Add SSO to existing DUO Implementation?

Looking to add SSO to our existing DUO implementation, Question: will configuring SSO break our existing DUO setup? We are currently using DUO with the Sophos SSL-VPN and the Auth Proxy with Active Directory. Thanks. — L

Hi @lkeyes,

Can you explain a little more about what you’re hoping to protect with Duo SSO? Just enabling it in your Duo account in the Admin Panel will not break anything.

While configuring Duo SSO with an authentication proxy to be able to communicate with your Active Directory you will have to restart an authproxy. We do recommend that customers set up dedicated authproxies for Duo SSO.

Hi, Jamie…thanks for your note.

We are currently using DUO for the Sophos SSL-VPN application to protect our VPN logins. We are now trying to get Office 365 protected (for web logins), and figured since the latest iteration of DUO is supporting SSO, we’d implement that because going forward we have additional applications, including Salesforce that we’d like to protect.

My concern is in modifying our current authproxy for SSO (editing the config file, etc) if there was any chance of breaking our currently functioning VPN protection. Are you suggesting that rather than modifying our current authproxy, we should add another for SSO as best practice?

Hi @lkeyes,

Yes, while you can use Duo SSO with an existing authproxy, it does require rebooting the authproxy service to set up Duo SSO which would create some downtime for your VPN.

We recommend setting up dedicated authproxies for Duo SSO. Having more than one connected to Duo SSO also ensure high availability if one of the authproxies was to go offline.

Restart is no problem, but will pursue adding another authoproxy.