Migrating from DAG to Azure

We currently use Duo Access Gateway for MFA with on-premise Active Directory for our Palo Alto GlobalProtect VPN authentication.

We want to use Azure instead of on-premise AD and continue to use Duo to protect the GlobalProtect VPN.

We are having difficulty figuring out where all of the settings go e.g. Entity ID, ACS URLs, etc.

Has anyone done this and if so do you have any pointers or config examples to share?

Hi mike.s

You can use Duo SSO for this without on prem AD.

Initially you will want to set up Duo SSO and use Azure as the authentication source for Duo SSO.

Once this is complete you can then protect your Globalprotect with Duo SSO.