01-10-2025 04:11 AM - edited 01-10-2025 04:35 AM
Dear all,
we are using Cisco Duo as MFA solution for Microsoft RAS VPN with Duo Authentication Proxy. We are now looking into Duo Desktop Authentication as additional authentication method:
https://duo.com/blog/introducing-duo-desktop-authentication
The documentation however states the following as requirement:
- Supported Duo applications which feature the Duo Universal Promp
The Microsoft RAS VPN / Duo Authentication Proxy however do not support the Universal Prompt nor any other Prompt at all. Does anyone know whether Duo Desktop authentication can be used as authentication method in this case?
Thanks
Michael
Solved! Go to Solution.
01-10-2025 12:28 PM - edited 01-10-2025 12:34 PM
No, Duo Desktop Authentication, which requires Duo Universal Prompt, cannot be used with RAS VPN configurations that do not show the Duo Universal Prompt.
ETA: for most remote access/VPN solutions we'd suggest using Duo SSO for SAML authentication. When a VPN is federated with Duo SSO then VPN logins go through the Duo Universal Prompt and Duo Desktop authentication is an option.
It is my recollection that Microsoft RRAS authentication support is limited and does not offer SAML as an option, so this may not be possible for you.
01-10-2025 12:28 PM - edited 01-10-2025 12:34 PM
No, Duo Desktop Authentication, which requires Duo Universal Prompt, cannot be used with RAS VPN configurations that do not show the Duo Universal Prompt.
ETA: for most remote access/VPN solutions we'd suggest using Duo SSO for SAML authentication. When a VPN is federated with Duo SSO then VPN logins go through the Duo Universal Prompt and Duo Desktop authentication is an option.
It is my recollection that Microsoft RRAS authentication support is limited and does not offer SAML as an option, so this may not be possible for you.
01-13-2025 04:20 AM
Thank you Kristina, I actually thought that with manual enrollment for Duo Desktop it was possible to register Duo Desktop as additonal authentication method. Since it is not possible for applications without the Duo Universal Prompt we're sticking with Duo Mobile for VPN/RAS authentications then.
Best Regards
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide