Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
1
Replies

Duo SSO with Cisco Umbrella and OWA

rdbrooks
Level 1
Level 1

‎11-23-2022 06:39 PM

Hi all,

I was wondering if i setup Duo SSO for OWA and Azure/M365 and Cisco AnyConnect/ISE/Umbrella, if for example a user authenticates against AnyConnect with Duo first, does that mean they won’t need to authenticate for any of the other Duo applications like OWA?

Labels:
0 Helpful
1 Reply 1

raphka
Cisco Employee
Cisco Employee

‎11-29-2022 04:14 PM

Hi rdbrooks,

There are a couple of ways to approach this.

1: If you use our Duo SSO protection for AnyConnect, then you would be able to make use of Remembered Devices policies to prevent repeated 2fa authentications, assuming they all happen within the same browser.

2: Alternatively, assuming you are protecting the VPN itself with Duo, you can always leverage Authorized Networks policies to exclude the external VPN IP from 2fa requirement.
Please find the documentation for the Authorized Networks policy below:

You should take care however to not exclude the VPN protection itself from 2fa by using targeted application policies for the specific applications you wish to bypass when a user has already authenticated via the VPN.

Duo policies can be applied to:

With regards to policy conflicts the most specific policy applies.
Group Policy > Application Policy > Global Policy.

Please find the Guide to Duo Policies below:
https://help.duo.com/s/article/policy-guide

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents