Duo for MFA on VPN and A/D Logins?


#1

Good evening, we are looking into ways to meet a couple NIST standards and we need to apply multi factor authentication to our VPN and A/D login. Of course it would be nice if we could use the same tool for both.

My questions are:

  • Is a single Duo setup capable of handling both MFA with OpenVPN and MFA on Active Directory local PC logins?

  • Is there any change in the licensing if using it for multiple applications?

  • How would it handle it the authentication in this scenario, as far as would they be prompted both times - once at VPN entry and once at A/D (assuming remote desktop) or would the first session carry over?

This is our first adventure into this and we are behind the curve on experience and time, so we appreciate the help.


#2

Hey there @mooseracing,

Thanks for checking out Duo!

Answering your questions in order:

  • Yes Duo is capable of handling MFA for both OpenVPN and local PC login (and RDP!). You should check out our docs page for all the applications that Duo supports: https://duo.com/docs

  • Duo is licensed per user. This means that you can protect as many applications as you’d like!

  • In that specific scenario you would be prompted for MFA at each application. If the application is capable of displaying our Duo Prompt you would be able to use our Remembered Devices policy setting which has some options of remembering 2FA between applications.

Let me me know if you have any other questions!