# How to setup DUO 2FA on RDP ### Video Guide / How-To Video {% embed url="" %} ### Signup for Duo Signup for Duo Trial: [**here**](https://duo.com/) ### Setup Your Application Click on the **Protect an Application** button in the top left ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jD0wY3Z8lesQv2NvC%2F-M3jDE9xRtPQ7M19fVTk%2FStep1.PNG?alt=media\&token=1f8dd75e-0d8b-43ff-be71-c2cadecf67f8) Search up "RDP" and you'll be able to see Microsoft RDP. This can be used for: Clients: * Windows 8.1 * Windows 10 (as of v1.1.8) Servers (GUI and core installs): * Windows Server 2012 * Windows Server 2012 R2 * Windows Server 2016 (as of v2.1.0) * Windows Server 2019 (as of v4.0.0) ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jD0wY3Z8lesQv2NvC%2F-M3jDFxaZKdJ67CIyZqO%2FStep2.PNG?alt=media\&token=557f1b83-1758-446f-b2db-a8a07cbf1b77) We highly suggest you leave everything as default unless you know what you're doing. \ Don't forget to click save when it shows. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jIn5xFRb-zbY028xC%2F-M3jIxGVkYa80KAYOW_z%2FStep3.PNG?alt=media\&token=6167d6b2-988a-49c0-81e9-dcdefe4ce3af) ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jD0wY3Z8lesQv2NvC%2F-M3jDK8E4LvUh63BuJ-Q%2FStep4.PNG?alt=media\&token=409f333e-2ea3-454d-b9fe-4e89fbdd6ee6) ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jD0wY3Z8lesQv2NvC%2F-M3jDMFA0tK3krC4RKEP%2FStep5.PNG?alt=media\&token=819abe9b-6a31-486a-8cba-cd00b913f882) ### Adding a User to Duo Default username should be "Administrator"\ You will also be able to set Administrator as an alias under different account names. \ In our case, we use zestyadmin but for ALL zesty clients, you should be using Administrator. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jD0wY3Z8lesQv2NvC%2F-M3jDNlrh03lo5tTMtWz%2FStep6.PNG?alt=media\&token=825e2df5-64d8-4be5-86d5-69ce305d81e7) ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jE9fZee7lof10IhV8%2FStep7.PNG?alt=media\&token=82c9b5fd-c1e7-4211-bd08-a4fc39fad418) ### Add a Phone Download the Duo Mobile app onto your phone. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jEFo3LsKHmR84aOlV%2FStep11.PNG?alt=media\&token=869a4126-bbe3-413f-9e21-a02c528c0cd6) Back to your browser. Under the same user page, you will be able to add a phone using the "Add Phone" button. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jGT6c9_pQHV487aNG%2FStep12331.PNG?alt=media\&token=8f2776f0-d372-4d31-adef-6a50d5fa10c9) You will now click on the **Activate Duo Mobile** text (in blue) under the "Device Info" section. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jH00j_bgcdEtGtfKX%2FStep8.PNG?alt=media\&token=ba04b5c7-1bc0-41e5-afd3-97ac4e91ef93) Generate the Duo Mobile Activation Code. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jH2tjBfiaEwq5nk-q%2FStep9.PNG?alt=media\&token=0e1d7a0a-d1e6-4f7a-b801-b40be759295f) Send the link to your mobile device by SMS. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jH5ZKtD8f_Y2T8IGS%2FStep10.PNG?alt=media\&token=c52f5249-4b76-4c0e-97a9-89dec058a60b) You will then click on the link and and it will open the Duo Mobile app and add your Application & User. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jEIVxfqtDaSKSrU4Q%2FStep12.PNG?alt=media\&token=e3f1c60a-88f7-45a6-b651-7baa180aaf28) ### Installing Duo onto your Server Download and install the Duo Authentication for Windows Logon installer package onto your **server**. \ You can download that [**here**](https://dl.duosecurity.com/duo-win-login-latest.exe). Back to your application home screen, you will see the integration key, secret key and API hostname. Enter in your API hostname (Copy & Paste if you can). ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jEKIy4-KUSRFsHE4c%2FStep13.PNG?alt=media\&token=d0ee1a10-3a1c-441a-9b54-9104206475a5) Enter in the Integration Key and Secret Key (Copy & Paste if you can). ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jELq9-DVK2GnTmnar%2FStep14.PNG?alt=media\&token=92938b55-1092-4f72-8248-99f8660624e1) Select "Only prompt for Duo authentication when logging in via RDP"\ Make sure this is ticked. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jENzsgCYqhb4TCpjh%2FStep15.PNG?alt=media\&token=2b3fd078-b5f3-4aa6-9d34-3f2b137b44dd) Don't enable smart card unless you actually have one and know how to configure it. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jEPPbxWyPCg1EzWm0%2FStep16.PNG?alt=media\&token=628076e6-9636-49e4-83bc-55b8e55c6c09) You may now logout and then login to the server and see if it prompts on your phone. ![](https://2601418115-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LvlDvQUegKTYko95Z1l%2F-M3jE7loukB4uNWG5pec%2F-M3jEfc5svJ3sDKOxsQD%2FStep17.PNG?alt=media\&token=d0c7be4c-eb15-4805-acf4-4ad0cee1b704) Done!