One of the first systems we integrated with Duo is our Palo Alto GlobalProtect VPN. When we began enrolling individuals in the system, one of the first things we discovered was that users could get around the Duo prompt by using their email address as a username, instead of their sAMAccountName. We’re an O365 and SkypeforBiz customer and are required to have the email address setup as a SIPAddress.
Is there any way to either
a) setup multiple usernames in Duo that can authenticate through an application?
b) disallow users from using a secondary user ID other than their sAMAccountName? We’re not seeing anything like this in our GlobalProtect instance.