Access Gateway - without server

simon.moore · ‎08-14-2018

Do you have to have an on-prem server to run the DAG, in order to provide controls over office etc. Cannot it not be configured cloud to cloud , like a cloud security broker?

DuoKristina · ‎08-14-2018

Hi @simon.moore!

You are correct. Today, the Duo Access Gateway must be configured on a physical or virtual host. While you could deploy the virtual host in cloud infrastructure like AWS or Azure, we don’t offer a 100% cloud-hosted SAML solution today.

Duo, not DUO.

simon.moore · ‎08-14-2018

shame -
is it in the road map?
As a start-up , we don’t want any on-prem hardware, or a large IT team to manage it. The appeal of duo was as a one stop show, simple to set up, with scalable user charges. Having to set up a server to protect my cloud apps such as office , sort of misses the point.

S

DuoKristina · ‎08-14-2018

If you’re using Office 365 and have an Azure AD P1 subscription behind that, you can use our [custom MFA control for Azure AD to protect Office 365 logins without a server deployment. If you use Azure AD as the authentication directory for other application you can apply the Duo CA control to those as well.

We also partner with other cloud identity providers to provide MFA, like Okta and OneLogin.

Do you have an account manager or customer success manager? They are able to have roadmap discussions with you. If you aren’t a Duo customer yet, you can sign up for free at https://signup.duo.com.

Duo, not DUO.

simon.moore · ‎08-20-2018

How does this compare with Akami, on the face of it seems similar, but they are fully cloud based.

DuoKristina · ‎08-20-2018

If you’re taking about Akamai Enterprise Application Access (EAA), you can use Duo MFA with that too. Here are those instructions: Akamai EAA | Duo Security

Duo, not DUO.

simon.moore · ‎08-20-2018

ok , got that. But given Akami also do MFA, why would i not just all with them?

simon.moore · ‎08-20-2018

are you saying i can use their service rather than your gateway - so avoid ing the need for an on-prem server?

simon.moore · ‎08-20-2018

you can message me directly if you like

DuoKristina · ‎08-21-2018

Duo offers many options for adding MFA to Office.

On-premises solutions (which could also be run on a cloud-hosted VM like in AWS or Azure):

Duo Access Gateway (requires AD)
Duo MFA authenticator plugin for AD FS (requires AD)
Duo plugin for Shibboleth
Duo plugin for CAS

Cloud solutions by Duo:

Duo custom control for Azure AD Conditional Access (requires an Azure P1 subscription)

Cloud solutions from Duo partners:

Duo for Okta
Duo for OneLogin
Duo for Akamai EAA
Duo for Bitium
more

I can think of some reasons someone might not want to use the MFA offered in EAA (IIRC it’s SMS and email based, neither of which are as secure as an out of band push notification), but I’m not a sales person! As I mentioned, a Duo account manager could have roadmap discussions with you, or share specific reasons why customers have chosen Duo’s MFA over the MFA options offered by cloud IdP vendors (beyond reasons like ease of use, other applications and services supported, flexibility in authentication methods, access policies, etc.). Sign up for free at https://signup.duo.com to start that conversation.

Duo, not DUO.