Domain-joined devices other than Windows ? eg Mac and Linux

I am looking into Duo to see if it would be a good fit for my business. So far so good but there is one thing which I cannot locate. In our business we use Active Directory on 2012. We run a mixture of domain-joined laptops and computers running Apple OSX and various Linux (Ubuntu / CentOS / RedHat) including Windows 10 and Windows server for servers.

I done a search and found this thread which states I need to install a Duo agent on the Windows computers to obtain 2FA for those. Can I integrate 2FA for active directory users on a local domain?

Please could you point me in the direction of the solution for Macs and Linux?

Do you have an agent-less solution that can provide 2FA from the domain itself?


Duo adds two-factor authentication to the clients, not to the user accounts. Similar to the Duo Authentication for Windows Logon application for Windows system 2FA, we offer Duo Unix for Linux systems and Duo Authentication for macOS for Macs.

There is no direct Duo integration with Active Directory.

1 Like

Thank you :slight_smile:

I have found a caveat on the linux side. If you su to switch user the user that gets the push notification is the person that is currently logged on not the user that you are switching to.

Otherwise, I have found duo to be the easiest and quickest MFA that you can implement. Also since its an endpoint protection not an account protection it provides the ability to protect an endpoint whether its a local account or a domain account or if its an account in multiple disconnected domains. All that matters is that the username is the same.

On the down side it doesn’t protect things like Kerberos tickets or when doing a runas from the windows command line.