Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
0
Helpful
1
Replies

Duo SSO for AWS and CLI needs a browser?

RubenCardenal
Level 1
Level 1

‎12-04-2023 12:51 AM

Hello,

I'm reviewing the KB article at https://duo.com/docs/sso-aws-cli

Seems to imply that to proceed with SSO a browse window will be opened in order to authenticate the SSO login. 

The problem with this is that absolutely won't work with consoly-only based login attempts.

Is there any alternative? I know for sure that this can be done, I just don't know if Duo supports it.

Use cases:

  • Executing a script/command that prompts for the 2FA number, being that provided by the Duo app. Yes, we already have this, but I want it linked to the IdP Duo is tied to (Google Apps) so when we delete or block an user in Google, that user will stop being able to authenticate via CLI.
  • Optionally, requiring a fingerprint in the mobile device or an auth prompt sent by push to the mobile device

Does Duo support this? I know this can be done. but I want to know if it can be done with Duo or not.

Currently we're on an Essentials plan with 175 users. And I need to know if Duo is the right path for us.

Thanks.

0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎12-05-2023 01:50 PM

Today all Duo SSO SAML logins require passive web authentication within a browser window.

You may stumble across solutions like this, which try to scrape the web page for a console-only login with MFA. This approach is not supported by Duo (as noted here) and not guaranteed to work.

Some people add Duo to AWS directory via RADIUS (quick start), which can work for true console-only access.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents