06-26-2018 08:19 AM
Currently trying to set up Duo for Office365 using the following:
However, I have a few questions before moving forward. We currently have a server that has Office 365 enabled SSO, so I’m not quite doing this from scratch. In the instructions, when configuring the Azure AD Connect User Sign-In, it states to select ‘Do not configure’ for the Sign On method. Currently, my configuration has ‘Password Hash Synchronization’ & ‘Enable single sign-on’ selected. Can I leave it like this or will I need to reconfigure the Azure AD Connect settings to follow the instructions? Any help will be appreciated.
06-27-2018 08:15 AM
Went along wi/ my current configuration & everything ended up working. When users log in to Office 365, they are now get the Duo prompt requesting a push now. However, my next question, for anyone that could help, is currently the Duo prompt gets applied to all the users in the AD. How would I configure it so that only users that are part of a certain container/dept only get prompted wi/ Duo? If I can get this, I’ll pretty much be set.
06-28-2018 09:03 AM
One way to accomplish this would be:
Net result: members of the groups attached to the group policy must use Duo, and anyone not in those groups bypass 2FA.
06-28-2018 10:19 AM
Apologies, but I have another question that i forgot to ask previously. In the ‘Search Base’ field in DAG, I’m confused in what I’m supposed to put right there. Do I put that’ll search all users (so something like OU=All Users,DC=my,DC=domain) or do I put the only the OU that includes the users that should be getting a Duo prompt (OU=Duo users,DC=my,DC=domain)?
07-06-2018 06:51 AM
It needs to be set to a level in your domain hierarchy that covers all users who will log in with SSO via the DAG.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: