Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1131
Views
1
Helpful
6
Replies

How to use Duo MFA as main aunthentication method

rsacramento
Level 1
Level 1

‎01-07-2022 05:20 AM

Hello.

Is it possible to use Duo MFA as main authentication method ? Where the user does not need to type logon password, only use the Duo mobile app.

Thanks
All

Labels:
0 Helpful
6 Replies 6

Amy2
Level 5
Level 5

‎01-07-2022 08:52 AM

Hi @rsacramento, no it’s currently not possible to Duo for primary authentication. However, you might be interested in our Duo Passwordless solution which is now available in a public preview. At the end of that blog post are a number of videos which explain more. I hope that helps!

0 Helpful

rsacramento
Level 1
Level 1
In response to Amy2

‎01-07-2022 09:06 AM

Thanks for your help.

I gonna take a look on this new solution.

BusterDoney
Level 1
Level 1

‎01-10-2022 08:55 AM

Actually it is possible to use Duo MFA as the primary authentication method. Some conditions apply:

  • You need to use ADFS 2019 as your Identity provider.
  • The application in question needs to be integrated with ADFS for SAML or OpenID.
  • You can require Duo as your primary auth but users are still required to enter their password as their secondary auth; however, there are many options available for Keep Me Signed In, Certificate-based auth in lieu of passwords, tokens, Windows Hello for Business, etc.

Take a look at Protect the Password feature for ADFS to learn more about using MFA as your primary auth method. This isn’t a feature of Duo but rather a feature of the IdP.

0 Helpful

patrick-hk-fung
Level 1
Level 1
In response to BusterDoney

‎03-28-2024 01:09 AM

Hi all,

I have encountered an issue while using DUO as Primary Authentication Method for ADFS.

Meanwhile, I've found this post.

When I use DUO as Primary Authentication in ADFS (i.e. accessing SAML2 integrated Shibboleth SP App with SP-initialized). The below error happen when an invalid user (i.e. User not exist in AD) information is used.

patrickhkfung_0-1711613326326.png

patrickhkfung_1-1711613340872.png

See if anyone encounter this problem also?

Thanks,
Patrick

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to patrick-hk-fung

‎04-02-2024 09:38 AM

Of course AD FS looking up a non-existent user fails when the user doesn't exist in the directory?

Duo, not DUO.
0 Helpful

patrick-hk-fung
Level 1
Level 1
In response to DuoKristina

‎04-03-2024 02:10 AM

Hi Kristina,

Many thanks for your reply. I found it the error is better if using OpenID Correct integrated application

They will not throw the error to the application side and the error message is more meaningful.

patrickhkfung_1-1712135410215.png

 

 

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents