URL protection with duo

Hi, we currently have an intranet URL that doesn’t have authentication, anyone within the domain will be able to gain access to the URL when type in the address correctly. Can duo act as the first layer of authentication instead of using AD for the first layer? if yes may i know if there is any documentation to have this setup?

Thanks.

Hi southrider,
Just to be clear, anyone from the public internet can hit your intranet if they have the domain name or IP address? If this is the case, then no I don’t believe Duo alone can fix it for you. You may want to look at a reverse proxy (I believe Windows Server starting with 2012 has this feature available as an installable role). What you’d want to do is close off web access to your intranet on your firewall, and instead have the domain name point to this reverse proxy. The proxy will authenticate users (you can probably integrate Duo here at this point) and if authentication succeeds then your users will reach the intranet.

Depending on your setup it may just be easier to block access to the intranet from the public internet and require your users to use a VPN to access it from the outside.