Touch ID and Duo

Table of Contents

 

General Information

With Touch ID on macOS, you can have secure Duo login approvals resistant to phishing attacks combined with the one-touch convenience you're already used to with Duo Push.

 

Touch ID Requirements

Support for Touch ID authentication is limited to web applications that show Duo's inline browser prompt.

In order to use Touch ID with Duo, make sure you have the following:

 

You must use a normal Chrome browsing window for Touch ID enrollment or authentication. Duo can't use Touch ID in an Incognito window.

Additionally, your administrator must enable the use of Touch ID in Duo. Check with your organization's support team or help desk to verify that Touch ID is allowed if you are uncertain.

 

Video Overview of Touch ID and Duo

Learn how to enroll Touch ID in Duo and use it for authentication.

 

Enrolling Touch ID

You can enroll Touch ID during the initial self-enrollment process or, if you have already enrolled in Duo using a different device (like your mobile phone), you can add Touch ID as an additional authentication device from the device management portal.

If you have more than one MacBook with which you'd like to approve Duo login requests using Touch ID, you'll need to enroll each of them separately as a new Touch ID device in Duo.

 

Initial Enrollment with Touch ID

Access the Duo enrollment page via a link emailed by your administrator, or when you log in for the first time to a Duo protected resource. Select Touch ID from the list of devices and then click Continue.

 

Make sure that you're not blocking pop-up windows for the enrollment site before continuing with Touch ID.

 

When enrolling Touch ID, you'll be prompted to tap to enroll Touch ID. You may also be asked if you want to allow Duo to access information about Touch ID (click Allow if prompted).

The Touch ID enrollment window prompts you to tap the Touch ID button for approval.

 

Place your finger on the Touch ID button in the Touch Bar.

 

You'll see whether the Touch ID identification was successful or not.

 

Congratulations! You have enrolled Touch ID.

 

Adding Touch ID From the Duo Prompt

If you previously enrolled other devices in Duo, you can easily add Touch ID as an additional authenticator as long as your administrator has enabled Duo's self-service portal.

Navigate to your Duo-protected service and log in. At the Duo Prompt you'll see an Add a new device link on the left. Click it and approve the Duo login request using your already enrolled phone or other device.

 

Proceed with the Touch ID enrollment process as shown above in Initial Enrollment with Touch ID.

 

You've added Touch ID as an authentication device! It is listed with your other enrolled devices.

 

Authenticating with Touch ID

The next time you log on using Duo with Chrome, you can select Touch ID from the drop-down list of your authentication devices.

 

Once you select Touch ID from the list, click Use Touch ID. Touch your Mac's Touch ID sensor when prompted to log in to the application. If you aren't able to access the Touch ID sensor (such as when you close and dock your laptop), then you can choose to type in your Mac login password instead to verify.

Print Article

Related Articles (4)

Overview of Duo enrollment
Overview of Duo Mobile on iOS
Overview of Duo Recovery for iOS devices.
Introduction to two-factor authentication and Duo.