Multi-site DUO Administration

KenZ · ‎11-22-2022

Hi,

I’m an administrator of a group of schools in a Multi-Academy Trust, but each school has it’s own Active Directory which is not linked together.
The Duo Portal I have is NOT a Multi-tenancy portal where I can set up individual accounts for each school. It’s basically a “single organisation” portal that I need to use for each school.

I need to be able to use Directory Sync for each school to upload each schools users into their own separate user groups so the users don’t mix amongst each other

If I use Directory Sync for multiple schools in this type of Duo account, will it get confused seeing different accounts from different active directory environments?

Can i still assign different “administrators” to the different AD / Dir Sync “groups”?

Thanks and regards

Ken

DuoKristina · ‎11-23-2022

The basic answer to this is no, it won’t get confused as long as any usernames and username aliases you import from all forests are unique. If any of the imported names are duplicated it affects sync (basically the first user synced with the duplicate username wins). Can I have duplicate usernames or username aliases in Duo?.

If you have a Duo account manager, customer success manager, or MSP program manager consider reaching out to them directly to discuss your use case because we have some options that could make this easier (what you called “multi-tenant” being one possibility).

Duo, not DUO.

KenZ · ‎11-25-2022

Thanks

On the new AD, I’ve installed the Auth Proxy and specified an OU with only 1 user and 1 group and that synced successfully.

I can now see that user amongst all the other users imported from the other AD domain, so it works, but I need to ensure that the users that i sync from the second AD domain do not have the same usernames as those from the first AD domain.

regards

Ken Z