cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1263
Views
1
Helpful
1
Replies

Building a case to move from ADFS4 to Duo's DAG for 365 auth

Kelly_O_Keefe
Level 1
Level 1

Folks, I’ve been asked to evaluate advantages of moving from an already installed ADFS4 infrastructure to using Duo’s DAG product for office 365 auth. After reviewing the doc’s and watching the DAG install support video I’m having a hard time seeing why this would be a good option.

The main reason for our switch is to provide better support for legacy mail clients, and from what I can gather, the DAG only provides a way to implement a exception group, allowing those contained users to bypass. (which could be done with a rule in ADFS as well). NOT an application password.

If you have made this comparison yourself, we would like to hear your advice!

1 Reply 1

Greg9
Level 1
Level 1

Hello, Kelly_O_Keefe!

To be honest, it sounds like you’ll be better off sticking with ADFS.

The main advantage the DAG offers is the ability for you to configure a unique Duo policy for each Service Provder that is federated to your DAG. If O365 is the only Relying Party (Service Provider) you have federated to ADFS - or the only RP you wish to protect with Duo - this advantage becomes moot.

Considering that ADFS is already in your environment and it offers more flexiblity with Claims Rules than the DAG, I’d encourage you to stay with ADFS.

best,
-Greg

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links