Customer who subscribed to Windows OS cloud instance will received Duo Security email with their own unique Duo Security link for Two Factor Authentication registration
Enter Name and Password, follow by Phone number
Confirm Your Identity, click on Text Me or Call Me to receive Passcode
Go to Add User, Enter Windows admin username
Status select Active
Go to Phones, clickon Add Phone
Enter Customer Admin or Approver Phone number (supported add multiple Phone)
Once add, go to Device Info click on Activate Duo Mobile
Activate Duo Mobile, click on Generate Duo Mobile Activation Code
Click Send Instructions by SMS
Once Send, Device Info is now Activated, customer will now received SMS Instructions
Before activate on the Phone, go to Play Store or Apple Store download Duo Mobile
Go to SMS Instructions generate by Duo Security portal, click on the link
After click on the link, it will automatically launch Duo Mobile apps and add PASSCODES to Customer phone. (Similar like google authentication)
Next, go to Applications, select Microsoft RDP, Click on Protect this Application
Each application have it own API, Integration & Secret Key
Login to customer server via CONSOLE mode or RDP to customer Cloud Instance via floating IP (External or Public IP)
Go to customer server web browser and download Duo Security agent: https://dl.duosecurity.com/duo-win-login-latest.exe
After download, install the Duo Security agent, Enter API hostname, refer to above screenshoot or go to Applications options on Duo Security
Enter Integration & Secret Key, refer to Applications options on Duo Security, Click Next
Customer can configure the integration below
| Integration | |
| Bypass Duo authentication when offline | This options allow Windows login when Duo Security services is offline |
| Use auto push to authentication if available | Send Duo Push to mobile app for validation |
| Only prompt for Duo authentication when logging in via RDP | Leave this option unchecked to require Duo two-factor authentication for local logon (CONSOLE Mode) and RDP session, If enabled, local logon (CONSOLE Mode) do not require 2FA approval |
| Enable Smart card support | Select this option to permit use of the Windows smart card login provider as an alternative to Duo authentication |
Click Next to finish the installation, then re-login to RDP session
Once login, Duo Security now prompt to request approval
Next, Customer phone Duo Mobile apps will prompt for respond
Customer Admin or Approver can now APPROVE or DENY the RDP session request
Once Customer Admin Approver APPROVE the RDP request, requestor can now RDP login to the server via RDP
