Is there a way to apply separate policies to same usernames but in different domains?
Hi @willd44, no this is not possible in Duo today because you cannot have duplicate usernames in Duo. You could protect two domains in separate namespaces, such as abc.com and xyz.com as you’ve shared here, by using a separate
ad_client section and a separate
radius_server section for each domain OR configuring the Duo Authentication Proxy to use
duo_only_client for primary authentication. However, usernames must be unique in your Duo account amongst all users. You cannot have two users with the same sAMAccountName in Active Directory either. The only way around this would be to rename one of the user’s sAMAccountNames in AD to something unique. Then you could have separate policies for them as well. I hope that helps!