Feature request: send UPN to DUO MFA

Hello,

Thank you for your request and sorry for the delay. The link with DUO is made using the username; you're right, but the username is usually the UPN. What type of authentication do you use? Do you use Active Directory, Microsoft Entra ID, Okta, Ping One, or Devolutions users?

Best regards,

Hello.

We use Entra ID for authentication, so I expect the username to be the UPN.

Best regards.
Marcel

Hello,

Thank you for your answer. It is probably an issue because the DVLS username will be the UPN and the full UPN should be used to match the DUO account. We will investigate and post back here once we have an update.

Best regards,

Hello.
Do you have any more feedback on this request ?
Thank you.
Marcel

Hello Marcel,

I'm sorry for the delay. Unfortunately, we haven't investigated that yet. As I mentioned before, we use the DVLS username, so if the username is the UPN, it should work. However, we need to investigate further if that is not the case. We should be able to give you an update next week.

Best regards,

Hello Marcel,
I’m with the Devolutions QA team and currently working on reproducing the issue you're experiencing. To assist us in our investigation, it would be very helpful if you could provide some additional information:

• How were the users created in DVLS? (e.g., imported manually or automatically created upon first login)
• Were the users migrated using the Authentication Migration feature?
• Does your Azure domain have a custom suffix?
• If possible, could you please provide a screen recording of the issue?

Your input will greatly help us in identifying and resolving the problem.
Thank you,
Best regards,
Sayed.

Hello Sayed.

• How were the users created in DVLS? (e.g., imported manually or automatically created upon first login)
  • Automatically created on first login.
• Were the users migrated using the Authentication Migration feature?
  • No.
• Does your Azure domain have a custom suffix?
  • our UPN suffix is @bnc.ch, if that's what you're meaning.
• If possible, could you please provide a screen recording of the issue?
  • I will have to check with my colleagues, I don't have access to DUO management.

Best regards.
Marcel

Hello Sayed.
We have a recording and a couple of screenshots, but I will not share them here, as they contain sensitive information.
Basically what we did is the following.

1. We removed the username alias (first.last) in DUO on my user. Users are defined with UPN in DUO.
2. I authenticated with Entra ID on Devolutions Server, and it requested me to setup my DUO, which I did.
3. We then checked in DUO, it created a new user with the username (first.last) not the UPN.

We can send the recording and screenshot to your support if you have a case number.
Best regards.
Marcel

Hello Marcel,

You can send us your recording securely here : https://devolutions.sharefile.com/filedrop

Please rename your file to refer to this forum topic so that we could retrieve it easily.

Best regards,

Hello Jeff.

I uploaded the files with filenames starting with "Feature request send UPN to DUO MFA 2025*"

Cheers.
Marcel

Hello Everyone!

After conducting an internal investigation, we identified the root cause of the issue.

Our development team discovered that the problem may be related to a specific setting in the DUO configuration for DVLS.
The root cause appears to be the normalization of the username set to "Simple" (Settings > Username Normalization). Setting the Username Normalization option to "None" should resolve the issue.

The client who initially reported the problem confirmed that applying this change successfully resolved the issue.

We’re sharing this information with the community in case others encounter a similar situation.

Have a nice day!

Best regards,