If a user is unable to log into their applications due to misplacing their Duo authentication device, they may use one of a set of emergency bypass codes to authenticate.
Version
Emergency Bypass codes are available from version 7.4.0.
Setup Bypass Codes for End Users
Administrators can set Duo Bypass Code Configuration options to allow end users to generate their own set of emergency bypass codes. Options include:
Enable Bypass Code
End users may generate their own set of bypass codes when enabled.
Allow Custom Bypass Codes
End users may enter their own nine digit bypass codes when checkbox is selected. If not selected then end users may only generate a random set of codes.
Number of Bypass Codes
Determines the number of bypass codes that an end user may generate. When Allow Custom Bypass Codes is selected this will also determine the maximum number of custom codes that the end user may create.
Duration of Bypass Codes
The number of days that the generated bypass codes will be valid for authentication.
*note: Leaving this field blank will prevent bypass codes from expiring. They can still be removed when the number of times the code has been used exceeds the reuse count.
Reuse Count of Bypass Code
The number of times that each code may be used for authentication before they are considered invalid.
*note: Leaving this field blank will allow users to use the bypass code an infinite amount of times. They can still be removed when the bypass code has exceeded the duration configured.
**note: If both duration and reuse count of the bypass code is left blank then the code will never expire and can be used an infinite amount of times.
Generating Bypass Codes
If authorized, end users may generate their own bypass codes by navigating to the My Profile ► Manage Security sub tab, and then clicking on the Generate Random Codes button. A new set of bypass codes can always be generated by the user in case the codes are forgotten, lost, or used.
*Note: Actual codes are only visible on creation. User should store the codes immediately after creation for future use. Returning to the Manage Security tab after generating codes will only display the number of valid usages or expiration date of each code as the Duo Server only provides the bypass code values upon generation.
If Allow Custom Bypass Codes is selected then the end user may also create their own bypass codes.
*Note: Creating custom codes will clear the existing codes.
Bypass codes may be printed after successful generation. Clicking on the print bypass codes button will generate the following popup window with a list of available emergency codes.
Version
Printing bypass codes is available from version 7.5.0.
Bypass Code Authentication
Every authentication method has a passcode option which will allow the user to authenticate if a bypass code is entered instead of the given passcode. Once a bypass code is used the number of times configured for reuse it becomes invalid.
