click the Bulk Enroll Users link near the elevation of the page.

   

2. Blazon or paste in a CSV (comma-separated value) set of usernames and email addresses. The "Bulk Enroll Users" tool won't send a new enrollment email to an existing enrolled user.

   

3. You at present have a chance to review and customize the cocky-enrollment electronic mail message sent to your users. Cheque the box to salve this custom e-mail and subject line for futurity use. When satisfied with the e-mail message and subject line, click the Send Enrollment Links button at the bottom of the page.

   

   The sent message will accept a non-editable header added, informing the user it'south an automated bulletin sent by Duo and to contact their arrangement'south Duo admins or Information technology back up group with any questions.

4. Users receive custom links via email which will let them to complete self-enrollment. The enrollment link expires after thirty days.

   

   Users appear listed in the "Users" section of the Duo Admin Console as soon as you ship the enrollment link.

5. The Pending Enrollments table shows which users created by majority enrollment or directory sync take not yet completed enrolling their 2FA devices in Duo, along with the user'south email address and the expiration appointment for the current enrollment link.

If y'all need to send the user another re-create of the enrollment link email, click the Resend button, or click Resend All to send the email again to all users with outstanding enrollment links. Resending the email does not change the electric current enrollment link's expiration date and uses the aforementioned email accost that was used when the original enrollment was sent.

Click Delete to remove a pending enrollment. Deleting a pending enrollment immediately invalidates whatever unexpired enrollment link previously sent to that user. The user associated with the awaiting enrollment remains in Duo, so you lot can send them a new enrollment link via e-mail.

Manual Enrollment

Function required: Owner, Administrator, or User Manager.

Admins tin add individual users and phones from the Duo Admin Panel. To add a new user manually:

1. Log into the Duo Admin Panel.

2. From the Dashboard page you tin click the Add New... button in the top correct and then click User. Otherwise, click Users in the left sidebar, so click the + Add User push button or the Add together User submenu particular in the left sidebar.

3. Type in the username. A Duo username should match the user's main authentication username. Duo usernames are not instance-sensitive and are normalized to lowercase.

   

   Note

   To ease the integration of your systems and Duo, different application types allow for varying degrees of username normalization. Username normalization preferences are assault the properties page for each awarding.

4. One time the user is created you tin click the Send Enrollment Email link to send your new user a bulletin that contains a link they tin can use to add together a phone or other 2FA authentication device.

   

5. Optionally, you tin add a phone to the user at present. Scroll down on the new user'southward details folio to the "Phones" table and click Add together Phone.

6. Chose "Phone" or "Tablet," and type in the phone number (leave this field blank if adding a tablet). Click the Add Phone button.

   

7. Choose the appropriate phone "Type" and "Platform" from the drop-down menus and enter a "Device name" (this field can be left blank). If you know the device is a smartphone but aren't sure exactly what the platform is, cull "Generic Smartphone" and the bodily platform volition exist fix when the user completes Duo Mobile activation. Click the Save Changes push.

   

8. Click the Activate Duo Mobile link in the "Device Info" section. This link is merely available when you ready the phone type to "Mobile" and selected something other than "Unknown" as the platform.

   

   So on the side by side page click the Generate Duo Mobile Activation Code push button. By default, activation codes will expire after 24 hours. You can change the activation code expiration by inbound a different value.

   

9. If the device you're activating is a phone (with a phone number), you'll come across two text messages that y'all tin send. The starting time has a link that helps the user install Duo Mobile. The second bulletin has a code that the user tin can use to immediately add the account to their Duo Mobile app. Click the Send Instructions by SMS push button to ship the text letters to the user'south phone. These instructions tin also be copied and pasted into an email to the user, if that's preferable.

   

   If the device is an iPad or Android tablet (and does not accept a phone number), yous'll exist able to email the activation link to the user. If the Duo user has an email accost gear up so that address volition be automatically present in the Email Address field. Yous tin can change this destination electronic mail address if you lot need to, or enter it if the Duo user has no electronic mail address saved. You may also choose whether to include your arrangement'due south logo in the bulletin, or alter the subject or content before clicking Send Instructions by Email.

   

Ship Enrollment Emails to Existing Users

Role required: Owner, Administrator, User Manager, or Assist Desk-bound (when permitted in the "Assist Desk" global setting).

When a user already exists in Duo with an email address present in the user's details, simply has yet to register whatsoever two-cistron hallmark devices, you can transport an enrollment email to the user from the Admin Panel. If an enrollment email was already sent to the user by any method (manually by a Duo admin, automatically as part of directory sync, etc.) but the user did not receive it or deleted it without enrolling, yous tin resend the email.

1. Log into the Duo Admin Console.

2. Search for the user using the search bar at the pinnacle of the page, or click Users in the left sidebar and locate the user to which you want to send or resend an enrollment email. Click through to the user's details folio.

3. Click the Ship Enrollment Electronic mail or Resend Enrollment Email link at the top-right of the user'due south details folio. Note that if the user has no valid email address present in the "Email" field, y'all'll receive an error. Update the email information for the user (clicking Save when washed) and try sending the enrollment e-mail once again.

Activating Duo Mobile After Enrollment

Role required: Owner, Administrator, or User Director.

Yous tin easily send Duo Mobile activation texts or emails to users created via automatic and manual enrollment methods from the Duo Admin Console. If your system uses e-post filtering, be sure to allow the sender no-reply@duosecurity.com.

1. Log into the Duo Admin Panel. Click Users in the left sidebar.

2. You'll see a notification bar at the top of the page indicating that some users who accept an attached smartphone or tablet device have not yet activated Duo Mobile.

   

   Note: A user's device must be assigned the type "Mobile" with a known device platform (i.eastward., any platform other than "Unknown") before that user can be sent an activation link. Users without a known platform associated with their device cannot be sent activation links. If you know that a user has a smartphone, but don't know which kind it is, choose Generic Smartphone every bit the device platform.

3. Click on Click here to ship them activation links in the notification bar to send activation links to your remaining unactivated users. You lot have the pick of sending the activation links to users by either SMS or email. When you cull Email and then the Duo users with e-mail addresses who are non activated and who take a smartphone device attached are shown. If yous cull SMS, all unactivated users with attached smartphones are shown.

   

   Select which users will receive activation links past checking the box adjacent to their usernames. To select all users, check the box adjacent to the "Username" column header.

   After selecting the desired users, you lot tin can customize the message they will receive. When finished selecting users and customizing the email, click the Ship Email to Selected Users button.

   Annotation: Users who have recently been sent activation links from the Duo Admin Panel cannot exist sent a new link until the existing links expire (by default, 24 hours afterward sending).

   

   The sent message will have a non-editable header added, informing the user information technology's an automated message sent by Duo and to contact their system's Duo admins or IT support group with whatever questions.

4. The selected users receive an SMS or electronic mail message with an activation link and QR code. Once a user opens the link on their device, or scans the QR lawmaking with the Duo Mobile app, the Duo account is added and the user is fully activated.

   

APIs

Advanced customers can use Duo's Admin API to programmatically create users and devices, associate users to devices, and generate Duo Mobile activation links.

Troubleshooting

Need some assist? Try searching our Knowledge Base articles or Community discussions. For further help, contact Back up.

All Duo customers have access to Level Upwards, our online learning platform offering courses on a variety of Duo administration topics. To admission Level Upward content, sign in with the same email address you utilize to sign in to the Duo Admin Panel.

Level Upwardly course: Enrollment Methods & Strategies

robbinsshisho89.blogspot.com

Source: https://duo.com/docs/enrolling-users

Share this post