I have a question - we use Office365 and VMware View (Horizon) with instant clones. This means that a new W10 machine is created every time you log in and destroyed every time you log out.
However, we have the problem
that we have to authenticate ourselves to Cisco Duo (outlook etc.) with a username and password every time we log in. We federated the domain to Duo. Can anyone tell me if this is “normal” from experience? It is very annoying that the users have to log in to Horizon and then again to Office and that there is no clean SSO.
Duo remembered devices rely on cookies to store your “session” and reduce the number of 2fa authentications required.
Given the clones are wiped each time, it therefore follows that the cookies are also wiped and the remembered devices will not work beyond a shutdown, and there is no workaround for this other than using persistent clones.
It would be great to be able to leverage a 2fa Authenticated Windows session with subsequent 2fa authentications from other web based applications within the same session. I recommend reaching out to Duo Support to create a feature request for this functionality.
On the same topic, does duo have a setting where we can stipulate trusted locations/IPs which would thus prevent MFA prompts in non persistent sessions?