Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
1
Helpful
2
Replies

Desktop Authentication compatible with RAS VPN / Authentication Proxy?

Go to solution
layer9de
Level 1
Level 1

‎01-10-2025 04:11 AM - edited ‎01-10-2025 04:35 AM

Dear all,

we are using Cisco Duo as MFA solution for Microsoft RAS VPN with Duo Authentication Proxy. We are now looking into Duo Desktop Authentication as additional authentication method:

https://duo.com/blog/introducing-duo-desktop-authentication

The documentation however states the following as requirement:

- Supported Duo applications which feature the Duo Universal Promp

The Microsoft RAS VPN / Duo Authentication Proxy however do not support the Universal Prompt nor any other Prompt at all. Does anyone know whether Duo Desktop authentication can be used as authentication method in this case?

Thanks
Michael

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎01-10-2025 12:28 PM - edited ‎01-10-2025 12:34 PM

No, Duo Desktop Authentication, which requires Duo Universal Prompt, cannot be used with RAS VPN configurations that do not show the Duo Universal Prompt.

ETA: for most remote access/VPN solutions we'd suggest using Duo SSO for SAML authentication. When a VPN is federated with Duo SSO then VPN logins go through the Duo Universal Prompt and Duo Desktop authentication is an option.

It is my recollection that Microsoft RRAS authentication support is limited and does not offer SAML as an option, so this may not be possible for you.

Duo, not DUO.

View solution in original post

2 Replies 2

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎01-10-2025 12:28 PM - edited ‎01-10-2025 12:34 PM

No, Duo Desktop Authentication, which requires Duo Universal Prompt, cannot be used with RAS VPN configurations that do not show the Duo Universal Prompt.

ETA: for most remote access/VPN solutions we'd suggest using Duo SSO for SAML authentication. When a VPN is federated with Duo SSO then VPN logins go through the Duo Universal Prompt and Duo Desktop authentication is an option.

It is my recollection that Microsoft RRAS authentication support is limited and does not offer SAML as an option, so this may not be possible for you.

Duo, not DUO.

Go to solution
layer9de
Level 1
Level 1
In response to DuoKristina

‎01-13-2025 04:20 AM

Thank you Kristina, I actually thought that with manual enrollment for Duo Desktop it was possible to register Duo Desktop as additonal authentication method. Since it is not possible for applications without the Duo Universal Prompt we're sticking with Duo Mobile for VPN/RAS authentications then.

Best Regards
Michael

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents