I have been tasked with planning and completing our organizations Duo implementation. I would like to set things up so that our users have a single sign-on portal which will hopefully cover all of the applications that we want to protect.
The external facing applications that we would like to protect currently include our RDS web gateway, Outlook Web Access (OWA) and a Fortinet SSL VPN. We also use an on-premise CRM system that I would like to provide external access to.
I have read through a number of the documents available regarding the Duo Access Gateway and the Duo Network Gateway. Not exactly sure what the correct situation is for using one or the other, or both.
Any suggestions about best practices for this type of architecture would be much appreciated.