06-26-2018 08:19 AM
Currently trying to set up Duo for Office365 using the following:
However, I have a few questions before moving forward. We currently have a server that has Office 365 enabled SSO, so I’m not quite doing this from scratch. In the instructions, when configuring the Azure AD Connect User Sign-In, it states to select ‘Do not configure’ for the Sign On method. Currently, my configuration has ‘Password Hash Synchronization’ & ‘Enable single sign-on’ selected. Can I leave it like this or will I need to reconfigure the Azure AD Connect settings to follow the instructions? Any help will be appreciated.
06-27-2018 08:15 AM
Went along wi/ my current configuration & everything ended up working. When users log in to Office 365, they are now get the Duo prompt requesting a push now. However, my next question, for anyone that could help, is currently the Duo prompt gets applied to all the users in the AD. How would I configure it so that only users that are part of a certain container/dept only get prompted wi/ Duo? If I can get this, I’ll pretty much be set.
06-28-2018 09:03 AM
One way to accomplish this would be:
Net result: members of the groups attached to the group policy must use Duo, and anyone not in those groups bypass 2FA.
06-28-2018 10:19 AM
Apologies, but I have another question that i forgot to ask previously. In the ‘Search Base’ field in DAG, I’m confused in what I’m supposed to put right there. Do I put that’ll search all users (so something like OU=All Users,DC=my,DC=domain) or do I put the only the OU that includes the users that should be getting a Duo prompt (OU=Duo users,DC=my,DC=domain)?
07-06-2018 06:51 AM
It needs to be set to a level in your domain hierarchy that covers all users who will log in with SSO via the DAG.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide