Google and DUO (Avoiding Microsoft and AzureAD)

Hi Everyone,

Interested in what an ideal setup looks like for DUO and Google.
I understand there is a limitation in using Google for Work as the User Source and then also trying to protect Google for Work (Gsuite) at the same time.
The work around is using an LDAP sync or something I believe, but I think this requires a proxy, and we want to avoid having to deploy any kind of services for very small deployments.

We have considered using something like JumpCloud as the Directory Service to replace Microsoft AzureAD. JumpCloud is also attractive as we can do some protection of the PC, Mac etc as well - i.e. applying security policies.

The main point of this post is really to figure out how to get the most out of DUO in a Google environment - while trying to avoid AzureAD.

(Other services we’d like to protect would be Webex, Meraki, Umbrella, AMP, SecureX etc - may be different discussion - but just for context)

I would love to hear from community members as to what they are doing here.

Thanks!

1 Like

Looks like maybe we need to stick with AzureAD for a bit?

Hi @TimSmith, thanks so much for sharing this excellent question here, and welcome the Duo Community! We love to see these types of best practices discussions here in the forum. I’m hoping some fellow Duo admins weigh in with some helpful advice for you. I’ve also shared this post with our CS team to see if they have any recommendations as well.

1 Like

Thanks Amy, nothing yet unfortunatley :slight_smile:

I’ve been re-reading the docs online though.

Has something now changed on the Duo side?
Can we both use Duo as the SSO source
And protect Google Workspace Logins
Without any kind of on premise infra (i.e. all in Duo cloud)

Can someone from Duo confirm?
It looks like it may have changed now.

Cheers,

Tim.

Hi Tim, thanks for following up! Nothing has changed on the Duo side. If you are using Google as your SAML IdP for Duo Single Sign-On you still cannot protect that same G-Suite account with Duo Single Sign-On.

The internal team advised me that the way to accomplish this is with the Duo Authentication Proxy in place, whether you are using the solution you first mentioned of Google LDAP, or if you are integrating Duo with the JumpCloud directory. I recommend reaching out to our Duo Support team for more specific guidance on these configurations, but I know you mentioned you didn’t want to go the route of using the Authentication Proxy.

Hi @TimSmith,

We are in a similar boat and if you find a good solution please can you follow up here.

At the moment we have been looking into using OneLogin as our IdP for this exact reason.