Troubleshooting Duo Issues

Common Issues


  • Operating Systems

    Available in: Duo Access and Duo Beyond

    The operating systems policy settings allow you to control which operating systems and versions are allowed to access your applications when protected by Duo's browser-based authentication prompt, while also encouraging users running older operating systems to update to the latest version.

    The default settings allow access, authentication, and enrollment from browsers on all Duo supported operating systems, mobile platforms, and versions with no warnings. You may block all versions of any of the OS platforms listed in the policy editor: Mac OS X (macOS), Windows, iOS, Android, Linux, Chrome OS, BlackBerry,and Windows Phone. Duo offers more granular blocking options for the Mac OS X, Windows, iOS, and Android operating systems, like blocking access below a certain version and warning the user that they need to update to an approved version instead of blocking access outright.

    Scroll down in the policy editor to see all OS options.

    Enable the "Warn users if their version is below ..." option to show a warning notification during authentication or enrollment from an out-of-date operating system. The user may disregard the warning and continue with authentication. For example, you may choose to warn users with Windows versions "below 8.1". A user accessing your application from a Windows 8 PC sees a warning at the bottom of the Duo prompt. Clicking "Let's update it" provides the user with information on how to update the operating system. Users can proceed past the warning by clicking "Skip".

    Enabling any operating system restrictions block users from completing authentication or new user enrollment from that disallowed OS (or OS version). To continue the previous example, choosing to block (instead of warn) users with Windows versions "below 8.1" prevents authentication or enrollment for any user trying to access your application from a Windows 8 computer. Users can't proceed past the out-of-date software notification.

    If you select "Block all versions" for "Windows" in the policy editor, then users accessing your application from any version of Windows are blocked.

    The Android and iOS mobile platforms can also be restricted to a minimum allowed version or blocked entirely. Blocking any version of a mobile OS platform, e.g. iOS or Android, not only restricts access to resources from browsers on those OS platforms or versions, but also prevents use of Duo Mobile to Duo Push requests or generate usable passcodes on devices running the restricted OS. If you were to block iOS versions "below 9.0" then any users with Apple devices running iOS 8.0 or lower can no longer use Duo Push or app generated passcodes. If a user has other additional activated devices running a different mobile platform, the functionality of the other devices is not affected.

    When a mobile device operating system or version is restricted users see a message in the browser-based Duo Prompt.

    Duo Mobile also notifies the user that the mobile platform or version is not allowed when attempting to approve the Duo Push request.

    Passcodes from a hardware token or received via SMS are allowed, as are phone call authentications, but entering a passcode generated by Duo Mobile on any device running the restricted platform results in an error stating that platform is not permitted.

    As an example scenario, if you select "Block all versions" for the "Windows Phone" platform then your iOS, Android, and BlackBerry users continue to receive and approve Duo Push requests, and can also authenticate with SMS passcodes, application passcodes, hardware tokens, or over the phone. Your Windows Phone users can only use SMS passcodes to authenticate, approve a login via phone call, or use a hardware token passcode. If you wanted to completely prevent any use of Windows Phone to approve authentications, you'd also need to disable the "Phone callback" and "SMS passcodes" options in the Authentication Methods policy setting. Keep in mind that disabling phone and SMS authentication affects authentication for all users, no matter what mobile OS they use.

  • I need to reactivate Duo Mobile
    If you get a new phone you'll need to re-activate Duo Mobile. Please contact the ITS Service Desk for a new activation link
  • I have stopped receiving push notifications on Duo Mobile.
    You may have trouble receiving push requests if there are network issues between your phone and our service. Many phones have trouble determining whether to use the WiFi or cellular data channel when checking for push requests, and simply turning the phone to airplane mode and back to normal operating mode again often resolves these sort of issues, if there is a reliable internet connection available. Similarly, the issue may be resolved by turning off the WiFi connection on your device and using the cellular data connection.

    Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync date and time automatically with the network.

    If neither of these suggestions work, please contact the ITS Service Desk for assistance.
  • I lost my phone
    Please contact the ITS Service Desk immediately if you lose your phone or suspect that it's been stolen.  They will disable it for authentication and help you log in using another phone or hardware token.

    While it's important that you contact your the ITS Service Desk if you lose your phone, remember that your password will still protect your account.
  • My hardware token stopped working
    Contact the ITS Service Desk if your token stops working or if you can't log in with the passcodes it generates.

    Your token can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. In some cases this can happen by accident if the token is stored next to other objects in a pocket, backpack, etc.