Search User

Search for a user in Duo Security Admin.

Unless otherwise indicated, field types are text.

Required fields are indicated by a red asterisk.

Input

  • User

    • Username: user's primary Duo username

Output

  • User

    • User ID: unique identifier of the newly created user

    • Username: user's primary Duo username

    • First Name: user’s first name

    • Last Name: user’s last name

    • Full Name: user's full name

    • Email: user's email address

    • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases

    • Created: date timestamp when user account was created

    • Groups:

      • Name: group's name

      • ID: group's ID

      • Description: group's description

      • Status: group's authentication status; one of active, bypass, or disabled.

      • Mobile OTP Enabled?: if true, users in the group will be able to authenticate with a passcode generated by Duo Mobile; if false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note: This setting has no effect if Duo Mobile passcodes are disabled globally.

      • Push Enabled?: if true, users in the group will be able to use Duo Push to authenticate; if false, users in the group will not be able to use Duo Push to authenticate. Note: This setting has no effect if Duo Push is disabled globally.

      • SMS Enabled?: if true, users in the group will be able to use SMS passcodes to authenticate; if false, users in the group will not be able to use SMS passcodes to authenticate. Note: This setting has no effect if SMS passcodes are disabled globally.

      • Voice Enabled?: if true, users in the group will be able to authenticate with a voice callback; if false, users in the group will not be able to authenticate with a voice callback. Note: This setting has no effect if voice callback is disabled globally.

    • Is Enrolled?: true if the user has a phone, hardware token, U2F token, or security key available for authentication; otherwise, false.

    • Last Directory Sync: timestamp of the last update to the user via directory sync, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo.

    • Last Login: last time this user logged in, as a UNIX timestamp, or null if the user has not logged in

    • Status: user's status:

      • active: user must complete secondary authentication

      • bypass: user will bypass secondary authentication after completing primary authentication

      • disabled: user will not be able to log in

      • locked out: user has been automatically locked out due to excessive authentication attempts

      • pending deletion: user was marked for deletion by a Duo admin from the Admin Panel, by the system for inactivity, or by directory sync; if not restored within seven days, the user is permanently deleted.

    • Phones:

      • Activated?: indicates whether a phone has been activated for Duo Mobile; either true or false.

      • Capabilities: list of factors that can be used with the device:

        • push: device is activated for Duo Push

        • phone: device can receive phone calls

        • sms: device can receive batches of SMS passcodes

        • mobile_otp: device can generate passcodes with Duo Mobile

      • Encrypted: encryption status of an Android or iOS device file system; one of Encrypted, Unencrypted, or Unknown; blank for other platforms.

      • Extension: phone extension

      • Fingerprint: indicates whether an Android or iOS phone is configured for biometric verification; one of Configured, Disabled, or Unknown; blank for other platforms.

      • Last Seen: timestamp of the last contact between Duo's service and the activated Duo Mobile app installed on the phone; blank if the device has never activated Duo Mobile or if the platform does not support it.

      • Model: phone's model

      • Name: phone's label

      • Number: phone number

      • Phone ID: phone's ID

      • Platform: phone platform; one of unknown, google android, apple ios, windows phone 7, rim blackberry, java j2me, palm webos, symbian os, windows mobile, or generic smartphone.

      • Postdelay: time (in seconds) to wait after the extension is dialed and before the speaking the prompt

      • Predelay: time (in seconds) to wait after the number picks up and before dialing the extension

      • Screenlock: indicates whether screen lock is enabled on an Android or iOS phone; one of Locked, Unlocked, or Unknown; blank for other platforms.

      • SMS Passcode Sent?: indicates whether SMS passcodes have been sent to the phone; either true or false.

      • Tampered: indicates whether an iOS or Android device is jailbroken or rooted; one of Not Tampered, Tampered, or Unknown; blank for other platforms.

      • Type: type of phone; one of unknown, mobile, or landline.

    • Tokens:

      • Token ID: hardware token's unique identifier

      • Type: type of hardware token

      • Serial: serial number of the hardware token, used to uniquely identify the hardware token when paired with type

      • TOTP Step: null for all supported token types

    • U2F Tokens:

      • Date Added: date the U2F token was registered in Duo

      • Registration ID: U2F token's registration identifier

    • WebAuthn Credentials:

      • Credential Name: label for the WebAuthn credential

      • Date Added: date the WebAuthn credential was registered in Duo

      • Label: indicates the type of WebAuthn credential; either Security Key or Touch ID.

      • WebAuthn Key: WebAuthn credential's registration identifier