EOL for Duo LDAP cloud service and Migration Path

А couple of weeks ago I received a notification that the EOL for Duo LDAP cloud service (LDAPS) is approaching.
I found a migration path that solves the problem on the site. RADIUS 2FA for Cisco ASA SSL VPNs | Duo Security
but I have a couple of questions that are not very clear to me after reading and watching the video.
Is radius a necessary step?
In the video example the radius is used as a protocol, in the ASA setting it is selected in the drop-down menu for AAA server group.

If my environment don’t have radius, is AD enough?

additional: the part that confuses me

“This Duo proxy server will receive incoming RADIUS requests from your Cisco ASA SSL VPN, contact your existing local LDAP/AD or RADIUS server to perform primary authentication if necessary, and then contact Duo’s cloud service for secondary authentication.”

Hi stefan, Welcome to the Duo Community.
AD is indeed enough and you do not need a RADIUS server.

The proxy will act as a RADIUS server and receive RADIUS authentications from your ASA using its [radius_server_auto] section.

These authentications will be translated to LDAP and be sent to your AD for username and password verification using the [ad_client] section.

The flow looks like this:

ASA --RADIUS–> Proxy --LDAP–> AD

1 Like

So, the example in video is 1 on 1 how to configure it / migrate on the environment where I only have AD, and want to migrate to DUO MSP?