cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
149
Views
0
Helpful
1
Replies

Dns TXT record for SSO with LOCAL DNS

beejrteek
Level 1
Level 1

Dear Guys,

I have a question because I just preparing configuration for protecting our LAB VPN (this is our lab envirmoment) with Cisco DUO SSO.

One of steps is to configure "Permitted Email Domains" and add TXT RECORD to DNS, but the problem is that our DNS is not EXTERNAL DNS, it is only LOCAL - we don't publish any record in public.

In documentation I found this sentence "adding a DNS TXT record to the email domain's public (external) DNS."

How can I solve this issue ? Any workaround ? 

During authentication to VPN (right now) I using only username without domain like: username@domain.com, we using only username.

One addition question: In Cisco DUO Panel in section Configure Active Directory, field: Domain Controller(s) - it should be public IP or can use local private IP?

1 Accepted Solution

Accepted Solutions

raulgc
Level 1
Level 1

Hello beejrteek,

For what i know there is no way or workaround about the DNS TXT record. Duo needs to corroborate that you're the owner of the domain that you will use for SSO. If your domain is not public you will need to protect your application with any other method that doesn't use SSO like 2FA without SSO.

Also i know that after knowing that there's no workaround about the DNS TXT you will not really need this but the answer to your second question. You need to put the private IP. The duo proxy that you have deployed should be able to contact it internally for SSO.

View solution in original post

1 Reply 1

raulgc
Level 1
Level 1

Hello beejrteek,

For what i know there is no way or workaround about the DNS TXT record. Duo needs to corroborate that you're the owner of the domain that you will use for SSO. If your domain is not public you will need to protect your application with any other method that doesn't use SSO like 2FA without SSO.

Also i know that after knowing that there's no workaround about the DNS TXT you will not really need this but the answer to your second question. You need to put the private IP. The duo proxy that you have deployed should be able to contact it internally for SSO.

Quick Links