Contents
Learn about importing Duo users, groups, and administrators from your existing external directories into Duo.
Overview
Organizations with an existing on-premises Microsoft Active Directory domain or OpenLDAP directory, or a cloud-hosted Microsoft Entra ID directory (formerly known as Azure Active Directory) can import users, groups, and administrators into Duo with directory synchronization. Duo regularly updates information for imported users and administrators to reflect the latest user status and associated device information when available in the source directory. Deprovision synced accounts in Duo by disabling the external directory accounts or removing those users from the synced user or administrator groups.
Scheduled user synchronization of your full directory runs twice a day, and runs every 30 minutes for administrators. Run either type of full sync on-demand from the Duo Admin Panel. You can also run an individual user or administrator syncs on-demand from the Admin Panel or programmatically via Admin API.
Entra ID Synchronization
Duo imports users and administrators directly from Entra ID, without any additional on-premises software installation.
Learn more about Entra ID synchronization
Active Directory Synchronization
Duo imports users and administrators via LDAP from Active Directory domains. When configuring AD sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your domain controller.
Learn more about Active Directory synchronization.
OpenLDAP Synchronization
Duo imports users and administrators via LDAP from OpenLDAP directories. When configuring OpenLDAP sync, you'll need to install the Duo Authentication Proxy application on a server that can connect to your directory server.