cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1481
Views
0
Helpful
1
Replies

Configuring duo Access Gateway without Back-End Authentication Server

suchindra
Level 1
Level 1

One of our customers uses Duo extensively for 2 factor authentication. They are currently exploring the option of configuring Duo’s Access Gateway to leverage the ability of Duo to provide two factor authentication while acting as a SAML IdP.

The customer also wants to configure Duo as a single factor authentication (ie., Call/SMS/Push only) without having an Authentication Server back-end (LDAP/AD etc) configured in the Duo Access Gateway. To give a better picture, consider the following flow:

The Setup suggested by Duo in the following page is as follows:

https://duo.com/docs/dag

A SAML SP (our product) --> Duo Access Gateway (sitting at customer’s end) --> Authentication Server + Call/SMS/Push with duo.com website

The setup they (our customer) likes to have, is as follows:

A SAML SP (our product) --> Duo Access Gateway (sitting at customer’s end) --> Call/SMS/Push with duo.com website

In brief, they would like to just fetch the username from the SAML Request, and then use that to have a single factor authentication using Call/Push/SMS, which successfully completes the SAML flow if all goes well, and returns back to the SP with SAML Response

Is it possible to configure Duo’s Access Gateway to work without back-end authentication server, and just pass the user to Call/Push/SMS page?

Thanks and Regards,
Suchindra Chandrahas

1 Reply 1

Dooley
Level 3
Level 3

Hi Suchindra. At this time, the Duo Access Gateway requires an authentication source for first factor and to retrieve attributes for the SAML response.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links