In the same way that SSO administrators can perform password resets and email address changes on the Status tab, they can also handle certain two factor security activities on behalf of an employee.
Two Factor Authentication Requirement
Employees that have an administrative role in one of the System Enterprise Applications will be required to use two factor authentication after logging in to SSO. If the role is removed, the employee’s two factor authentication status will be changed to ‘Optional Selected’ the next day.
If an employee without an administrative role is identified as one who must use two factor authentication due to some other business reason, an SSO administrator can turn on that security setting by checking the ‘Force this user to Two Factor Authentication’ box. Unchecking the box will immediately remove the requirement.
Managing an Employee’s Duo Account
Employees are able to manage their Duo account from the Profile tab in SSO. If the employee is unable to log into SSO, the SSO Administrator may be able to help the employee by making changes to the employee’s Duo account on the employee’s Status tab.
Unlock Account – This button appears next to the employee’s Duo account status when the Duo account is locked. Clicking this button will immediately unlock the employee’s Duo account.
Send Activation Text – This button will appear next to a smart phone that uses the Duo Mobile app. Clicking the button will send an automated text to the phone. The text will include a hyperlink, that when clicked, will reactivate the installed app on the phone.
Delete – Clicking this button will immediately delete the associated device from the employee’s Duo account. If the employee is required to use two factor authentication, Duo will prompt the employee to enroll a device at the next SSO logon.
Add Phone – Clicking this button will open a new window that allows an administrator to add a landline phone number to an employee’s Duo account.