Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1398
Views
3
Helpful
5
Replies

Google and DUO (Avoiding Microsoft and AzureAD)

timhughsmith
Level 4
Level 4

‎09-09-2021 09:52 PM

Hi Everyone,

Interested in what an ideal setup looks like for DUO and Google.
I understand there is a limitation in using Google for Work as the User Source and then also trying to protect Google for Work (Gsuite) at the same time.
The work around is using an LDAP sync or something I believe, but I think this requires a proxy, and we want to avoid having to deploy any kind of services for very small deployments.

We have considered using something like JumpCloud as the Directory Service to replace Microsoft AzureAD. JumpCloud is also attractive as we can do some protection of the PC, Mac etc as well - i.e. applying security policies.

The main point of this post is really to figure out how to get the most out of DUO in a Google environment - while trying to avoid AzureAD.

(Other services we’d like to protect would be Webex, Meraki, Umbrella, AMP, SecureX etc - may be different discussion - but just for context)

I would love to hear from community members as to what they are doing here.

Thanks!

Labels:
5 Replies 5

timhughsmith
Level 4
Level 4

‎09-20-2021 05:19 AM

Looks like maybe we need to stick with AzureAD for a bit?

0 Helpful

Amy2
Level 5
Level 5

‎09-20-2021 06:27 AM

Hi @TimSmith, thanks so much for sharing this excellent question here, and welcome the Duo Community! We love to see these types of best practices discussions here in the forum. I’m hoping some fellow Duo admins weigh in with some helpful advice for you. I’ve also shared this post with our CS team to see if they have any recommendations as well.

timhughsmith
Level 4
Level 4
In response to Amy2

‎10-06-2021 11:12 PM

Thanks Amy, nothing yet unfortunatley

I’ve been re-reading the docs online though.

Has something now changed on the Duo side?
Can we both use Duo as the SSO source
And protect Google Workspace Logins
Without any kind of on premise infra (i.e. all in Duo cloud)

Can someone from Duo confirm?
It looks like it may have changed now.

Cheers,

Tim.

0 Helpful

Amy2
Level 5
Level 5
In response to timhughsmith

‎10-07-2021 08:08 AM

Hi Tim, thanks for following up! Nothing has changed on the Duo side. If you are using Google as your SAML IdP for Duo Single Sign-On you still cannot protect that same G-Suite account with Duo Single Sign-On.

The internal team advised me that the way to accomplish this is with the Duo Authentication Proxy in place, whether you are using the solution you first mentioned of Google LDAP, or if you are integrating Duo with the JumpCloud directory. I recommend reaching out to our Duo Support team for more specific guidance on these configurations, but I know you mentioned you didn’t want to go the route of using the Authentication Proxy.

0 Helpful

ITEM93
Level 1
Level 1

‎10-18-2021 10:41 AM

Hi @TimSmith,

We are in a similar boat and if you find a good solution please can you follow up here.

At the moment we have been looking into using OneLogin as our IdP for this exact reason.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents