Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
1
Helpful
2
Replies

Could anybody explain to me when I'm supposed to use the Authentication Proxy and when I'm not?

Go to solution
dariofriedsam90
Level 1
Level 1

‎11-21-2022 02:40 AM

Hello DUO community,

this probably sounds like a dumb question but I can’t wrap my head around it. So I’m asking you guys: What’s the purpose of the Authentication Proxy that is sometimes needed to be installed for protecting certain applications and for others it isn’t?

What is the need for the authentication proxy dependant on? I can only find information on what it does but I can’t seem to find an easy to understand answer on why/when it is even needed in the first place.

I would really appreciate some input on this, thanks a lot in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎11-21-2022 10:34 AM

The first question you should answer for yourself is “What do I want to protect with Duo?”

If the answer is “a VPN or other device or application that supports authentication to an external RADIUS or LDAP authentication server” then the answer is often the Authentication Proxy with a RADIUS or LDAP auth config.

If the answer is “Some application or service that supports SAML 2.0 authentication” the answer may be Duo SSO… When Duo SSO is configured with Active Directory as the authentication source, then an Authentication Proxy install is also needed to act as the connector between Duo SSO and your AD domain.

If you plan to import users or admins into Duo from AD or an OpenLDAP directory, this also requires a Duo Authentication proxy install.

If you are protecting a different app or service than what I mentioned and aren’t planning to perform directory sync then you typically don’t need an Authentication Proxy (there are a few other edge cases where it might still be used though).

Duo, not DUO.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎11-21-2022 10:34 AM

The first question you should answer for yourself is “What do I want to protect with Duo?”

If the answer is “a VPN or other device or application that supports authentication to an external RADIUS or LDAP authentication server” then the answer is often the Authentication Proxy with a RADIUS or LDAP auth config.

If the answer is “Some application or service that supports SAML 2.0 authentication” the answer may be Duo SSO… When Duo SSO is configured with Active Directory as the authentication source, then an Authentication Proxy install is also needed to act as the connector between Duo SSO and your AD domain.

If you plan to import users or admins into Duo from AD or an OpenLDAP directory, this also requires a Duo Authentication proxy install.

If you are protecting a different app or service than what I mentioned and aren’t planning to perform directory sync then you typically don’t need an Authentication Proxy (there are a few other edge cases where it might still be used though).

Duo, not DUO.
0 Helpful

Go to solution
dariofriedsam90
Level 1
Level 1
In response to DuoKristina

‎11-22-2022 12:15 AM

Hello Kristina,

thanks a lot for your explanation! That really helped.

Best regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents