Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
1
Helpful
3
Replies

MFA twice to MFA once per laptop location

pdz
Level 1
Level 1

‎05-06-2024 06:50 AM

Morning All:

I am deploying laptops with MFA to log into the laptop as a security protection.  I want to remove the current need to MFA into the Remote Server.  Primarily this causes frustration on the part of the end user.  I am unable to locate a setting or work arouns.

0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎05-08-2024 11:10 AM

Some ideas:

1. Uninstall Duo MFA from the remote server (I don't really recommend this but just putting it out there).
2. Apply a Duo policy to the server RDP integration that sets new user policy to deny unenrolled and the authentication policy to bypass MFA - so only users who exist in Duo can log into the server - but there is no dependency on them having actually completed MFA at a laptop.
3. Apply a Duo policy to the server RDP integration that sets an authorized networks policy so that if the MFA's laptops connect to some specific network they can bypass MFA at the server.

Duo policy info 

You may have read about Duo Passport, which can use information from an initial Windows OS login using Duo to SSO into SSO and web apps that show the browser-based Duo MFA prompt. That doesn't apply here. We don't yet have any options for detecting MFA completed on a system with Duo for Windows Logon installed and passing that info on to bypass MFA into a subsequent access of a different Windows system that also has Duo for Windows Logon installed.

Duo, not DUO.

pdz
Level 1
Level 1
In response to DuoKristina

‎05-08-2024 11:15 AM

Thank you for the information.

I beta 2 and 3 with groups to see what reactions I receive.

I will review the Passport and again beta that as well.

Thank you for your time.

 

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee

‎05-08-2024 11:22 AM

OK, just noting again Duo Passport will NOT solve this for you because it doesn't pass Windows OS login MFA on to Windows Logon on a different machine.

But, if you also protect browser-based apps like Office 365, etc with Duo, Passport will make signing into those apps easier for your users.

https://duo.com/docs/passport

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents