Duo Offline Enrollment Jun 2026

When the user attempts to log into their laptop and the device detects it is offline (or the user specifically requests offline authentication), the Duo prompt changes. It displays a challenge prompt asking for a code.

If valid, access is granted. This is effectively TOTP (RFC 6238) but with the critical difference that the server (gateway) is not Duo’s cloud—it’s your on-prem device. duo offline enrollment

If you decide to enable Duo Offline Enrollment, follow these rules: When the user attempts to log into their