The issue we ran into today was regarding the one-time passcode. The Control integration to the best of my knowledge right now uses the PUSH method when you use the [duo: username] field in Active Directory. We tried to connect an AD user who only had access to a DUO HardToken. The hard-token only generates a 6-digit code, which you would assume would be able to be used in the One-Time Password field when authenticating. We went ahead and decided to use the SMS Email notification method, until we hear back regarding the ability to use hardtokens.

This feature of being able to use the ONE-TIME passcodes is important to us to be able to use our DUO hard tokens. I see this thread was built about 2 years ago. We really need movement in this area. It would really boost security for all our MSPs.