How many people are you talking? For me, I only have 50 users, so I started with an email to everyone explaining the new requirement. Duo app HAS to be on PC for block to work. Once all users are in there is also a "block unenrolled users" option if you have compliance requirements. First rollout to 2500 users took 45 days.ĭuo has an AD sync if your company allows it so you can add the users in AD Groups and add the groups to Duo web portal and sync them - once synced they will get prompted - there is also a bypass feature if you are running into troubles or remove the users from the group(s) and resync. once half the plant was done then the entire plant. Managers generally preferred blocks of users (25 the first day, 50 the second, 100 the third etc.
Then one final email with more specific instructions on how to use Duo with Yubi and how to enroll phones and out it went. Duo has their own key that's instant apparently. Hopefully there is a more dynamic option these days if OTP is needed. Yubi can be the time consuming part - we had to go with the OTP option (after compatibility tests showed it was the only viable option) and with OTP each Yubi has to be "programmed" to work with Duo. then we had short specific meetings with managers and cell leaders in the plant and got them using Duo first.
Just like rburch said communication is the key - our method was to send out "Multifactor is Coming" emails to users in one plant at a time (~5000 users over 30 plants). We are a med sized company running Duo - both YubiKey and Company cell phone are used.
0 kommentar(er)
