cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4669
Views
0
Helpful
2
Replies

USING MULTIPLE DOMAIN

mumbai.support
Level 1
Level 1

The issue you are facing with the Duo Authentication Proxy and the two domains (abc.com and xyz.com) seems to be related to the user directory configuration. Based on the information provided:

  1. Customer had only one domain (abc.com) configured on Duo and the Authentication Proxy was also configured for only that domain.
  2. Some users from the xyz.com domain were trying to log in, but they were getting an error saying their organization was not allowed to log in. This is because the Duo Authentication Proxy was only configured for the abc.com domain.

To resolve this issue:

  1. We advised the customer to add a new Authentication Proxy server in Duo with the xyz.com domain. This was the right approach, as it would allow users from both domains to authenticate through Duo.
  2. However, Customer mentioned that even after this configuration, some users from the xyz.com domain are still not able to log in, and the Duo dashboard is indicating that there are multiple, duplicate user accounts with invalid credentials. @DuoKristina Need your expertise.
2 Replies 2

DuoKristina
Cisco Employee
Cisco Employee

If this is about a Duo customer please instruct them to contact Duo Support. I'm not in support; don't @ me.

However, it is correct that they will receive the error you mentioned if there are duplicate usernames coming from the two domains. Is this SSO + AD authentication? It is noted in the documentation that email addresses must be unique across all domains and forests:

They should check the users that can't log in to make sure their email is not duplicated between forests. Again, if you don't know how to proceed advise the customer to contact Duo Support.

Duo, not DUO.

DuoKristina
Cisco Employee
Cisco Employee

I'm told that TAC can create a case in CSOne and bond the case to the Duo Support queue.

Duo, not DUO.
Quick Links