Any MS Windows apps any key using XXX-XXXXX format serial key or number
Any MS Windows apps any key using XXX-XXXXX format serial key or number
Duo Admin API
Feedback
Was this page helpful? Let us know how we can make it better.
The Duo Admin API provides programmatic access to the administrative functionality of Duo Security's two-factor authentication platform.
Overview
The Admin API lets developers integrate with Duo Security’s platform at a low level. The API has methods for creating, retrieving, updating, and deleting the core objects in Duo’s system: users, phones, hardware tokens, admins, and integrations.
In addition, developers can write applications that programmatically read their Duo account’s authentication logs, administrator logs, and telephony logs; read or update account settings; and retrieve reports and other information.
Review the API Details to see how to construct your first API request.
About the Admin API
This API is automatically available to paying Duo Beyond, Duo Access, and Duo MFA plan customers. New customers with an Access or Beyond trial may Contact Duo Support to request Admin API access.
Documented properties will not be removed within a stable version of the API. Once a given API endpoint is documented to return a given property, a property with that name will always appear (although certain properties may only appear under certain conditions, like if the customer is using a specific edition).
Properties that enumerate choices may gain new values at any time, e.g. the device value could return new device platforms that did not previously exist. Duo will update our API documentation with new values in a timely fashion.
New, undocumented properties may also appear at any time. For instance, Duo may make available a beta feature involving extra information returned by an API endpoint. Until the property is documented here its format may change or it may even be entirely removed from our API.
We have started implementing v2 handlers for endpoints. In these cases, the API v1 handler remains supported, but will be limited or deprecated in the future. We encourage use of the v2 endpoints where available and recommend migrating existing API implementations to the v2 handlers.
Please note that all Unix timestamps are in seconds.
First Steps
Role required: Owner
Note that only administrators with the Owner role can create or modify an Admin API application in the Duo Admin Panel.
- Sign up for a Duo account.
- Log in to the Duo Admin Panel and navigate to Applications.
- Click Protect an Application and locate the entry for Admin API in the applications list. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. You'll need this information to complete your setup. See Protecting Applications for more information about protecting applications in Duo and additional application options.
- Determine what permissions you want to grant to this Admin API application:
Permission Details Grant administrators The Admin API application can read information about, create, update, and delete Duo administrators and administrative units. Grant read information The Admin API application can read information about the Duo customer account's utilization. Grant applications The Admin API application can read information about, create, update, and delete Duo applications (referred to as "integrations" in the API). Grant settings The Admin API application can read and change global Duo account settings. Grant read log The Admin API application can read authentication, offline access, telephony, and administrator action log information. Grant read resource The Admin API application can read information about resource objects such as end users and devices. Grant write resource The Admin API application can create, update, and delete resource objects such as end users and devices.
The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!
Duo Security has demonstration clients available on Github to call the Duo API methods. Examples are available in: Python, Java, C#, Ruby, Perl, and PHP.
This integration communicates with Duo’s service on TCP port 443. Also, we do not recommend locking down your firewall to individual IP addresses, since these may change over time to maintain our service’s high availability.
API Details
Base URL
All API methods use your API hostname, .
Methods always use HTTPS. Unsecured HTTP is not supported.
Request Format
All requests must have “Authorization” and “Date” headers.
If the request method is or , URL-encode parameters and send them in the URL query string like this: . They still go on a separate line when creating the string to sign for an Authorization header.
Send parameters for requests in the body as URL-encoded key-value pairs (the same request format used by browsers to submit form data). The header “” must also be present.
When URL-encoding, all bytes except ASCII letters, digits, underscore (“_”), period (“.”), tilde (“~”), and hyphen (“-“) are replaced by a percent sign (“%”) followed by two hexadecimal digits containing the value of the byte. For example, a space is replaced with “%20” and an at-sign (“@”) becomes “%40”. Use only upper-case A through F for hexadecimal digits.
Response Format
Responses are formatted as a JSON object with a top-level key.
Successful responses will have a value of “OK” and a key. The will either be a single object or a sequence of other JSON types, depending on which endpoint is called.
Values are returned as strings unless otherwise documented.
Unsuccessful responses will have a value of “FAIL”, an integer , and a key that further describes the failure. A key may be present if additional information is available (like the specific parameter that caused the error).
