diff --git a/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoChangeLogConsumer.java b/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoChangeLogConsumer.java
index 96ba7f769558..aad193714123 100644
--- a/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoChangeLogConsumer.java
+++ b/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoChangeLogConsumer.java
@@ -160,6 +160,14 @@ public class GrouperDuoChangeLogConsumer extends ChangeLogConsumerBase {
               String duoGroupId = grouperDuoGroup != null ? grouperDuoGroup.getId() : null;
               String duoUserId = !StringUtils.isBlank(username) ? GrouperDuoCommands.retrieveUserIdFromUsername(username) : null;
 
+              // Check to provision user to DUO
+              if (StringUtils.isBlank(duoUserId)) {
+                if (GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.provisionUsers", false)) {
+                  GrouperDuoCommands.updateDuoUser(username, false);
+                }
+                duoUserId = !StringUtils.isBlank(username) ? GrouperDuoCommands.retrieveUserIdFromUsername(username) : null;
+              }
+
               //cant do anything if missing these things
               if (!StringUtils.isBlank(duoGroupId) && !StringUtils.isBlank(duoUserId)) {
 
diff --git a/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoCommands.java b/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoCommands.java
index b3330db12d42..65c2d925a98f 100644
--- a/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoCommands.java
+++ b/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoCommands.java
@@ -1401,4 +1401,81 @@ public class GrouperDuoCommands {
     }
   }
 
+    /**
+   * @param groupId
+   * @param groupDescription
+   * @param isIncremental
+   * @return the json object
+   */
+  public static JSONObject updateDuoUser(String username, boolean isIncremental) {
+
+    Map<String, Object> debugMap = new LinkedHashMap<String, Object>();
+
+    debugMap.put("method", "updateDuoUser");
+    debugMap.put("username", username);
+    debugMap.put("daemonType", isIncremental ? "incremental" : "full");
+    long startTime = System.nanoTime();
+    try {
+
+
+      if (StringUtils.isBlank(username)) {
+        throw new RuntimeException("Why is username blank?");
+      }
+
+      //create user
+      // POST /admin/v1/users/
+      String path = "/admin/v1/users";
+      debugMap.put("POST", path);
+      Http request = httpAdmin("POST", path);
+      request.addParam("username", username);
+
+      signHttpAdmin(request);
+
+      String result = executeRequestRaw(request);
+
+      //  {
+      //    "response": {
+      //      "desc": "Group description",
+      //      "group_id": "DGXXXXXXXXXXXXXXXXXX",
+      //      "name": "Group Name",
+      //      "push_enabled": true,
+      //      "sms_enabled": true,
+      //      "status": "active",
+      //      "voice_enabled": true,
+      //      "mobile_otp_enabled": true
+      //    },
+      //    "stat": "OK"
+      //  }
+
+      JSONObject jsonObject = (JSONObject) JSONSerializer.toJSON( result );
+
+      if (!StringUtils.equals(jsonObject.getString("stat"), "OK")) {
+
+        // {
+        //    "code": 40003,
+        //    "message": "Duplicate resource",
+        //    "stat": "FAIL"
+        // }
+
+        debugMap.put("error", true);
+          debugMap.put("result", result);
+          throw new RuntimeException("Bad response from Duo: " + result);
+      }
+
+      jsonObject = (JSONObject)jsonObject.get("response");
+
+      username = jsonObject.getString("username");
+
+      debugMap.put("username", username);
+
+      return jsonObject;
+    } catch (RuntimeException re) {
+      debugMap.put("exception", ExceptionUtils.getFullStackTrace(re));
+      throw re;
+    } finally {
+      GrouperDuoLog.duoLog(debugMap, startTime);
+    }
+
+  }
+
 }
diff --git a/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoFullRefresh.java b/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoFullRefresh.java
index f8f17be95be7..e8c31014c48b 100644
--- a/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoFullRefresh.java
+++ b/grouper-misc/grouper-duo/src/main/java/edu/internet2/middleware/grouperDuo/GrouperDuoFullRefresh.java
@@ -268,6 +268,17 @@ public class GrouperDuoFullRefresh extends OtherJobBase {
           String duoUserId = GrouperDuoCommands.retrieveUserIdFromUsername(grouperUsername);
           if (StringUtils.isBlank(duoUserId)) {
             LOG.warn("User is not in duo: " + grouperUsername);
+            if (GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.provisionUsers", false)) {
+                LOG.warn("Provisioning User to DUO: " + grouperUsername);
+                GrouperDuoCommands.updateDuoUser(grouperUsername, false);
+
+                duoUserId = GrouperDuoCommands.retrieveUserIdFromUsername(grouperUsername);
+                if (StringUtils.isBlank(duoUserId)) {
+                    LOG.warn("User was unable to be provisioned to duo: " + grouperUsername);
+                  } else {
+                    insertCount++;
+                    GrouperDuoCommands.assignUserToGroup(duoUserId, duoGroup.getId(), false);
+                  }
           } else {
             insertCount++;
             GrouperDuoCommands.assignUserToGroup(duoUserId, duoGroup.getId(), false);