DUO - 2 Step Authentication - Mobile on iPhone
This article is to provide instruction on using your iPhone to 2-Step Authenticate.
Duo Mobile on iPhone
The Duo Mobile application makes it easy to authenticate — just tap “Approve” on the login request sent to your iPhone. You can also quickly generate login passcodes, even without an internet connection or cell service.
Find the latest version of Duo Mobile in the App Store.
Supported Platforms: The current version of Duo Mobile supports iOS 10.0 and greater. Support for older Duo Mobile versions on iOS 9.0 ended April 1, 2018.
To see which version of Duo Mobile is installed on your device, go to the iOS Settings menu, then scroll down and tap Duo Mobile. The "System Info" section shows the app version.
Duo Push is the easiest and quickest way of authenticating. You'll get a login request sent to your phone — just press Approve to authenticate.
If you get a login request that you weren't expecting, press Deny to reject the request. You’ll be given the ability to report it as fraudulent, or you can tap It was a mistake to deny the request without reporting it.
You can approve Duo authentication requests with Face ID on your iPhone X with Duo Mobile 3.19 and later. If your Duo admin requires biometric verification when approving Duo requests you'll see the Face ID icon in the Duo Push request.
The first time you receive a Duo Push request on your iPhone X that requires biometric verification, you'll be prompted to grant Face ID permission to the Duo Mobile app. Tap OK to proceed.
Scan your face in the same manner that you use to unlock your iPhone X to approve the Duo login request.
If your first try isn't successful, tap Try Face ID Again to scan your face again.
If you're not able approve the login request with Face ID you can tap Cancel and approve the Duo authentication request using the device's passcode.
Duo Mobile 3.7 and later for iOS also supports Touch ID for Duo Push-based logins as an additional layer of security to verify user identity. If you're using a Touch ID capable iOS device you'll see a Touch ID prompt each time you authenticate via Duo Mobile (if required by your administrator).
If you're not able to scan your fingerprint using the TouchID sensor you can also approve the Duo authentication request using the device's passcode by tapping Cancel.
Duo Push and Notifications
You can respond to Duo Push requests from the iOS lock screen or banner notification starting with Duo Mobile version 3.8. The actions presented to you wen you respond to the notification depend on your organization's Duo policy settings, such as whether or not you can approve the login request without PIN or biometric verification.
On Apple devices that support 3D Touch, performing a firm longpress on the Duo Mobile notification from the lock screen reveals the "Approve" or "Deny" actions. Tap an action and supply your passcode or biometric verification (face or fingerprint) to complete the action.
On devices that do not feature 3D Touch, swipe left on the lock screen Duo Mobile notification to reveal additional actions.
Swipe down on the Duo Mobile banner notification received when your screen is unlocked to reveal additional actions.
See our Apple Watch guide.
Tap the down indicator to get a one-time passcode for login. This works anywhere, even in places where you don't have an internet connection or can't get cell service.
If the account is a Duo native account (meaning you enrolled this device into Duo and activated the app for Duo Push), then the passcode shown is valid until used. Tap the arrows to generate a new Duo passcode.
If the account is a third-party OTP account (meaning you logged into another service like Gmail and added this device as an authenticator app), then you'll see a 30 second countdown indicator on the right. If you don't use that passcode before it expires then a new passcode is generated and the countdown begins again.
When entering the passcode from Duo Mobile don't type in the space! If you need to use the passcode from Duo Mobile in another mobile app simply tap the passcode to copy the currently shown code and paste it into the other app.
Adding Accounts to Duo Mobile
During the setup process you'll see a barcode to scan (it looks like this).
Tap "Add Account" (or the plus button in the upper right). Scan the barcode to add the account to Duo Mobile.
Duo Mobile's Security Checkup verifies device settings against Duo's recommended security settings, and lets you know if any of your device's settings don't match.
This iOS device has up-to-date software and all of Duo's recommended security settings configured:
This iOS device doesn't have the latest OS update installed:
Tap on any detected issue to learn more about that particular setting and how you can update your device with the recommended configuration.
Tap the menu and go to Settings > Security Checkup in Duo Mobile to view your device's security status at any time.
Duo Mobile supports third-party TOTP accounts, like Google and Dropbox. Learn more »
Delete an account by tapping the Edit button in the upper left. Then tap the delete icon, tap "Delete", and confirm the deletion.
Pull to Refresh
Check for authentication requests by pulling the account list down. Duo Mobile automatically checks for authentication requests, but if you think you have missed a request, then tap the list of accounts and pull down to refresh.
Backup & Restore
Your Duo Mobile account information is backed up automatically when you enable iCloud Backup on your phone, and can be restored only on the same device. This iCloud backup can't be used as is to migrate your Duo accounts to a new phone. See Apple's guide to enabling iCloud backup for more information.
If your administrator enabled Duo Mobile's backup and restore functionality and you previously backed up your Duo Mobile accounts from the app to iCloud you can restore your accounts to Duo Mobile on a new iOS device via the guided recovery process. See the full Duo Restore guide here.