skip to content
 
 
 Pricing  Get Quote
 
 
 

ADSelfService Plus MFA with Duo Security

Organizations are facing a growing number of cyberattacks on a daily basis, making it essential to prioritize securing users' accounts. Implementing strong passwords, combined with 2FA or MFA methods, adds an extra layer of security to the traditional username- and password-based authentication.

What is Duo Security?

Duo Security is a cloud-based MFA vendor. It provides a set of authentication methods that can be used to secure logins to web applications, VPNs, and other cloud services. Duo's authentication methods include verifying users' identities with the help of something they know (a username, password, or OTP), something they possess (a device or security token), and something they are (biometrics). The possession factor includes sending OTPs or calling users' devices, like smartphones, PCs, or landlines.

Duo Security authentication with ADSelfService Plus

As an administrator, you can configure Duo Security as one of the MFA authenticators for users in your Active Directory domain to secure:

  • Machine logins for Windows, macOS, and Linux systems.
  • RDP logins.
  • Enterprise application logins through SSO.
  • Outlook on the web logins.
Configuring Duo Security in ADSelfService Plus
Figure 1: Configuring Duo Security in ADSelfService Plus.

With ADSelfService Plus, you can either make Duo Security a mandatory MFA authenticator for users or allow them to bypass it and choose an alternative from the other authentication methods available. You can also enable Duo Security login for users belonging to specific domains, OUs, and groups.

Once enabled, users must enroll with Duo Security for the authenticator to be enforced during MFA. Duo provides its list of authentication methods from which users can choose a convenient method to verify their identities. The modes of authentication that Duo Security offers are:

  • A passcode sent via push notification to the Duo mobile app.
  • A passcode sent via SMS.
  • A call placed to any landline or mobile phone.
  • Security keys such as YubiKey or Feitian.
  • Apple Touch ID.
Enrolling in Duo Web SDK 4 authentication using ADSelfService Plus.
Figure 2: Enrolling in Duo Web SDK 4 authentication using ADSelfService Plus.
Enrolling in Duo Web SDK 2 authentication using ADSelfService Plus.
Figure 3: Enrolling in Duo Web SDK 2 authentication using ADSelfService Plus.

Upon successful enrollment, users will be able to authenticate themselves with the respective Duo Security authenticator and complete the required MFA process.

Significance of using Duo Security with ADSelfService Plus

ADSelfService Plus is an identity security solution that offers self-service password management, enterprise SSO, and adaptive MFA, amongst other features. Duo, on the other hand, offers MFA techniques to secure user access to resources. If your organization is Active-Directory-based and already has Duo's MFA techniques deployed, then read on to learn how ADSelfService Plus would benefit you.

ADSelfService Plus supports Duo Security as one of its authenticators. On switching to ADSelfService Plus, you not only get to continue using Duo's MFA methods and retain your users' MFA data, but you can also benefit from the other features that ADSelfService Plus offers. For instance, you can securely empower your users with self-service activities like password reset or change, account unlock, and directory updates. On doing so, you will undoubtedly witness a drastic reduction in the number of help desk tickets and the associated costs.

ADSelfService Plus provides adaptive MFA with support for 19 other authentication methods besides Duo Security, including YubiKey and FIDO2 passkeys. It offers MFA for endpoints, cloud and on-premises applications, VPNs, and Outlook on the web. In simpler terms, ADSelfService Plus makes effective use of Duo's authenticators and helps you reap added functional and cost benefits.

Benefits of using Duo Security in ADSelfService Plus

  • Protection against hacks

    The default authentication technique of using only a password is gradually becoming obsolete due to advanced data breach techniques. MFA combats such attacks and protects your organization against breaches.

  • Simple configuration

    Configuring Duo Security as an authentication factor in ADSelfService Plus for MFA can be done quickly with minimal steps.

  • Real-time audits

    ADSelfService Plus tracks all user actions during identity verification with MFA, generating reports that include information like access time, device utilized, and the outcome of the action.

  • Assured security

    Administrators have the option to activate either one or all of the authentication methods for users during MFA to enhance security.

Leverage Duo Security to secure user identities using ADSelfService Plus

Get your free trial

Highlights

Password self-service  

Free Active Directory users from attending lengthy help desk calls by allowing them to perform self-service actions like password resets or account unlocks.

One identity with single sign-on  

Provide seamless one-click access to a range of cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials.

Password and account expiry notification  

Notify Active Directory users of their impending password and account expiry via email and SMS notifications.

Password synchronization  

Synchronize Windows Active Directory user password and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.

Password Policy Enforcer  

Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements to resist various hacking threats.

Directory self-update     and corporate search  

Enable Active Directory users to update their latest information without assistance. The quick search feature helps admins scout for information on peers using search keys like contact numbers.

FAQs

Duo Security is a cybersecurity platform that offers features like MFA and endpoint security to protect users, applications, and data from unauthorized access and breaches.

To log in to Duo, enter your username and password for the associated system. Duo will then prompt you for a second verification step, such as approving a notification on the Duo app, entering a code, or answering a phone call. Once the second factor is verified, you’ll be granted access to your account.

Duo Security MFA is a two-step verification process requiring users to authenticate with something they know (password) and something they have (mobile device, token, or other method) to ensure secure access to systems.

Yes, Duo is secure as it uses encryption, device verification, and other advanced security measures to prevent unauthorized access and safeguard against phishing, brute-force attacks, and other threats.

No, Duo is not a VPN. However, it can be integrated with VPNs to add an additional layer of security by requiring MFA before users can establish a VPN connection.

To set up Duo MFA, download the Duo app on your smartphone, enroll in your organization’s Duo account by scanning a QR code or entering setup information, and link your account for secure authentication.

ADSelfService Plus trusted by