09-28-2021 09:23 PM
just wanted to setup DUO MFA for ASA VPN users. Users are AD users.
How can DUO know to which mobile number MFA request should be send when a user logs in.
How is DUO relating a phone number/phone to an AD user.
Solved! Go to Solution.
10-07-2021 10:48 PM
Guys, I got this working finally. Once the AnyConnect users enters IP/FQDN in AnyConnect and click connect, they’ll be redirected to a Duo login webpage. Here you’ll have to login using the mail/email address of the AD user and AD password.
Once logged in you’ll be treated with options for DUO push and SMS. Based on your choice MFA will be requested on your phone.
I couldn’t find any straightforward docs for this. I followed the below links;
1.
Do the setup untill time 11:00 from this video -
**they are using salesforce here, I used ASA.
2.
Once above setup is done, follow the below video.
09-29-2021 06:28 AM
Please read this whole page: Duo Administration - Enroll Users | Duo Security and come back if you have more questions.
09-30-2021 10:35 PM
Thank you, I successfully got the user enrolled. Users are getting Duo mobile notification in their phones.
How can i force to send SMS instead of Duo App notification for few users.
10-01-2021 04:47 AM
If your users see a second password field, they would type sms
into it. If they see a single password field and receive an automatic push, they would append ,sms
to their password. See this guide: Auto Mode - Guide to Two-Factor Authentication · Duo Security
10-01-2021 06:16 AM
Thank you, I was looking an option for users without smart phones. They dont have Duo Mobile app in the phone. How can DUO send SMS only for those users.
10-01-2021 06:17 AM
Like I said, they have to specify the sms
factor when they log in.
Are you using AnyConnect? Did you read this? Logging In With the Cisco AnyConnect Client - Guide to Two-Factor Authentication · Duo Security
10-06-2021 01:34 AM
Users are logging in from normal anyconnect, they wont get any option to select the MFA method.
Req is,
10-06-2021 06:25 AM
I’m sorry, I don’t understand what help you are looking for at this point. As I said, in order to receive an SMS message with a Duo passcode, the user needs to specify sms
as the Duo factor to use.
This is our user guide to logging in with AnyConnect and Duo.
If your setup matches the “Single Password with Automatic Push” experience, then the user needs to append ,sms
to their password as described in that guide. The login fails but the user receives the passcode via text. The user logs in again, this time appending ,thepasscodetheygotviatext
to their password.
If your setup matches the “Second Password for Factor Selection” experience, then
the user types in sms
for the second password. The login fails but the user receives the passcode via text. The user logs in again this time, this time using the password they got via text as the second password.
If you aren’t able to figure out which experience you have, or need 1:1 troubleshooting assistance, I suggest you contact Duo Support.
10-06-2021 08:41 AM
Thank you. I was looking on the configuration side.
What config to be done in DUO and in ASA for this.
10-06-2021 09:20 AM
Every one of the solutions on this page includes support for SMS passcode users:
10-07-2021 10:48 PM
Guys, I got this working finally. Once the AnyConnect users enters IP/FQDN in AnyConnect and click connect, they’ll be redirected to a Duo login webpage. Here you’ll have to login using the mail/email address of the AD user and AD password.
Once logged in you’ll be treated with options for DUO push and SMS. Based on your choice MFA will be requested on your phone.
I couldn’t find any straightforward docs for this. I followed the below links;
1.
Do the setup untill time 11:00 from this video -
**they are using salesforce here, I used ASA.
2.
Once above setup is done, follow the below video.
10-08-2021 11:20 AM
This solution is documented here: Duo Single Sign-On for Cisco ASA with AnyConnect | Duo Security
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide