we have onboarded ivanti connect secure VPN application on Duo SSO. we found that the users in our active directory without mailbox/email can not login to Duo SSO link. I need your recommendations to fix this issue since we are already in the production with our VPN application.
You have some choices: - Populate the mail attribute with some email address value for the users who don't have one - Change the default bridge attribute mapping used for <Email Address> to something that is already populated for all users, like userPrincipalName (mentioned in step 4 here).
Feel free to contact Duo Support for more help with this. Note that the previous response does not apply to your issue.