Specific AD group in Duo Auth proxy

Hey guys,
I have implemented Duo for Vpn users, but I am facing some difficulty.

I have 2 groups in my AD and 1 group is for Vpn users and other is not, So while making the Duo Auth proxy we do give AD’s IP address but I wanted to know if there is some way to specify in Duo Auth Proxy to use only specified group for authentication.

After implementation Duo non Vpn user group were able to use Vpn for some reason and I want to limit that, I only want to give speific group detail to auth proxy, is it possible?


You may decide in your sync to restrict the groups you want to import in Duo.

And depending the application type you use, you should be able to restrict it to groups.


If you want to permit only members of a specified group to authenticate you could use the ad_client security_group_dn or ldap_filter options to restrict to that group.