Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
1
Helpful
1
Replies

Migrating Access Gateway to Azure AD Conditional Access with Duo MFA

Go to solution
CharlesTennent
Level 1
Level 1

‎08-15-2023 07:53 PM - edited ‎08-15-2023 07:59 PM

We use Duo Access Gateway with on-prim AD for authentication with Microsoft 365.  We want to switch to using Azure AD Conditional Access with Duo MFA.  I followed the instructions for setting up Conditional Access here: https://duo.com/docs/azure-ca  

Sets followed

  1. Create the Duo Azure CA Application
  2. Created the Duo MFA Custom Control
  3. I created a policy that filters to a test user and targets all cloud apps, and under Access Controls, I assigned the custom control.

 However, when I go to https://login.microsoftonline.com/ and attempt to sign in it redirects me to the Duo Access Gateway instead of using Microsoft login. 

Running what-if confirms it picks up the expected Conditional Access Policy.

Does anyone have a suggestion on how to correct it?

 

 

 

 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎08-16-2023 06:09 AM

As long as your Azure custom domain is federated a sign in with a federated user will redirect to the federated IdP.

You could test the conditional access policy with an Azure cloud-only user and then when you are ready to make the switch revert your federated domain back to "managed".

How do I defederate Office 365 from Duo SSO, Duo for AD FS, or Duo Access Gateway? 

https://learn.microsoft.com/en-us/powershell/module/msonline/set-msoldomainauthentication?view=azureadps-1.0

If you want to know the detailed effects of converting a federated domain back to managed please contact Microsoft support.

Duo, not DUO.

View solution in original post

1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎08-16-2023 06:09 AM

As long as your Azure custom domain is federated a sign in with a federated user will redirect to the federated IdP.

You could test the conditional access policy with an Azure cloud-only user and then when you are ready to make the switch revert your federated domain back to "managed".

How do I defederate Office 365 from Duo SSO, Duo for AD FS, or Duo Access Gateway? 

https://learn.microsoft.com/en-us/powershell/module/msonline/set-msoldomainauthentication?view=azureadps-1.0

If you want to know the detailed effects of converting a federated domain back to managed please contact Microsoft support.

Duo, not DUO.
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents