Situation: If DUO push or other authentication method don’t work because your users have a old phone, you may have an option to use Append Mode. Here is how.
Append Mode
Applications and devices that don’t support the inline Duo Prompt or a secondary passcode field can use append mode. You’ll enter both your password and an authentication method into the password field.
How to Use Append Mode
Enter your password and the authentication method you want to use, separated with a comma. It will look something like this:password,authentication_method
In place of authentication_method:
| Type… | To… |
|---|---|
| password,passcode | Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator. Examples: mypass123,123456 or mypass123,1456789 |
| password,push | Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS or Android device). Just review the request and tap “Approve” to log in. |
| password,phone | Authenticate via phone callback. |
| password,sms | Get a new batch of SMS passcodes. Your login attempt will fail — log in again with one of your new passcodes. |
The SMS usage is tricky. The VPN client asks you for a username and password.
You then enter your AD username as the username.
For the password however you enter your AD password followed by the word “sms” such as below.
Pa55w0rd,sms
This will trigger an sms to be sent to the user containing a passcode and this authentication will fail.
The user must then authenticate again this time appending the SMS 7 digit passocde they received after their password as below:
Pa55w0rd,1234567
Where 1234567 is the passcode they received by SMS. This authentication should work and they should then connect.
It is normal when using append mode for the first authentication using “password,sms” to fail.
This is because the word ‘sms’ is not a valid authentication code.
You will then need to re-authenticate using the code you receive by sms.
eg. “password,123456”
Call back is simple and straightforward.
Note: please make sure SMS and Call are enabled in your global policy.