The HTTP response code will be the first three digits of the more specific found inside the JSON object. Each endpoint’s documentation lists HTTP response codes it can return. Additionally, all API endpoints that require a signed request can return the following HTTP response codes:
| Response | Meaning |
|---|---|
| 200 | The request completed successfully. |
| 401 | The “Authorization”, “Date”, and/or “Content-Type” headers were missing or invalid. |
| 403 | This integration is not authorized for this endpoint or the ikey was created for a different integration type (for example, using an Auth API ikey with Admin API endpoints). |
| 405 | The request’s HTTP verb is not valid for this endpoint (for example, POST when only GET is supported). |
| 429 | The account has made too many requests of this type recently. Try again later. |
Response Paging
Some API endpoints return a paged list of results on , up to the API endpoint's , or maximum results per page.
A successful response when the total results exceed the endpoint's default page size will include a metadata section with information about the total number of objects found and the results returned in the paged response. If the request returns no paging metadata, then either the endpoint does not support paged results or the total results do not exceed one page.
Specifying incorrect paging parameters results in a invalid parameters response.
| Metadata Information | Description |
|---|---|
The total number of objects retrieved by the API request across all pages of results. | |
The offset from 0 at which to start the next paged set of results. If not present in the metadata response, then there are no more pages of results left. | |
The offset from 0 at which the previous paged set of results started. If you did not specify in the request, this defaults to 0 (the beginning of the results). |
Use the metadata information returned to change the paging parameters for your request.
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned in a paged set of results. Each endpoint that supports paged results has its own settings, specified like "Default: 100; Max: 300". If a request specifies a value greater than the endpoint's maximum , max value is used. | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
To retrieve the full set of results for a request with paged results, repeat the call, specifying the parameter value, until there are no more results (indicated by the absence of ).
Paging Metadata Examples:
The metadata response will look like these examples except where noted for an individual API endpoint.
This metadata information indicates that there are 951 total objects returned by that endpoint, and no or was specified so the response set defaulted to the first 100 objects:
This metadata information indicates that the request specified , so the response set was objects 500-699:
This metadata information indicates that there are 2342 total objects, and the request specified and used that endpoint's default of 100, so the response set was the end of the list (objects 2300-2342):
Authentication
The API uses HTTP Basic Authentication to authenticate requests. Use your Duo application’s integration key as the HTTP Username.
Generate the HTTP Password as an HMAC signature of the request. This will be different for each request and must be re-generated each time.
To construct the signature, first build an ASCII string from your request, using the following components:
| Component | Description | Example |
|---|---|---|
| The current time, formatted as RFC 2822. This must be the same string as the “Date” header. | ||
| The HTTP method (uppercase) | ||
| Your API hostname (lowercase) | ||
The specific API method’s path | ||
| The URL-encoded list of pairs, lexicographically sorted by key. These come from the request parameters (the URL query string for GET and DELETE requests or the request body for POST requests). If the request does not have any parameters one must still include a blank line in the string that is signed. Do not encode unreserved characters. Use upper-case hexadecimal digits A through F in escape sequences. |
Then concatenate these components with (line feed) newlines. For example:
GET requests also use this five-line format:
Lastly, compute the HMAC-SHA1 of this canonical representation, using your Duo Admin API application’s secret key as the HMAC key. Send this signature as hexadecimal ASCII (i.e. not raw binary data). Use HTTP Basic Authentication for the request, using your integration key as the username and the HMAC-SHA1 signature as the password. Signature validation is case-insensitive, so the signature may be upper or lowercase.
For example, here are the headers for the above POST request to , using as the integration key and as the secret key:
Separate HTTP request header lines CRLF newlines.
