We’ve decided to implement Cisco Duo, and are planning to subscribe to the Access edition. Our primary goal was to implement Duo for VPN (AnyConnect on Firepower) first, and then for email, which is running on an on-prem Exchange server. And we have on-prem Active Directory, which I planned to sync users from.
I’ve been reading up on the deployment methods, and saw that we have the option for Duo SSO. But I’m not clear on, if Duo SSO provides any benefits to us, if we are protecting only on-prem resources. (We don’t use Microsoft 365 currently, but, may in the future.)
Also, would we be able to initially use Duo with a small group of associates (such as IT) before requiring it for all VPN users? Currently we use NPS and Radius for VPN auth, and VPN enabled users are in a security group.
Thanks for any guidance.