DUO for Vendors


#1

I am trying to implement 2factor on VPN logins that vendors use for remote support on some of our servers. I would like once a vendor connects to our VPN then it sends out a DUO push to approve or disapprove to my IT department. I know that I can do this with aliases for one user but what about sending to multiple users and only one needs to approve? Or what are others doing in these scenarios?


#2

Hi there, it is currently not possible to send a 2FA request to multiple devices at once with Duo.


#3

Thanks for this info. I have currently setup this vendor as an alias and associated it with my username. However, the push notification only shows the username and not that alias. I cannot tell from this that it is a vendor needing to authenticate. Is there a way to display alias? Can I create a new user and associate multiple users with the duo app?


#4

I guess there must be some reason you don’t want to enroll the vendor’s own accounts in Duo. One solution might be:

  1. Create a placeholder “vendor” account in Duo.
  2. Have each IT admin add their phone as a generic tablet device, which will give them each a second Duo device line in the app. Name the device in Duo appropriate (Alice Smith, Bob Parker, Charles Miller).
  3. Add (up to 4) vendor aliases to the “vendor” account in Duo.
  4. When the vendor logs in to the VPN with their account (alias in Duo), have them select the IT admin they are likely already in communication with, and send a push to that persons phone.
  5. IT admin accepts the push.
  6. Profit!