- SSH ENABLE DUO ON MAC INSTALL
- SSH ENABLE DUO ON MAC ZIP FILE
- SSH ENABLE DUO ON MAC UPDATE
- SSH ENABLE DUO ON MAC UPGRADE
- SSH ENABLE DUO ON MAC FULL
Specify true to allow user logon without completing two-factor authentication if the Duo Security cloud service is unreachable or false to prevent user logon when Duo is unreachable. Provide the API hostname from the macOS application page in the Duo Admin Panel. Provide the secret key from the macOS application page in the Duo Admin Panel. Provide the integration key from the macOS application page in the Duo Admin Panel. Supply the following information when prompted by the script: Enter ikey
SSH ENABLE DUO ON MAC FULL
pkg file, specify the full path to MacLogon-NotConfigured-1.1.0.pkg when running the script./configure_maclogon.sh /path/to/MacLogon-NotConfigured-1.1.0.pkg If the configuration script is in a different directory than the Duo MacLogon. Click save when done.Ĭhange to the extracted MacLogon directory and run the configuration script. On the "Date & Time" tab, check the box next to "Set date and time automatically" and pick a time server for your region from the drop-down list. Open "System Preferences" and then click "Date & Time". You can set your Mac to obtain the correct time automatically. pkg package files.Įnsure your Mac system's time is correct.
SSH ENABLE DUO ON MAC ZIP FILE
This zip file contains the configuration script for the Duo installer package (configure_maclogon.sh) and the Duo plugin installer and uninstaller.
SSH ENABLE DUO ON MAC UPDATE
When you are ready to start requiring 2FA for macOS logins, update the policy applied to this application to deny access to unenrolled users as recommended.ĭownload and uncompress the Duo macOS plugin installer package and scripts zip archive. This only prompts users enrolled in Duo for 2FA approval, and lets users not yet enrolled in Duo log on to the system without seeing the Duo prompt. If you're not ready to enforce Duo authentication for all users of this system yet, configure the New User Policy for your macOS application to "Allow Access". We recommend setting the New User Policy for your macOS application to Deny Access, as no unenrolled user may complete Duo enrollment via this application. Don't share it with unauthorized individuals or email it to anyone under any circumstances!
Secure it as you would any sensitive credential. The security of your Duo application is tied to the security of your secret key (skey). See Protecting Applications for more information about protecting applications in Duo and additional application options. You'll need this information to complete your setup. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. Log in to the Duo Admin Panel and navigate to Applications.Ĭlick Protect an Application and locate the entry for macOS in the applications list. Read the enrollment documentation to learn more.
We recommend using bulk enrollment or directory sync to send your users unique self-enrollment links via email. If the user logging in to macOS after the Duo plugin is installed does not exist in Duo, the user may not be able to log in. You can obtain a list of your Mac's local users with this Terminal command: dscl.
The username should match your macOS logon name. Your users must be enrolled in Duo before logging in, and their Duo usernames must match the macOS username.Īdd your first user to Duo, either manually or using bulk enrollment. Enroll a Userĭuo's macOS authorization plugin doesn't support inline self-service enrollment. Installing Duo for macOS without first verifying that any other installed auth plugins support Swift 5 may prevent user logins.
OS upgrades directly from 10.12 Sierra to 10.13 High Sierra or between macOS 10 versions beyond 10.13 do not experience this issue.įor additional client security, we recommend setting a firmware password to prevent disabling Duo authentication via recovery mode.īefore installing Duo for macOS, ensure any other login mechanisms present on your Mac client support Swift 5. After these updates you can either restore Duo using the script or reinstall the Duo application. This is also seen when upgrading from 10.11 El Capitan to 10.12 Sierra or 10.11 El Capitan to 10.13 High Sierra. There is no need to also run the restore script after installing Duo 1.1.0.
SSH ENABLE DUO ON MAC INSTALL
You must download and install Duo Mac Logon 1.1.0, which is the first release with macOS 11 support.
SSH ENABLE DUO ON MAC UPGRADE
If you upgrade to macos 11 before installing Duo Mac Logon 1.1.0, then your currently installed Duo 2FA application becomes inactive. You can restore Duo after updating your operating system with the restore_after_upgrade.py script included in the Duo for macOS 1.1.0 zip file. Upgrading from macOS 10.x to macOS 11.0 disables Duo's Mac Logon package.
0 kommentar(er)
