.

But what happens when your users are on an airplane, working from a secure facility with no external internet access, or stuck in a basement with a dead cellular signal?

While the feature is powerful, it requires careful administrative oversight:

The process relies on the OATH (Initiative for Open Authentication) standard, specifically Time-based One-Time Passwords (TOTP).

For offline access to work, the user must first have an active internet connection. The user logs into the Duo enrollment portal and selects the option to activate offline access. During this step, Duo provisions a secret key to the Duo Mobile app on the user’s smartphone. This "pairs" the phone with the user’s account specifically for offline generation.

Because the secret is stored on the user's phone, the security of the smartphone becomes paramount. If a user's phone is compromised or stolen, the attacker has a viable method to generate codes. Users should secure their Duo Mobile app with biometric locks (FaceID/TouchID) within the app settings.

: Once verified, you will see a "Success" message. You are now prepared for offline scenarios. Usage and Management Duo MFA for Windows Logon - Duo User Guide

My Cart
Wishlist
Recently Viewed
Categories
In order to provide you a personalized shopping experience, our site uses cookies. By continuing to use this site, you are agreeing to our cookie policy. Accept