Manage MFA Hardware Token As Duo User Manager

Hardware token asset management


An ID Notary will keep track of and assign tokens. If there isn't an IT Notary designated in a Department or Unit, the customer would need to contact the IT Service Center and have a DUO Manager remove the token from the user's account.

If you are no longer employed by the University of Maryland, system access and authorization will be revoked as part of the normal off boarding procedure. Department staff must collect hardware tokens before separation from the university.

Agent authorization/Credentials required

IT-Support-HelpDesk-Student that is a Duo User Manager
MFA (Duo) device

Tier level

This is a Tier 1 activity

Information required from customer

Steps to complete procedure

  1. Collect User Directory ID and name for the owner of the token.

  2. Create Incident for User.

  3. Log into (only someone who is a User Manager can do this).

    Log onto Duo

  4. Click 2FA Devices.

    Click 2FA Devices

  5. Click Hardware Tokens.

    Click Hardware Tokens

  6. Enter the Token Serial Number in the search box next to Reports, then click on the Serial Number.

    Enter Token Serial Number then click on the serial number
  7. Click Remove

    Click Remove

  8. The token should no longer have any users attached to it.

    No users are attached to the token

  9. A new user for the reclaimed token must go to the MFA Hardware Token Registration page to register.

    Token Registration



  1. Department Staff must collect hardware tokens that are no longer needed or used (i.e. when someone decides to use a Smartphone or Tablet instead).

  2. An ID Notary will re-assign the Token to someone else, as well as remove it from the account from where it is being reclaimed.

  3. I. A new user for the token needs to go to the MFA Hardware Token Registration page to register a new token.

When someone leaves, what do I do with old tokens?

  1. Give them to Department Staff that is in charge of managing the tokens (such as an IT Support position, Business Manager, Assistant-Director, or Director).

  2. A Duo Admin should then go into the system and remove the account from the token, so that it can be re-used within the Department.

Management of token

  1. An ID Notary will keep track of and assign tokens.

  2. Hardware tokens run on batteries, and are only expected to last for five years, after which time they would need to be replaced by the Department or Unit.