I’m looking to federate Duo SSO w/ our Microsoft Azure tenant. Currently we are using Azure AD Connect w/ Pass-through Authentication w/ password write-back enabled. This allows us to use the self-service password reset (SSPR) feature.
My question - is password write-back/SSPR compatible w/ Duo SSO Federation?
From Microsoft AD Connect documentation:
Password write-back is supported in environments that use the following hybrid identity models:
- Password hash synchronization
- Pass-through authentication
- Active Directory Federation Services
There’s no mention of a 3rd party federation provider (e.g. Duo)