Duo Service: Specify format of username sent to Duo service

Specifies the username format to be sent to Duo. Configuration values are:

sAMAccountName (e.g. "narroway")
NTLM domain and username (e.g. "ACME\narroway")
userPrincipalName (e.g. "[email protected]")

Default: sAMAccountName.

Supported on: At least Windows Server 2003 operating systems or Windows XP Professional

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Duo Security\DuoCredProv
Value NameUsernameFormatForService
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Use this format for usernames sent to the Duo service:


  1. Send the sAMAccountName only, removing any domain specifier (e.g. "narroway")
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Duo Security\DuoCredProv
    Value NameUsernameFormatForService
    Value TypeREG_DWORD
    Value0
  2. Send the NTLM domain and username (e.g. "ACME\narroway")
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Duo Security\DuoCredProv
    Value NameUsernameFormatForService
    Value TypeREG_DWORD
    Value1
  3. Use userPrincipalName (e.g. "[email protected]")
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Duo Security\DuoCredProv
    Value NameUsernameFormatForService
    Value TypeREG_DWORD
    Value2


duowindowslogon.admx

Administrative Templates (Computers)