The following Python function can be used to construct the “Authorization” and “Date” headers:
Users
Retrieve Users
Returns a paged list of users. To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. If is not provided, the list will contain all users. If is provided, the list will either contain a single user (if a match was found) or no users. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 300 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
| Query Parameter | Required? | Description |
|---|---|---|
| Optional | Specify a user name (or username alias) to look up a single user. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. Returns a list of users. |
| 400 | Invalid parameters. |
Response Format
| Key | Value | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
The user's username alias(es). Values included for backwards compatibility and reflect the same information as . | ||||||||||||
Map of the user's username alias(es). Up to four aliases may exist. | ||||||||||||
The user's creation date timestamp. | ||||||||||||
The user’s email address. | ||||||||||||
The user’s given name. | ||||||||||||
List of groups to which this user belongs. See Retrieve Groups for response info. | ||||||||||||
Is "true" if the user has a phone, hardware token, U2F token, or security key available for authentication. Otherwise, "false". | ||||||||||||
Timestamp of the last update to the user via directory sync, or “null” if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo. | ||||||||||||
The last time this user logged in, as a UNIX timestamp, or “null” if the user has not logged in. | ||||||||||||
The user’s surname. | ||||||||||||
Notes about this user. Viewable in the Duo Admin Panel. | ||||||||||||
A list of phones that this user can use. See Retrieve Phones for descriptions of the phone response values. | ||||||||||||
The user’s real name (or full name). | ||||||||||||
The user’s status. One of:
Note that when a user is a member of a group, the group status may override the individual user's status. Group status is not shown in the user response. | ||||||||||||
A list of tokens that this user can use. See Retrieve Hardware Tokens for descriptions of the response values. | ||||||||||||
A list of U2F tokens that this user can use. See Retrieve U2F Tokens for descriptions of the response values. | ||||||||||||
The user’s ID. | ||||||||||||
The user’s username. | ||||||||||||
A list of WebAuthn authenticators that this user can use. See Retrieve WebAuthn Credentials by User ID for descriptions of the response values. |
Example Response
Create User
Create a new user with the specified . Requires "Grant write resource" API permission.
Parameters
| Parameter | Required? | Description | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Required | The name of the user to create. | ||||||||
| Optional | A username alias for the user. Up to four aliases may be specified with this parameter. Aliases must be unique amongst users. This parameter maintained for backwards compatibility. Mutually exclusive with . | ||||||||
| Optional | Username aliases for the user. Up to four aliases may be specified with this parameter as a set of URL-encoded key-value pairs e.g. . Ignores alias position values not specified. Aliases must be unique amongst users. Mutually exclusive with . | ||||||||
| Optional | The real name (or full name) of this user. | ||||||||
| Optional | The email address of this user. | ||||||||
| Optional | The user’s status. One of:
| ||||||||
| Optional | An optional description or notes field. Can be viewed in the Admin Panel. | ||||||||
| Optional | The user’s given name. | ||||||||
| Optional | The user’s surname. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. Returns the newly created user. |
| 400 | Invalid or missing parameters, or user already exists with the given . |
Response Format
Returns the single object created. Refer to Retrieve Users for an explanation of the object’s keys.
Example Response
Retrieve User by ID
Return the single user with . Requires "Grant read resource" API permission.
Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
Returns a single object. Refer to Retrieve Users for an explanation of the object’s keys.
Example Response
Same as Retrieve User.
Modify User
Change the username, username aliases, full name, status, and/or notes section of the user with ID . Requires "Grant write resource" API permission.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Optional | The new username. | |
| Optional | A username alias for the user. Up to four aliases may be specified with this parameter. Aliases must be unique amongst users. This parameter maintained for backwards compatibility. Mutually exclusive with . | |
| Optional | Username aliases for the user. Up to four aliases may be specified with this parameter as a set of URL-encoded key-value pairs e.g. . Ignores alias position values not specified. Remove the value for an existing alias by specifying a blank value e.g. . Aliases must be unique amongst users. Mutually exclusive with . | |
| Optional | The new real name (or full name). | |
| Optional | The new email address. | |
| Optional | The new status. Must be one of “active”, “disabled”, or “bypass”. See Retrieve Users for an explanation of these fields. | |
| Optional | The new notes field. | |
| Optional | The user’s new given name. | |
| Optional | The user’s new surname. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | The user was modified successfully. The user object is also returned (see Retrieve Users). |
| 400 | Invalid or missing parameters. |
| 404 | No user was found with the given , or user already exists with the given . |
Response Format
Same as Retrieve Users.
Example Response
Same as Retrieve User by ID.
Delete User
Delete the user with ID from the system. The API will not automatically delete phones associated with the user; remove them permanently with Delete Phone. This method returns 200 if the phone was found or if no such phone exists. Requires "Grant write resource" API permission.
Users deleted by the API do not get moved into the Trash view as "Pending Deletion" as they would if removed by directory sync, inactive user expiration, or interactively from the Admin Panel, and therefore are not available for restoration. Users deleted via the API are immediately and permanently removed from Duo.
Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | The user was deleted or did not exist. |
Response Format
Empty string.
Example Response
Enroll User
Enroll a user with user name and email address and send them an enrollment email that expires after seconds. Requires "Grant write resource" API permission.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Required | The user name (or username alias) of the user to enroll. | |
| Required | The email address of this user. | |
| Optional | The number of seconds the enrollment code should be valid for. Default: 2592000 (30 days). |
Response Codes
| Response | Meaning |
|---|---|
| 200 | The enrollment code was generated and the user was sent an enrollment email. The newly created enrollment code is also returned. |
| 400 | Invalid or missing parameter(s), or the user with the given and address already exists and is enrolled. |
Response Format
Single string (the enrollment code).
