Overview

To enhance the security of Georgia Tech’s data and applications proactively, the single sign-on (SSO) system has been enhanced to leverage Duo’s device health check, trust verification and reporting capabilities to require that secure devices be used for important logins to critical systems. Therefore, GT faculty and staff who have high levels of access to critical applications need their devices to meet the following requirements before accessing them:

  • Duo Desktop installed & running (on computers)
  • Duo Mobile installed (on mobile devices)
  • Patched, BYOD okay
  • Patched & Institute-Managed

What is Duo Desktop?

Duo Desktop is a lightweight application installed on your desktop or laptop. It acts as a security agent, performing essential health checks every time you log into an SSO application. For high security logins to critical GT applications, Duo Desktop grants access only when your workstation meets the security requirements. This proactively helps mitigate potential vulnerabilities and prevent unauthorized access.

Here’s how Duo Desktop works:

  • It assesses your workstation’s security posture by checking the status of operating system patches, system password, disk encryption and firewall.
  • It verifies if your device is owned and managed by Georgia Tech and if so, considers it a trusted device.
  • It reports your device’s GT-ownership and health statuses to Duo which can then be compared to the policies we define.
  • Your logins are not restricted due to your device status at this time.
  • For high security logins to critical GT applications:
    • Duo Desktop starts warning you when missing security patches are more than one month old.
    • If patches are still missing after three months, it starts blocking logins until you update.
    • Duo Desktop verifies GT-managed computers and blocks logins if you’re not using a GT-managed computer.
    • Duo Mobile verifies GT-managed mobile devices and blocks logins if you’re not using a GT-managed mobile device.
  • Duo Desktop can be used as a phishing-proof, phoneless two-factor authentication method. For more information, see How to use Duo Desktop for Two-factor Authentication.
  • It can help make verified push easier and faster. For more information, see Verified Duo Push using Bluetooth Autofill.
Duo Desktop on Windows
Duo Desktop on Mac

Duo Desktop Requirements

Supported operating systems include:

  • macOS 12 and later
  • macOS virtual machines
  • Windows 10 build 1803 and later
  • Windows 11
  • Windows Server 2016 and later
  • Windows virtual machines

Duo Desktop does not support earlier versions of Windows desktop or Server (like Windows 7, Windows 8.1, or Windows Server 2012) or macOS beta versions.

How to install Duo Desktop?

  • Mac users can install the Duo Desktop app through Self Service on Jamf-managed computers.
  • Windows users can install the Duo Desktop app through Software Center on SCCM-managed computers or through Company Portal on Intune-managed computers. Contact your CSR if you’re unable to find the Duo Desktop app. The CSRs can locate the Duo Desktop app in the “PatchMyPC” folder in SCCM and create a deployment to make it available in Software Center for the users they support.
  • Duo Desktop can also be downloaded from the following Duo links and installed on your computer.

Known Issues & Resolutions

If you see the message “Install Duo Desktop” in the Duo prompt, it means you don’t have Duo Desktop installed or it is not running.

Install Duo Desktop
  • Install Duo Desktop if you don’t have it:
    • Tap the button “Download Duo Desktop” within the Duo prompt to initiate the download of the Duo Desktop installer.
    • Once the installer is downloaded, locate it in your downloads folder (it is a .msi file on Windows or a .pkg file on macOS).
    • Run the installer and follow the on-screen instructions.
  • Alternatively, install Duo Desktop through the options listed above.
  • Open Duo Desktop if you have it but it is not running:
    • Tap the link “Open the app” within the Duo prompt.
    • Or launch Duo Desktop from the Windows Start menu or the Apple menu.

If you see the message “Action required” in the Duo prompt, it means you need to take action to ensure your device is healthy and complies with GT security requirements.

Open Duo Desktop
  • To fix this issue:
    • Tap the button “Open Duo Desktop” within the Duo prompt.
    • Follow the instructions.

When you see the messages “Action Required” and “Windows is not up to date” in your Duo Desktop, it means you’re missing security updates.

Windows is not up to date
  • Install the latest security update available.

If you see the message “Update Windows” in the Duo prompt, it means you need to install security updates. Georgia Tech grants you a grace period of 30 days to update, after which you’ll start seeing this warning at every login until you update.

Update Windows
  • Tap the button “See how to update” within the Duo prompt and go ahead with installing the security update.
  • If you’d like to update later, you can tap “Skip for now” and continue to log in.

If you see the message “Update Windows” with a specific number of days in the Duo prompt, it means you need to install security updates within the specified number of days. Georgia Tech grants you a maximum grace period of 90 days to update, after which you won’t be able to log into the application you’re trying to access until you update.

Update Windows within specific number of days
  • Tap the button “See how to update” within the Duo prompt and proceed with installing the security update.
  • If you’d like to update later, you can tap the link “Skip for now” and continue to log in.
  • Remember, if you don’t update by the specified number of days, you won’t be able to log in until you update.

When you tap the button “See how to update” in the Duo prompt, Duo Desktop will show you the steps to install the security updates.

How to install Windows security updates
  • Follow the instructions to install the security updates.
    • Tap Start  > Settings >  Windows Update  > Check for updates. 
    • If any updates are available, tap Download & install. Your device will download and install the updates.
    • Restart your computer when asked to complete the installation process. 

If you tap the link “Why do I need to update my operating system” in Duo Desktop, it will show your OS version and the required OS version and explain why you need to update.

Why to update and which version
  • Install the required security updates through one of the options below.

If you see the message “Device not allowed” in the Duo prompt, it means that the device you’re on is not GT-managed, so you can’t use it to log into the app you’re trying to access.

Device not allowed to log in
  • Use a GT-managed device to log in.

If you see the message “Duo Mobile required” on your mobile device, it means you don’t have Duo Mobile app installed or if you have it, it can’t be recognized in an incognito/private browsing window.

  • Use a standard browsing window to log in.

If you see the message “Install Duo Desktop” on an Android tablet, it means Duo considers it a Linux desktop instead of a mobile device. This happens when the browser chooses to load the desktop version of a site on a tablet.

Install Duo Desktop on Linux
  • Select “Mobile Site” in the browser settings on your Android tablet to load the mobile version of the site you’re trying access. It will find and use Duo Mobile for device verification and authentication.

Need Help?

For technical assistance, contact the Administrative Services Center (ASC) Technology Support at 404-385-1111 or via email at support@oit.gatech.edu