Has your organization enabled the new Universal Prompt experience? See the Universal Prompt guide for more information and instructions. Duo Push in Universal Prompt

Use Apple Touch ID with the Traditional Duo Prompt

With Touch ID on macOS, you can have secure Duo login approvals resistant to phishing attacks combined with the one-touch convenience you're already used to with Duo Push.

Touch ID Requirements

Support for Touch ID authentication is limited to web applications that show Duo's inline browser prompt.

In order to use Touch ID with Duo, make sure you have the following:

You must use a normal Chrome browsing window for Touch ID enrollment or authentication. Duo can't use Touch ID in an Incognito window.

Additionally, your administrator must enable the use of Touch ID in Duo. Check with your organization's support team or help desk to verify that Touch ID is allowed if you are uncertain.

Video Overview of Touch ID and Duo

Learn how to enroll Touch ID in Duo and use it for authentication.

Duo Touch ID Video

Enrolling Touch ID

You can enroll Touch ID during the initial self-enrollment process or, if you have already enrolled in Duo using a different device (like your mobile phone), you can add Touch ID as an additional authentication device from the device management portal.

If you have more than one MacBook with which you'd like to approve Duo login requests using Touch ID, you'll need to enroll each of them separately as a new Touch ID device in Duo.

Initial Enrollment with Touch ID

Access the Duo enrollment page via a link emailed by your administrator, or when you log in for the first time to a Duo protected resource. Select Touch ID from the list of devices and then click Continue.

Select Touch ID Enrollment

Make sure that you're not blocking pop-up windows for the enrollment site before continuing with Touch ID.

Touch ID Enrollment

When enrolling Touch ID, you'll be prompted to tap to enroll Touch ID. You may also be asked if you want to allow Duo to access information about Touch ID (click Allow if prompted).

The Touch ID enrollment window prompts you to tap the Touch ID button for approval.

Touch ID Prompt

Place your finger on the Touch ID button in the Touch Bar.

Touch ID in MacBook Touch Bar

You'll see whether the Touch ID identification was successful or not.

Touch ID Enrollment Success

Congratulations! You have enrolled Touch ID.

Touch ID Added

Adding Touch ID From the Duo Prompt

If you previously enrolled other devices in Duo, you can easily add Touch ID as an additional authenticator as long as your administrator has enabled Duo's self-service portal.

Navigate to your Duo-protected service and log in. At the Duo Prompt you'll see an Add a new device link on the left. Click it and approve the Duo login request using your already enrolled phone or other device.

Add a New Device Link

Proceed with the Touch ID enrollment process as shown above in Initial Enrollment with Touch ID.

Touch ID Selection in Duo Prompt

You've added Touch ID as an authentication device! It is listed with your other enrolled devices.

Touch ID Added

Authenticating with Touch ID

The next time you log on using Duo with Chrome, you can select Touch ID from the drop-down list of your authentication devices.

Touch ID Selection in Duo Prompt

Once you select Touch ID from the list, click Use Touch ID.

Begin Touch ID Authentication

Touch your Mac's Touch ID sensor when prompted to log in to the application. If you aren't able to access the Touch ID sensor (such as when you close and dock your laptop), then you can choose to type in your Mac login password instead to verify.