Example Response
Create Bypass Codes for User
Clear all existing bypass codes for the user with ID and return a list of newly generated bypass codes, or specify that expire after seconds, or uses. Requires "Grant write resource" API permission.
Object limits: 100 bypass codes per user.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Optional | Number of new bypass codes to create. At most 10 codes (the default) can be created at a time. Codes will be generated randomly. | |
| Optional | CSV string of codes to use. Mutually exclusive with count. | |
| Optional | The number of times generated bypass codes can be used. If 0, the codes will have an infinite reuse_count. Default: 1. | |
| Optional | The number of seconds generated bypass codes should be valid for. If 0 (the default) the codes will never expire. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 400 | Invalid or missing parameters, or one-to-many object limit reached. |
| 404 | No user was found with the given . |
| 500 | Other internal error. |
Response Format
List of strings.
Example Response
Retrieve Bypass Codes by User ID
Returns a paged list of bypass code metadata associated with the user with ID . To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. Does not return the actual bypass codes. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 500 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
| Key | Value |
|---|---|
| The email address of the Duo administrator who created the bypass code. | |
| The bypass code's identifier. Use with GET bypass code by ID. | |
| The bypass code creation date timestamp. | |
| The expiration timestamp of the bypass code, or "null" if the bypass code does not expire on a certain date. | |
| The number of times the bypass code may be used before expiring, or "null" if the bypass code has no limit on the number of times it may be used. |
Example Response
Retrieve Groups by User ID
Returns a paged list of groups associated with the user with ID . To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 500 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
Same as for Retrieve Groups.
Example Response
Associate Group with User
Associate a group with the user with ID . Requires "Grant write resource" API permission.
Object limits: 100 groups per user.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Required | The ID of the group to associate with the user. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. Returns a response of “”. |
| 400 | Invalid or missing parameters, one-to-many object limit reached, or nonexistent . Also returns "Operation Failed" if the group does not exist. |
| 404 | Nonexistent . |
| 500 | Other internal error. |
Response Format
Empty string.
Example Response
Disassociate Group from User
Disassociate a group from the user with ID . This method will return 200 if the group was found or if no such group exists. Requires "Grant write resource" API permission.
Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success, or no such group exists. |
| 404 | No user was found with the given . |
Response Format
Empty string.
Example Response
Retrieve Phones by User ID
Returns a paged list of phones associated with the user with ID . To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 500 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
Same as for Retrieve Phones, except phones have no attribute.
Example Response
Associate Phone with User
Associate a phone with the user with ID . Requires "Grant write resource" API permission.
Object limits: 100 phones per user; 100 users per phone.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Required | The ID of the phone to associate with the user. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. Returns a response of “”. |
| 400 | Invalid or missing parameters, one-to-many object limit reached, or nonexistent . |
| 404 | Nonexistent . |
| 500 | Other internal error. |
Response Format
Empty string.
Example Response
Disassociate Phone from User
Disassociate a phone from the user with ID . The API will not automatically delete the phone after removing the last user association; remove it permanently with Delete Phone. This method returns 200 if the phone was found or if no such phone exists. Requires "Grant write resource" API permission.
Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success, or no such phone exists. |
| 404 | No user was found with the given . |
Response Format
Empty string.
Example Response
Retrieve Hardware Tokens by User ID
Returns a paged list of OTP hardware tokens associated with the user with ID . To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 500 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
Same as for Retrieve Hardware Tokens, except hardware tokens have no attribute.
Example Response
Associate Hardware Token with User
Associate a hardware token with the user with ID . Requires "Grant write resource" API permission.
Object limits: 100 tokens per user.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Required | The ID of the hardware token to associate with the user. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. Returns a response of “”. |
| 400 | Invalid or missing parameters, one-to-many object limit reached, already in use by a different user, or nonexistent . |
| 404 | Nonexistent . |
| 500 | Other internal error. |
Response Format
Empty string.
Example Response
Disassociate Hardware Token from User
Disassociate a hardware token from the user with ID . This method will return 200 if the hardware token was found or if no such hardware token exists. Requires "Grant write resource" API permission.
Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given |
Response Format
Empty string.
