cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1833
Views
1
Helpful
3
Replies

Domain-joined devices other than Windows ? eg Mac and Linux

Not applicable

I am looking into Duo to see if it would be a good fit for my business. So far so good but there is one thing which I cannot locate. In our business we use Active Directory on 2012. We run a mixture of domain-joined laptops and computers running Apple OSX and various Linux (Ubuntu / CentOS / RedHat) including Windows 10 and Windows server for servers.

I done a search and found this thread which states I need to install a Duo agent on the Windows computers to obtain 2FA for those. Can I integrate 2FA for active directory users on a local domain?

Please could you point me in the direction of the solution for Macs and Linux?

Do you have an agent-less solution that can provide 2FA from the domain itself?

Thanks,

1 Accepted Solution

Accepted Solutions

DuoKristina
Cisco Employee
Cisco Employee

Duo adds two-factor authentication to the clients, not to the user accounts. Similar to the Duo Authentication for Windows Logon application for Windows system 2FA, we offer Duo Unix for Linux systems and Duo Authentication for macOS for Macs.

There is no direct Duo integration with Active Directory.

Duo, not DUO.

View solution in original post

3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

Duo adds two-factor authentication to the clients, not to the user accounts. Similar to the Duo Authentication for Windows Logon application for Windows system 2FA, we offer Duo Unix for Linux systems and Duo Authentication for macOS for Macs.

There is no direct Duo integration with Active Directory.

Duo, not DUO.

Thank you

I have found a caveat on the linux side. If you su to switch user the user that gets the push notification is the person that is currently logged on not the user that you are switching to.

Otherwise, I have found duo to be the easiest and quickest MFA that you can implement. Also since its an endpoint protection not an account protection it provides the ability to protect an endpoint whether its a local account or a domain account or if its an account in multiple disconnected domains. All that matters is that the username is the same.

On the down side it doesn’t protect things like Kerberos tickets or when doing a runas from the windows command line.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links