Passwordless without Duo SSO?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2022 01:48 PM
Are there any plans to extend the MFA APIs in a way that would make Passwordless auth possible outside of Duo SSO?
(Yes, I know this will require careful integration to ensure security is maintained.)
In my environment, AD auth (and using Duo’s SSO interface) is a non-starter, but I still hope to leverage my existing Duo service for this functionality.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2023 08:47 AM
We are evaluating how to extend Duo Passwordless beyond SSO + AD deployments. No timeline I can offer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2023 01:17 PM
Hopefully this comes soon...
I'm with a MSP and our company as well as numerous of our tenants are wanting to implement passwordless, however this is impossible because most of our clients do not have on-premise AD anymore and use Azure for our idp.
I'm afraid if Duo doesn't figure out a solution soon, we'll be forced to migrate off Duo and start using Azure MFA.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2023 01:57 PM
If you haven't already, please reach out to your Duo MSP team to give them some insights like which applications you and your clients federate with Azure now, if they have rich-clients or apps for access, etc. They can use info like that to bolster the feature request with our product team.
There is also potentially the workaround of setting up Duo SSO to use Azure AD Domain Services as the AD auth source. While not expressly qualified by us I think it might work as long as the secure LDAP bind can auth with SSPI or a known password, and not a certificate.
