VM requiring robot to have MFA with Duo Auth from Mobile

Has anyone come up with a workaround when an environment is requiring MFA from a mobile device with Duo Authenticator for the robot to access?

1 Like

Sort of… but not one that I’ve been comfortable implementing in real life. But I did make a working prototype/Proof-of-concept.

In my case, I saw there were multiple options on the Duo auth page and one was “don’t have access to my device.” Try clicking that and see what your security team put into place to allow you to connect. In our case there were security questions that only I should know. I was able to enter that as a “password” asset and then feed the replies to the form and get around the mobile app requirement.

I’ve proceeded no further with this other than to note that it is technically possible, but your results will entirely depend on whether or not your company’s implementation includes such workaround tools and whether the workaround path includes automatable steps.

Explore, test and find out! Good luck to you because I know it’s frustrating from a developer perspective. We have to encounter such prompts far more than an average user and it can be quite irritating even when we know such tools are an important and necessary part of modern computing.