Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
203
Views
0
Helpful
1
Replies

Dns TXT record for SSO with LOCAL DNS

Go to solution
mikiNet
Level 1
Level 1

‎06-06-2024 02:38 AM - edited ‎06-06-2024 02:56 AM

Dear Guys,

I have a question because I just preparing configuration for protecting our LAB VPN (this is our lab envirmoment) with Cisco DUO SSO.

One of steps is to configure "Permitted Email Domains" and add TXT RECORD to DNS, but the problem is that our DNS is not EXTERNAL DNS, it is only LOCAL - we don't publish any record in public.

In documentation I found this sentence "adding a DNS TXT record to the email domain's public (external) DNS."

How can I solve this issue ? Any workaround ? 

During authentication to VPN (right now) I using only username without domain like: username@domain.com, we using only username.

One addition question: In Cisco DUO Panel in section Configure Active Directory, field: Domain Controller(s) - it should be public IP or can use local private IP?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
raulgc
Level 1
Level 1

‎06-10-2024 02:26 AM

Hello beejrteek,

For what i know there is no way or workaround about the DNS TXT record. Duo needs to corroborate that you're the owner of the domain that you will use for SSO. If your domain is not public you will need to protect your application with any other method that doesn't use SSO like 2FA without SSO.

Also i know that after knowing that there's no workaround about the DNS TXT you will not really need this but the answer to your second question. You need to put the private IP. The duo proxy that you have deployed should be able to contact it internally for SSO.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
raulgc
Level 1
Level 1

‎06-10-2024 02:26 AM

Hello beejrteek,

For what i know there is no way or workaround about the DNS TXT record. Duo needs to corroborate that you're the owner of the domain that you will use for SSO. If your domain is not public you will need to protect your application with any other method that doesn't use SSO like 2FA without SSO.

Also i know that after knowing that there's no workaround about the DNS TXT you will not really need this but the answer to your second question. You need to put the private IP. The duo proxy that you have deployed should be able to contact it internally for SSO.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents