Duo SSO for intranet sites

Hello. We have Duo SSO set up with Active Directory as identity source. Can we use Duo SSO and Duo Central for local intranet web applications for users accessing the application from intranet? In other words; does the login url for the application need to be publicly available?

Hi @sigveo ,

Duo SSO (a SAML IdP) is hosted in the cloud, so it must be able to communicate to your application’s (a SAML Service Provider) ACS URL. Additionally, your application must be able to communicate with Duo SSO’s /metadata and /sso URLs, which are publicly accessible upon creation of the application in the Duo Admin Panel (Single Sign-On for Generic SAML Service Providers | Duo Security).

If you are looking to protect an internal application, please see if it is compatible with RADIUS, LDAPS, WebSDK, or Auth API.

Hope this helps!