Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

Verified Duo Push and RD Web/Gateway

Go to solution
robnicholson
Level 1
Level 1

‎06-21-2023 03:34 AM

As recommended, I’ve just turned on Verified Duo Push:

2X_b_b6212776ae1a313d60597285908ff5713ba040c9.png

But as I turned it on, I spotted the caveat that it needs Universal Prompt activated:

2X_b_ba8fe87d517fc0f0668ee082bad1404d34e8cf73.png

AFAIK, RD Web is waiting on Duo and RD Gateway has no information about universal prompt. Does this mean that RD Gateway pushes are never going to support Verified (PIN) Duo Pushes?

2X_2_2cba03ebba97c12b9ea2f8d5dc15ed11601d197f.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-21-2023 01:35 PM

The issue with RD Gateway is that by Microsoft’s design there is no UI presented to the end user at all after the RDP client cred submission (which is why that integration today only supports automatic Duo methods like push or phone call). This also means no obvious way to present a UI with the verified push code.

We are doing some research into what’s possible so feel free to contact your Duo account exec or Duo Care manager if you have one to get added to the feature request for verified Duo Push and RD Gateway. If you don’t have one of those contacts, you can reach out to Duo Support.

Another option is to deploy Duo Network Gateway (DNG) to protect external-to-internal RDP connections. DNG does show the full Universal Prompt via the DuoConnect client today.

Duo, not DUO.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-21-2023 01:35 PM

The issue with RD Gateway is that by Microsoft’s design there is no UI presented to the end user at all after the RDP client cred submission (which is why that integration today only supports automatic Duo methods like push or phone call). This also means no obvious way to present a UI with the verified push code.

We are doing some research into what’s possible so feel free to contact your Duo account exec or Duo Care manager if you have one to get added to the feature request for verified Duo Push and RD Gateway. If you don’t have one of those contacts, you can reach out to Duo Support.

Another option is to deploy Duo Network Gateway (DNG) to protect external-to-internal RDP connections. DNG does show the full Universal Prompt via the DuoConnect client today.

Duo, not DUO.
0 Helpful

Go to solution
robnicholson
Level 1
Level 1

‎06-22-2023 02:10 AM

Doh of course, I actually knew that! Engage brain That’s why I have to stress during training that there is no hint/prompt on screen that RDS/RDP is waiting for you to accept the push. It’s not too bad if you’re using Windows Phone Link to get phone notifications on your PC as that does work.

Anyone know if there is anything on the Microsoft roadmap for allowing customisation of the RDP logon process?

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents