06-08-2022 02:57 PM
Hello,
Just thought I would reach out to the community on this one. Couple of us are trying to come up with a MFA solution for a group of users that are going to be access a cloud based SaaS.
The users are preferred not to have any personal cell phones on them so we were thinking of just created AD account with or without email, haven’t decided yet.
1st option:
would be assign them hard tokens but if they don’t have email it could be problematic having them enroll in Duo.
2nd option would be that they could share a company phone interchanging it between shifts. I did test this on Duo with a test account and it is possible to have 2 accounts on 1 number.
Again, just though I would reach out to the community and see what they thought.
Solved! Go to Solution.
06-15-2022 11:12 AM
Hi @Gigawatt, great question! I was hoping another admin from the community would weigh in on this, but since you haven’t gotten a reply yet, I’ll share my thoughts. I think hardware tokens or Yubikeys would be the best option here.
I’m concerned if you have a shared company phone, the risk of it being lost or misplaced might be higher than if it were a personal device. What if someone forgets to hand it off during a shift change? If you go that route, I’d definitely recommend setting a screen lock policy that requires the device to have a PIN or password to protect the device.
There is also a limit of 100 users to a phone, so if you have more than 100 users, you will need more than one company device.
06-15-2022 11:12 AM
Hi @Gigawatt, great question! I was hoping another admin from the community would weigh in on this, but since you haven’t gotten a reply yet, I’ll share my thoughts. I think hardware tokens or Yubikeys would be the best option here.
I’m concerned if you have a shared company phone, the risk of it being lost or misplaced might be higher than if it were a personal device. What if someone forgets to hand it off during a shift change? If you go that route, I’d definitely recommend setting a screen lock policy that requires the device to have a PIN or password to protect the device.
There is also a limit of 100 users to a phone, so if you have more than 100 users, you will need more than one company device.
06-20-2022 06:28 AM
Thanks for this reply @Amy , and I apologize for the late response just got back from a week of much needed vacation. I will pass this info to my counterpart and manager. The DUO community is great!
06-21-2022 06:59 AM
Thanks! I hope you enjoyed your vacation, and I’m so glad to hear you got to take that needed time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide