Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
This was useful to this day, I wish Duo would write a KB for this specific scenario. Thank you! As a note, you can use 'otherMailbox' which works well. Keep in mind, Duo has a 128 char limit to the attrib field you bind to.
You would need certificate based VPN to completely stop password sprays.
I may put a feature request in to Duo though, it would be great if Trusted Endpoints for SAML validated before authentication, this would be the equivalent to cert based option.