Example Response
Retrieve U2F Tokens by User ID
Returns a paged list of U2F tokens associated with the user with ID . To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 500 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
Same as for Retrieve U2F Tokens, except U2F tokens have no attribute.
Example Response
Retrieve WebAuthn Credentials by User ID
Returns a list of WebAuthn credentials associated with the user with ID . Requires "Grant read resource" API permission.
Parameters
None.
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
| 404 | No user was found with the given . |
Response Format
| Key | Value |
|---|---|
| Free-form label for the WebAuthn credential. | |
| The date the WebAuthn credential was registered in Duo. | |
| Indicates the type of WebAuthn credential. One of: “Security Key” or “Touch ID”. | |
| The WebAuthn credential's registration identifier. |
Example Response
Synchronize User from Directory
Initiate a sync for the user specified by against the directory specified by the . The for a directory can be found by navigating to Users → Directory Sync in the Duo Admin Panel, and then clicking on the configured directory. Learn more about syncing individual users. Requires "Grant write resource" API permission.
Parameters
| Parameter | Required? | Description |
|---|---|---|
| Required | The user to update via directory sync. This should be the same as the user's username in the source directory. |
Response Codes
| Response | Meaning |
|---|---|
| 200 | The user was synced successfully. The user object is also returned (see Retrieve Users). |
| 404 | The specified or was incorrect, or the user is not managed by the specified directory. |
| 429 | Too many requests; try again later. |
Response Format
Same as Retrieve Users.
Example Response
Same as Retrieve User by ID.
Groups
Per-user Group Operations
See Retrieve Groups by User ID, Associate Group with User, and Disassociate Group from User.
Retrieve Groups
Returns a paged list of groups. To fetch all results, call repeatedly with the parameter as long as the result metadata has a value. Requires "Grant read resource" API permission.
Parameters
| Paging Parameter | Required? | Description |
|---|---|---|
| Optional | The maximum number of records returned. Default: 100; Max: 100 | |
| Optional | The offset from 0 at which to start record retrieval. When used with "limit", the handler will return "limit" records starting at the n-th record, where n is the offset. Default: 0 |
Query Parameters
None.
Response Codes
| Response | Meaning |
|---|---|
| 200 | Success. |
Response Format
| Key | Value |
|---|---|
| The group’s description. | |
| The group’s ID. | |
| If true, users in the group will be able to authenticate with a passcode generated by Duo Mobile. If false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note that this setting has no effect if Duo Mobile passcodes are disabled globally. | |
| The group’s name. If managed by directory sync, then the name returned here also indicates the source directory. | |
| If true, users in the group will be able to use Duo Push to authenticate. If false, users in the group will not be able to use Duo Push to authenticate. Note that this setting has no effect if Duo Push is disabled globally. | |
| If true, users in the group will be able to use SMS passcodes to authenticate. If false, users in the group will not be able to use SMS passcodes to authenticate. Note that this setting has no effect if SMS passcodes are disabled globally. | |
| The group’s authentication status. May be one of: |
Protect Yourself From Tech Support Scams Learn More
July 29, 2020
Protect Yourself From Tech Support Scams
Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number.
Hi,
Thanks for posting your query to Microsoft forum. I will certainly help you in the right direction to fix the issue.
I can imagine the inconvenience you have experienced while downgrading Windows and the product code that you have is not the product key as product key contains 25 alpha numeric characters.
Since Windows 7 came pre-installed on the computer, unfortunately we won't be able to provide you with this information. Please contact your computer manufacturer Dell to find the product key.
Hope this information helps!
____________________
Thanks & Regards,
Isha Soni
4 people were helped by this reply
·Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this response?
Thanks for your feedback.
To use the Dell recovery discs you need to boot from them, this will bypass the Windows 10.
Be warned though, that most OEM discs will format the HDD, meaning you lose all your data, before it will install a fresh version of Windows 7
2 people were helped by this reply
·Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this response?
Thanks for your feedback.
Your post is a bit confusing.
Which version of Windows is currently installed on your computer, Windows 7 or Windows 10?
So I tried entering the original Dell product code, But "lo and behold", good ole 10 said I had to enter the 25 digit code
Yes, the product key is 25 characters
(xxxxx-xxxxx-xxxxx-xxxxx-xxxxx).
My Dell code is only 20 digits (xxxxx-xxx-xxxxxxx-xxxxx). - this is the product ID which determine the support channel, this cannot be used to activate Windows 7.
Your product key should be found on the chassis of the machine or at the bottom of a laptop or in the battery compartment.
Skip entering the product key then complete the installation.
Once you have installed it, all you need to do is change the product key located on the Certificate of Authenticity (COA). Lets take a look at how to do that.
Click Start, right click Computer
Click Properties
Scroll down to Windows activation.
You will notice it displays a time until Activation but be completed. Also the Product ID indicates it is using a default key, this is only for the 30 day grace period allowed until you must activate Windows 7.
Click the link, Change product key
Enter the product key located on the COA sticker located at the bottom or (sometimes in the battery compartment of your laptop), you can also find it at the top or side if its a Desktop computer. It looks something like the following:
Proceed to enter the product key and click Next
Wait while Windows attempts to activate.
If all goes well, within a minute, you should see this screen.
You can further confirm Windows 7 is activated by checking the Windows Activation status:
Notice Windows 7 now displays OEM within the Product ID to indicate the product channel it is licensed from. Please note, this also works with Windows Vista if you are still running that version.
If you are unable to activate Windows 7 using the Change product key method, you can try phone activation and speak with a call agent who will assist with reactivating Windows 7:
How to activate Windows 7 manually (activate by phone)
1) Click Start, and in the Search box type: slui.exe 4
2) Next press the ‘ENTER’ key
3) Select your ‘Country’ from the list.
4) Choose the ‘Phone Activation’ option.
5) Stay on the phone (do not select/press any options) and wait for a person to help you with activation.
6) Explain your problem clearly to the support person.
http://support.microsoft.com/kb/950929/en-us
Resources:
COA Certificate of Authenticity:
http://www.microsoft.com/howtotell/content.aspx?pg=coa
What is the Windows Certificate of Authenticity?
http://windows.microsoft.com/en-US/windows7/What-is-the-Windows-Certificate-of-Authenticity
Andre
Windows Insider MVP
MVP-Windows and Devices for IT
twitter/adacosta
groovypost.com
4 people were helped by this reply
·Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this response?
Thanks for your feedback.
1 person was helped by this reply
·Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this response?
Thanks for your feedback.
Activating Windows
To ensure normal use of eSight, you are advised to activate the Windows operating system within 90 days.
Prerequisites
You have obtained the product key of the Windows Server 2012 R2 standard edition.
You can find the product key in the Windows packing box.
The format of the product key is XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
In the preinstallation scenario, the Windows operating system is not activated. To ensure normal use of the Server, you are advised to activate the Windows operating system within 90 days.
Context
The Windows Server 2012 R2 standard edition can be activated online or through a call.
To activate it online, ensure that the eSight server can connect to the Internet. To activate it through a call, there is no need to connect the eSight server to the Internet.
Online Activation
- Log in to the server as the SWMaster user.
After security hardening, the administrator account changes from Administrator to SWMaster.
- Right-click Computer and choose Properties from the shortcut menu.
The System window is displayed. Click Activate Windows.
- Enter the product key as prompted to activate the Windows operating system.
Activation Through a Call
- Log in to the server as the SWMaster user.
After security hardening, the administrator account changes from administrator to SWMaster.
- Move the mouse to the blue area in the lower right corner of the desktop, and click Search.
- Enter cmd in the search box to access the CLI.
- Run the slmgr /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx command. The system prompts that the product key xxxxx-xxxxx-xxxxx-xxxxx-xxxxx is successfully installed.
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX indicates the product key.
- Run the slui 4 command. The Windows activation page is displayed.
- Select your country or region to obtain the local Windows service number and click Next.
- Call the displayed service number and perform operations as prompted. Offer the installation ID displayed on the interface to the customer service personnel and record the confirmation ID (eight groups of digits) provided by the customer service personnel.
- Click Enter Confirm ID, enter the confirmation ID, and click Activate Windows.
Verification
- Log in to the server as the administrator user.
- Right-click Computer and choose Properties from the shortcut menu.
- In the System windows, check Windows activation information.
What’s New in the Any MS Windows apps any key using XXX-XXXXX format serial key or number?
Screen Shot
System Requirements for Any MS Windows apps any key using XXX-XXXXX format serial key or number
- First, download the Any MS Windows apps any key using XXX-XXXXX format serial key or number
-
You can download its setup from given links:
Any MS Windows apps any key using XXX-XXXXX format serial key or number & PC Free Download
Any MS Windows apps any key using XXX-XXXXX format serial key or number& Free Download
Any MS Windows apps any key using XXX-XXXXX format serial key or number
About Author
