Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
3
Helpful
9
Replies

Can we do SAAS app like Cisco Cloud ES integrate LDAP using Cisco DUO

mshameed123
Level 1
Level 1

‎03-07-2024 09:26 AM

Hi 

We have Cisco Cloud email security (CES) solution and need to integrate with On Prem LDAP server. We have cisco DUO and want to integrate it with Cisco CES. i can see that DUO can be integrate with Open LDAP and can use as a Auth source for Cisco CES.

 

My query is can we validate the company recipient email addresses from Cisco CES to cisco DUO and DUO will query it with LDAP server ?

 

Labels:
0 Helpful
9 Replies 9

DuoKristina
Cisco Employee
Cisco Employee

‎03-07-2024 02:41 PM

I am not familiar with Cisco CES sign-in, but can tell you that you can set the username attribute for an LDAP authentication through Duo Authentication Proxy to whichever attribute the authenticating application submits as the username. See the description of the username_attribute config option here: https://duo.com/docs/ldap#active-directory

Duo, not DUO.
0 Helpful

mshameed123
Level 1
Level 1
In response to DuoKristina

‎03-07-2024 09:45 PM - edited ‎03-07-2024 10:35 PM

hello Kristina

thanks for your reply and link. So does Duo   validate the email address for Cisco CES, we want to achieve Directory harvest attack mitigation. In normal scenario when we do a direct integration with LDAP, Cisco CES will query to verify the email address and reject the Inbound mail which has a invalid address.  

We are introducing Duo in between CES and LDAP/Azure AD. this is because we want to allow users to SSO to the spam quarantine portal in CES since customer does not want to spend on Azure AD Domain services

0 Helpful

Pulkit Mittal
Spotlight
Spotlight

‎03-07-2024 04:57 PM

I have done CES protection with Duo for many of my customers. Use Single Sign-On for Generic SAML Service Providers | Duo Security.

You will need to normalize username and create group attribute mapping.

If you find this useful, please mark it helpful and accept the solution.

mshameed123
Level 1
Level 1
In response to Pulkit Mittal

‎03-07-2024 09:48 PM

Hi pulkit

thanks for your reply, using username attribute will validate the email address of the user ?

0 Helpful

Pulkit Mittal
Spotlight
Spotlight
In response to mshameed123

‎03-08-2024 04:31 AM

Usename normalisation as email and group attribute mapping will do the job.

0 Helpful

adityaganjoo
Level 1
Level 1
In response to mshameed123

‎03-08-2024 04:46 AM

Hi,

You would need to configure the list of AD attributes that contain the email addresses for your users. The default is to just search the mail AD attribute values for a match.

 

mshameed123
Level 1
Level 1
In response to Pulkit Mittal

‎03-07-2024 10:18 PM

Hi pulkit

One of my customer has multi-tenant , multi domain environment with O365 and want to utilize the SAML auth option for the User to access SPAM quarantine mails.

 

is it possible to integrate Cisco Duo with multi tenant MS O365 ?

0 Helpful

Pulkit Mittal
Spotlight
Spotlight
In response to mshameed123

‎03-08-2024 04:30 AM

Yes, create another generic application in duo for spam quarantine.

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents