DUO Two Factor Authentication for Windows Remote Desktop

Why DUO?

  • Two factor authentication for Windows Remote Desktop ensures that unwanted guests stay out
    of the system.

First Steps

  • Email security@caltech.edu to request an integration key, secret key, and API hostname to set up Duo on your 
    Windows system.

  • Security will either send a GPG encrypted file with this information, or a password protected .zip file where the password will be relayed over the phone to ensure it won't be seen.

  • Download the Duo installer here.

    Warning: The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!

Run The Installer

  • Run the Duo Authentication for Windows Logon installer with administrative privileges.

  • When prompted, enter your API Hostname from the Duo Admin Panel and click Next. The installer verifies that your Windows system has connectivity to the Duo service before proceeding.‚Äč


  • Enter your integration key and secret key from the Duo Admin Panel and click Next again.


  • Ensure that Bypass Duo authentication when offline (FailOpen) and Use auto push to authenticate if available are checked off .    


  • Click next to ensure the process worked. The following screen should show up after you sign out and sign in again
  • Duo Push: Send a request to your smartphone. You can use Duo Push if you've installed and activated Duo Mobile on your device.

  • Call Me: Perform phone callback authentication.

  • Passcode: Log in using a passcode generated with Duo Mobile, received via SMS, generated by your hardware token, or provided by an administrator. To have a new batch of SMS passcodes sent to you click the Send me new codes button. You can then authenticate with one of the newly-delivered passcodes.