2025-01-20, 02:42 PM
Getting automatically locked out? Well I was too.
After a little bit of research I found that it was the Risk-based policy assessment from duo that automatically denied access after too many failed attempts(in my case 2).
Due to my jellyfin and ldap being on my truenas scale server I can't access a browser to authenticate with a more secure method(which is required to remove the "Risk Detected" stamp).
If anyone else gets stuck with DUO Risk-based Policy Assessment locking your accounts login due to a failed attempt or too many logins in too short a time(like I was) and need a small guide, here it is:
Go to -> "https://duo.com/"
Admin Login (top right) -> *Login to your admin account*
You should now be on the "Home" page on your duo admin interface.
From the left column go to -> "Applications" -> "Applications"
You should see your defined application listed -> "Click on your applications name"
Go to the header called "Application Policy".
Click on -> "Apply a policy to all users"
Click on -> "Create a new policy"
On the top left of the new tab that opened, give your policy a name, I will name mine "Risk-based factor selection".
Under the "Authenticators" header in the left column, click on -> "Risk-based factor selection"
Uncheck the "Limit available authentication methods based on risk" button.
Click on -> "Create Policy"
And you are finished! Now you should be able to authenticate with your application once again like normal. Worth to be noted is that this also disables one security step that DUO typically enforces(This will make it less secure).
But that should not matter due to authentication still being needed from both LDAP and DUO to access your application.
Best Regards,
J.
After a little bit of research I found that it was the Risk-based policy assessment from duo that automatically denied access after too many failed attempts(in my case 2).
Due to my jellyfin and ldap being on my truenas scale server I can't access a browser to authenticate with a more secure method(which is required to remove the "Risk Detected" stamp).
If anyone else gets stuck with DUO Risk-based Policy Assessment locking your accounts login due to a failed attempt or too many logins in too short a time(like I was) and need a small guide, here it is:
Go to -> "https://duo.com/"
Admin Login (top right) -> *Login to your admin account*
You should now be on the "Home" page on your duo admin interface.
From the left column go to -> "Applications" -> "Applications"
You should see your defined application listed -> "Click on your applications name"
Go to the header called "Application Policy".
Click on -> "Apply a policy to all users"
Click on -> "Create a new policy"
On the top left of the new tab that opened, give your policy a name, I will name mine "Risk-based factor selection".
Under the "Authenticators" header in the left column, click on -> "Risk-based factor selection"
Uncheck the "Limit available authentication methods based on risk" button.
Click on -> "Create Policy"
And you are finished! Now you should be able to authenticate with your application once again like normal. Worth to be noted is that this also disables one security step that DUO typically enforces(This will make it less secure).
But that should not matter due to authentication still being needed from both LDAP and DUO to access your application.
Best Regards,
J.