11-20-2021 07:01 AM
Hey guys,
I have implemented Duo for Vpn users, but I am facing some difficulty.
I have 2 groups in my AD and 1 group is for Vpn users and other is not, So while making the Duo Auth proxy we do give AD’s IP address but I wanted to know if there is some way to specify in Duo Auth Proxy to use only specified group for authentication.
After implementation Duo non Vpn user group were able to use Vpn for some reason and I want to limit that, I only want to give speific group detail to auth proxy, is it possible?
11-22-2021 05:30 AM
Hello,
You may decide in your sync to restrict the groups you want to import in Duo.
And depending the application type you use, you should be able to restrict it to groups.
HTH,
Antony
11-23-2021 03:18 PM
If you want to permit only members of a specified group to authenticate you could use the ad_client security_group_dn
or ldap_filter
options to restrict to that group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide