Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
1
Helpful
3
Replies

Microsoft 365 - DUO Access Gateway not working externally

Go to solution
zgruver
Level 1
Level 1

‎01-20-2022 12:25 PM

After completing all steps in this guide Duo Protection for Microsoft 365 with Duo Access Gateway | Duo Security. Everything seemed to be working the prompts for MFA are work for devices located internally on the network. However any attempt to sign in outside of the network do not work. The redirection attempts t reach the https://yourserver.example.com/dag/saml2/idp/SSOService.php but never makes it.

Ive double checked all the routing information in regards to allowing outside traffic to the server.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
zgruver
Level 1
Level 1
In response to colin_medfisch

‎01-25-2022 01:40 PM

Sorry for the late reply turns out I just was not patient enough to wait for the DNS to propagate throughout the outside networks. After waiting a while it worked just fine.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Amy2
Level 5
Level 5

‎01-24-2022 07:42 AM

Hi @zgruver, is there an error message shown when this happens, and if so, what does it say? Have you enabled debug logging for Duo Access Gateway (instructions on how to do this here)? We have a guide on how to interpret and troubleshoot DAG debug logs that is useful for understanding what is shown there. From what you’ve shared here, I am having trouble finding any documents or similar cases that would help.

You might be better off contacting Duo Support for help troubleshooting this. Be sure to include your debug logs if you do!

0 Helpful

Go to solution
colin_medfisch
Cisco Employee
Cisco Employee

‎01-25-2022 01:25 PM

Hi @zgruver,

In addition to sending those logs over to Duo Support, I would recommend taking a look at our Microsoft 365 integration using Duo-hosted SSO!

We released this integration last summer after closely working with Microsoft to ensure that we built it according to their best practices. This means that we leverage WS-Fed and WS-Trust instead of just SAML for authentication. This allows us to fully support the many session types and other Microsoft features as they make changes to them.

On top of that all, it allows you to take advantage of the many other Duo SSO features, such as end-user expired password resets and our Passwordless SSO on top of just removing the need for the on-prem web server.

Go to solution
zgruver
Level 1
Level 1
In response to colin_medfisch

‎01-25-2022 01:40 PM

Sorry for the late reply turns out I just was not patient enough to wait for the DNS to propagate throughout the outside networks. After waiting a while it worked just fine.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents