Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
204
Views
0
Helpful
2
Replies

Using Internal IPs in the Authorized Networks Policy

jkrogers
Level 1
Level 1

‎06-10-2024 01:51 PM

I was successful in using an internal IP range to grant access based off the Authorized networks policy on an application using RADIUS. However, we are looking at implementing this on an application we want to move to SSO. The documentation says some applications can use internal IPs, but some cant. Does anyone know if the Authorized Networks policy will work correctly with SSO if I use a private IP range?

0 Helpful
2 Replies 2

ccieexpert
Level 1
Level 1

‎06-10-2024 04:55 PM

my experience is no as the SSO from like Azure will always show the public ip of the client... what you have to ask is what is the ip that will be seen by the first SSO based application like example azure -very likely your public ip, then that is what DUO will also see.  I think the cases where it may work are like radius integration where you are integrating with radius and no DUO prompt is required...  

https://duo.com/docs/adfs - also with Duo ADFS where you are doing local AD auth, you can mention in ADFS which networks you dont want to invoke DUO...

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee

‎06-12-2024 02:04 PM

The other responder is correct. We're going to get the external or NATed IP from the client loading the Duo prompt in the browser.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents