Duo Mobile on Android
|Duo Mobile version 4 was released on October 11, 2021.
Duo Mobile version 3 information remains available for users on older Android versions who can't upgrade to the latest Duo Mobile release.
View the Duo Mobile v3 Android Guide
The Duo Mobile application makes it easy to authenticate — just tap “Approve” on the login request sent to your Android device. You can also quickly generate login passcodes, even without an internet connection or cell service.
If you need assistance installing or using Duo Mobile, please contact your organization's IT Help Desk or Duo administrator.
- Changes to Duo Mobile
- Install Duo Mobile
- Activate Duo Mobile for the First Time
- Duo Push
- Add More Accounts to Duo Mobile
- Security Checkup
- Third-Party Accounts
- Edit Accounts
- Backup & Restore
- Duo Mobile Appearance
Changes to Duo Mobile
We've redesigned Duo Mobile to give you an updated login experience. Learn more about what's new to Duo Mobile version 4 in this video walkthrough:
Install Duo Mobile
Find the latest version of Duo Mobile in Google Play.
Supported Platforms: The current version of Duo Mobile supports Android 8 and greater.
Duo does not provide official support for non-standard custom Android distributions like OnePlus, LineageOS, or ColorOS, nor is Duo Mobile supported for use on ChromeOS.
To see which version of Duo Mobile is installed on your device, go to the Android Settings menu, tap Apps, then scroll down and tap Duo Mobile. The "App Info" screen shows the version.
Activate Duo Mobile for the First Time
When you enroll in Duo for the first time and choose to add an Android device or use Duo Push, you're shown a barcode to scan with the Duo Mobile app to complete activation.
Launch Duo Mobile and tap Set up account.
To proceed with adding your initial Duo account to Duo Mobile, tap Use a QR code.
Use your camera to scan the barcode shown by Duo Enrollment in your browser. If you're prompted to allow Duo Mobile permission to take pictures and record video, please grant it.
Give the new account a name to complete adding it to Duo Mobile.
It's a good idea to take a few minutes to practice approving and denying Duo authentication requests if you haven't used Duo before. Tap Practice now to go through some training screens like this one. If you feel comfortable using Duo Mobile to log in to applications you can tap Skip.
You'll see your newly-added Duo account in the accounts list. Now you're able to respond to Duo Push authentication requests, or generate passcodes to log in to applications.
If you choose to authenticate with Duo Push, you'll get a login request sent to your phone — just press Approve to authenticate.
If you get a login request that you weren't expecting, press Deny to reject the request. You’ll be asked if this was a suspicious login. If you aren't trying to log into an application or service protected by Duo and don't recognize the request, tap Yes to notify your organization's Duo administrator. If you made a mistake but the login isn't suspicious, tap No to deny the request without reporting it.
Duo Push and Notifications
When the Duo Push notification shows up on your screen, tap where indicated to view the available actions: Approve or Deny.
Tap Approve in the notification to finish logging in to the Duo-protected application.
Tapping on the push request notification itself (instead of tapping the notification actions) takes you to the full Duo Push screen in Duo Mobile.
Duo Mobile also supports fingerprint verification for Duo Push-based logins as an additional layer of security to verify your user identity. If you're using a device with fingerprint reader you'll need to scan your finger each time you authenticate via Duo Mobile (if required by your administrator).
If you're not able to scan your fingerprint using the sensor you can also approve the Duo authentication request using the device's passcode (the same one you use on the Android lock screen).
Tap an account to get a one-time passcode for login. This works anywhere, even in places where you don't have an internet connection or can't get cell service.
If the account is for a Duo-protected service or application (meaning you enrolled this device into Duo and activated the app for Duo Push), then the passcode shown is valid until used. Tap Refresh Passcode to generate a new Duo passcode.
If the account is a third-party OTP account (meaning you logged into another service like Gmail and added this device as an authenticator app), then you'll see a 30 second countdown indicator underneath the passcode. If you don't use that passcode before it expires then the account refreshes with a new passcode and the countdown begins again.
If you need to use the passcode shown in Duo Mobile in another mobile app tap Copy and paste it into the other app.
Add More Accounts to Duo Mobile
To add additional accounts to Duo mobile, tap Add in the upper right of your accounts list to go to the account type selector.
If the new account you want to add shows you a QR code to scan with an authenticator app, tap Use QR code from the Add account list. Scan the barcode with your camera to add the account to Duo Mobile.
You can also choose the type of account you want to add from the list, and then choose to add that account by scanning a QR code or by entering an activation code you receive from that application. Learn more about adding third-party accounts to Duo Mobile
Duo Mobile's Security Checkup verifies device settings against Duo's recommended security settings, and lets you know if any of your device's settings don't match.
This Android device has up-to-date software and all of Duo's recommended security settings configured:
This Android device is a few Android versions behind the latest:
Tap on any detected issue to learn more about that particular setting and how you can update your device with the recommended configuration.
Tap the menu and go to Security Checkup in Duo Mobile to view your device's security status at any time.
Duo Mobile supports passcode generation for logging in to third-party TOTP accounts, like Google and Dropbox. Learn more »
To make changes to an account in your accounts list, tap the account to expand it, and then tap the three dots in the upper-right corner of the account card to bring up the account options.
Tap Move to reorder your accounts list (shown when you have more than one account in Duo Mobile). Use the up or down arrows shown to the left of each account's name (or tap and hold the icon on the right side of the account card) to change an account's position in the list. Tap Done when you've finished reordering your accounts.
Tap Rename to change the name of an account. Enter a new name for the account and then tap Save to apply the new name.
Remove an account by tapping Delete. When you delete an account you can no longer use it to log in, and it's also removed from your Duo Mobile backup so you can't restore it later. If you're sure you want to remove this account, tap Delete on the confirmation message. Tap Cancel if you don't want to delete the account.
Backup & Restore
If your administrator enabled Duo Mobile's backup and restore functionality and you previously backed up your Duo-protected accounts from the app to Google Drive you can restore your accounts to Duo Mobile on a new Android device via the guided recovery process. You can also perform third-party account recovery if you previously opted-in to third-party account restore. Start the account recovery process by tapping I have existing accounts on the Duo Mobile welcome screen.
Duo Mobile Appearance
The accounts list in Duo Mobile adapts to you. If you rotate your device into a landscape view, your Duo Mobile accounts list rotates as well.
The individual accounts shown in the list change appearance as well, showing the full account information when you just have a few accounts, and switching to a minimized account view when you have many accounts to minimize scrolling in the app.
Duo Mobile's dark theme depends on your Android system settings. There is no in-app toggle to enable dark theme. If your device has the system-wide dark setting enabled, Duo Mobile automatically switches to dark theme.
You can enable dark theme on Android in a few different ways:
- Go to Settings → Display → Theme and select Dark Theme.
- Pull down the Android settings from the notification tray and tap Dark Theme.
See the Common Issues guide for additional troubleshooting tips, or visit the Duo Knowledge Base. If you aren't able to resolve your Duo Mobile issue, contact your organization's Duo administrator or Help Desk.
If you are logging in to a Duo-protected application, but you aren't receiving an expected Duo Push authentication request, try closing Duo Mobile and reopening it. Duo Mobile checks for pending push requests whenever it's opened. If this doesn't fix it, see the Duo Knowledge Base for additional Android troubleshooting steps.
Mobile device encryption helps keep the data on your device secure.
Duo considers your device encrypted when you enable password, PIN, or pattern authentication at startup. Without this setting, your device encryption is less secure, and you might not be able to access Duo-protected services or applications.
To enable encryption on your Android Device:
- Navigate to Settings → Security → Screen Lock.
- Enable password, PIN, or pattern to be required upon device startup.
- If you have a Samsung Device, you will additionally need to enable "Secure startup" or "Strong Protection" from your device's settings and require a PIN at device startup.
- Close and reopen Duo Mobile.
If you still experience issues with the Disk Encryption error displaying in Duo Mobile, even after completing the steps above, try to disable this setting and then re-enable it again. This can happen because some Android device manufacturers will set a default password to encrypt the phone. Although your phone might say it’s encrypted, technically it isn’t fully encrypted until you set your own PIN/password/pattern at startup via your phone’s settings. Encrypting with your own password is the most secure option.
Additional items to note:
- On Samsung devices, "Secure startup" or "Strong Protection" will automatically turn off any time you enable an accessibility permission.
- Some newer devices (such as the Google Pixel) on Android 7.0 and higher support file-based encryption and can be considered encrypted by Duo without a PIN at startup.