Good morning everyone!
I’m deploying Duo RDP to protect some of our servers. We have servers in multiple domains, but user accounts share same username (e.g. MYCOMPANY\johndoe, MYCOMPANYTEST\johndoe, MYCOMPANYEXT\johndoe) etc. I was hoping to set UPN suffixes for johndoe accounts across the domains to the the same value (e.g. email@example.com) and use only one Duo account to manage all servers.
However, it appears that Duo RDP software doesn’t use UPN and automatically prepends NetBIOS domain name to username, so requests to API look like “POST ■■■■■■■■■■■■■■■■■■■■■■■■■:443/auth/v2/preauth?ipaddr=127.0.0.1&username=MYCOMPANYTEST\johndoe” Naturally if my Duo username is MYCOMPANY\johndoe, this will fail due to username mismatch as I’m trying to log into TEST domain.
My question is – is there a way to modify this and make it submit UPN name or just username? Alternatively - can we assign an alias or a secondary username to a Duo account? Would you suggest another approach to using one Duo account to manage servers in multiple domains?
Thank you very much for your input!