Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1544
Views
0
Helpful
4
Replies

Add SSO to existing DUO Implementation?

Go to solution
lkeyes1
Level 1
Level 1

‎11-23-2020 05:10 AM

Looking to add SSO to our existing DUO implementation, Question: will configuring SSO break our existing DUO setup? We are currently using DUO with the Sophos SSL-VPN and the Auth Proxy with Active Directory. Thanks. — L

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jamieis
Cisco Employee
Cisco Employee
In response to lkeyes1

‎11-23-2020 07:16 AM

Hi @lkeyes,

Yes, while you can use Duo SSO with an existing authproxy, it does require rebooting the authproxy service to set up Duo SSO which would create some downtime for your VPN.

We recommend setting up dedicated authproxies for Duo SSO. Having more than one connected to Duo SSO also ensure high availability if one of the authproxies was to go offline.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jamieis
Cisco Employee
Cisco Employee

‎11-23-2020 05:37 AM

Hi @lkeyes,

Can you explain a little more about what you’re hoping to protect with Duo SSO? Just enabling it in your Duo account in the Admin Panel will not break anything.

While configuring Duo SSO with an authentication proxy to be able to communicate with your Active Directory you will have to restart an authproxy. We do recommend that customers set up dedicated authproxies for Duo SSO.

0 Helpful

Go to solution
lkeyes1
Level 1
Level 1

‎11-23-2020 07:11 AM

Hi, Jamie…thanks for your note.

We are currently using DUO for the Sophos SSL-VPN application to protect our VPN logins. We are now trying to get Office 365 protected (for web logins), and figured since the latest iteration of DUO is supporting SSO, we’d implement that because going forward we have additional applications, including Salesforce that we’d like to protect.

My concern is in modifying our current authproxy for SSO (editing the config file, etc) if there was any chance of breaking our currently functioning VPN protection. Are you suggesting that rather than modifying our current authproxy, we should add another for SSO as best practice?

0 Helpful

Go to solution
jamieis
Cisco Employee
Cisco Employee
In response to lkeyes1

‎11-23-2020 07:16 AM

Hi @lkeyes,

Yes, while you can use Duo SSO with an existing authproxy, it does require rebooting the authproxy service to set up Duo SSO which would create some downtime for your VPN.

We recommend setting up dedicated authproxies for Duo SSO. Having more than one connected to Duo SSO also ensure high availability if one of the authproxies was to go offline.

0 Helpful

Go to solution
lkeyes1
Level 1
Level 1

‎11-23-2020 07:22 AM

Restart is no problem, but will pursue adding another authoproxy.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents