Hello, we would like to globally rollout DUO Security to our users and therfore synchronize a specific AD-Group or AD-Groups that spread over multiple geographic domain trees (e.g. us.acme.com, de.acme.com, es.acme.com, etc.).
To achive the user synchronization we would like to build a redundant pair of authentication proxy servers within our DMZ which will synchronize all the users from the different sub domains.
Would that be a valid setup and is it possible to synchronize all the sub domains from just one respectively two authentication proxys or would we have to spinn up an authentication proxy for each sub domain (two for redundancy reasons) ?
Are there any documentations regarding such a setup or do you know about where to find help about it? (Blogs, YouTube, etc.)
Thank you guys, regards