mfa for third party apps rely on AD account

dianawinsky · ‎03-21-2025

If I enroll or integrate my Azure AD with Cisco Duo for MFA, will third-party apps that rely on the Azure AD account also have MFA from Duo, since Office works with MFA?

Nikolai Catey · ‎03-21-2025

Only if you connect that Specific application with the Microsoft Azure AD Single Sign On page information. but also are you talking about Microsoft AD integration as well?

Regards - NC

dianawinsky · ‎03-21-2025

For example, I've already integrated Azure AD with Duo, and MFA is working when logging into office. However, for third-party apps that rely on the Azure AD account (e.g., Discord, which is integrated with Azure AD), will Duo MFA also work there? Or do I need to configure those apps separately using SSO in Duo?

DuoKristina · ‎03-21-2025

There are multiple ways to protect Entra ID accounts with Duo. The answer to your question depends on the configuration used.

- Duo SSO (SAML): for any application, when a federated user enters their username which is in the Duo SSO federated domain Entra ID will redirect them to the external IdP (Duo) to sign in.

- Duo CA custom control and Duo EAM: You can selectively choose which applications to target in the conditional access policy that has the Duo custom control or EAM method.

Duo, not DUO.

dianawinsky · ‎05-12-2025

Hi Kristina,

The configuration we used is Duo EAM. However, upon testing, the third paarty applications integrated with Entra ID accounts, there's no Duo MFA prompted.