Cisco Duo + WSA (secure web appliance) Dashboard login with LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2025 11:42 AM
Team,
Has anyone tried or successfully implemented DUO MFA protection for the Cisco WSA dashboard login using LDAP?
Since there is no native integration between DUO and WSA, and no official documentation is available, I attempted to use the generic LDAP Proxy application from DUO. I configured the AuthProxy as an LDAP server in WSA, but unfortunately, authentication is not working — it keeps showing "invalid credentials."
Interestingly, when we added the AuthProxy in WSA and tested connectivity and queries using the test option, it was successful. However, actual dashboard login attempts are failing.
Any expert suggestions or insights would be greatly appreciated.
Regards,
Ramesh

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2025 12:04 PM
These Duo KB articles might help you troubleshoot:
https://help.duo.com/s/article/1126
https://help.duo.com/s/article/2953
For LDAP setups in particular: The Duo proxy's default assumption is that the authenticating device/application will connect, bind as the service account and do the lookup, then bind as the end-user in the same connection.
Some devices/applications will open a new connection for every bind, which needs a config adjustment in authproxy.cfg. If you see that happening in your authproxy.log, take a look at https://help.duo.com/s/article/4989.
