Using Duo with Touch ID (macOS)

Tags macos duo ios

Table of Contents

Context

You can enroll in using Touch ID during the initial self-enrollment process, or if you have already enrolled in Duo using a different device (like your mobile phone), you can add Touch ID as an additional authentication device from the device management portal.

If you have more than one MacBook with which you would like to approve Duo login requests using Touch ID, you will need to enroll each of them separately as a new Touch ID device in Duo.  

Note: To use Touch ID to sign in with Duo, you will need to have iCloud Keychain enabled on your device.

UT Dallas does not provide security keys.

Touch ID and Duo

With Touch ID on MacOS, you can have secure Duo login approvals resistant to phishing attacks combined with the one-touch convenience you are already used to with Duo Push. In order to use Touch ID with Duo, make sure you have the following:

  • A MacBook Pro or MacBook Air with a Touch ID button and iCloud Keychain.
  • A fingerprint enrolled in Touch ID (see how to do this at the Apple Support site).
  • The Universal Prompt supports Chrome (Desktop and Mobile), Firefox, Safari (Desktop and Mobile), Edge, and Internet Explorer.
  • If your browser or client is not compatible, Duo will show you the traditional prompt experience instead.

Adding a Device for Touch ID

  • In your web browser, navigate to a resource that is protected by Duo- Office.com or Box.
  • On the Duo authentication page, select Other Options, and then Manage Devices.
    • Please authenticate before continuing.
Note: Make sure that you are not blocking pop-up windows for the enrollment site before continuing.

Duo authentication screen for adding a new device
Manage devices option in menu

  • Select TouchID as your device and continue.

Screen for selecting the type of device - 1. Mobile phone, 2.Tablet, 3.Landline, 4.Security Key, 5. Touch Id

  • You will be prompted to "Use Touch ID to sign in?"

Touch ID verification screen with thumb imprint

  • You may also be asked through Duo Mobile if you recently added a device (Touch ID) to your account. 
    • Verify that this was you by clicking Yes, this was me.

Window asking permission for the site to see the security key with buttons to either block or allow it

  • You have now enrolled your Touch ID, click Continue to return to your Duo Devices page.

My Settings and devices window under the Duo Authentication Menu. On successful enrollment of Touch ID, the scfreen shows Touch Id under Two-Factor Authentication and a green button to use Touch Id

  • After authenticating, your Touch ID should appear along with your mobile device (if you have one registered). 
    • Click Back to Login to access your desired website.

Authenticating with Touch ID

  • The next time you log on using Duo, you can select Touch ID from the drop-down list of your authentication devices.
  • Click on Use Touch ID and touch the Touch ID button when prompted.
Note: Although you can set up Touch ID within Chrome, when cache and cookies have been cleared in the Chrome browser, it will also forget the Touch ID Passkey. We recommend using an iCloud Keychain when setting up Duo Touch ID.

Details

Article ID: 345
Created
Mon 11/22/21 12:51 PM
Modified
Wed 3/13/24 8:19 AM