Could anybody explain to me when I'm supposed to use the Authentication Proxy and when I'm not?

Hello DUO community,

this probably sounds like a dumb question but I can’t wrap my head around it. So I’m asking you guys: What’s the purpose of the Authentication Proxy that is sometimes needed to be installed for protecting certain applications and for others it isn’t?

What is the need for the authentication proxy dependant on? I can only find information on what it does but I can’t seem to find an easy to understand answer on why/when it is even needed in the first place.

I would really appreciate some input on this, thanks a lot in advance!

The first question you should answer for yourself is “What do I want to protect with Duo?”

If the answer is “a VPN or other device or application that supports authentication to an external RADIUS or LDAP authentication server” then the answer is often the Authentication Proxy with a RADIUS or LDAP auth config.

If the answer is “Some application or service that supports SAML 2.0 authentication” the answer may be Duo SSO… When Duo SSO is configured with Active Directory as the authentication source, then an Authentication Proxy install is also needed to act as the connector between Duo SSO and your AD domain.

If you plan to import users or admins into Duo from AD or an OpenLDAP directory, this also requires a Duo Authentication proxy install.

If you are protecting a different app or service than what I mentioned and aren’t planning to perform directory sync then you typically don’t need an Authentication Proxy (there are a few other edge cases where it might still be used though).

Hello Kristina,

thanks a lot for your explanation! That really helped.

Best regards

1 Like