- Free Edition
- Quick Links
- Multi-factor authentication
- Adaptive MFA
- Active Directory MFA
- Conditional access
- Passwordless authentication
- Endpoint MFA
- MFA for remote and local Windows logons
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for VPN logons
- MFA for OWA logons
- Offline MFA
- MFA for UAC
- Device-based MFA
- MFA for cloud apps
- MFA for Microsoft 365 users
- Phishing-resistant MFA
- Password management
- Password management and security
- Self-service password reset
- Self-service account unlock
- Web-based domain password change
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
ADSelfService Plus MFA with Duo Security
Organizations are facing a growing number of cyberattacks on a daily basis, making it essential to prioritize securing users' accounts. Implementing strong passwords, combined with 2FA or MFA methods, adds an extra layer of security to the traditional username- and password-based authentication.
What is Duo Security?
Duo Security is a cloud-based MFA vendor. It provides a set of authentication methods that can be used to secure logins to web applications, VPNs, and other cloud services. Duo's authentication methods include verifying users' identities with the help of something they know (a username, password, or OTP), something they possess (a device or security token), and something they are (biometrics). The possession factor includes sending OTPs or calling users' devices, like smartphones, PCs, or landlines.
Duo Security authentication with ADSelfService Plus
As an administrator, you can configure Duo Security as one of the MFA authenticators for users in your Active Directory domain to secure:
- Machine logins for Windows, macOS, and Linux systems.
- RDP logins.
- Enterprise application logins through SSO.
- Outlook on the web logins.
![Configuring Duo Security in ADSelfService Plus](/products/self-service-password/images/configuring-duo-security-in-adselfservice-plus.png)
With ADSelfService Plus, you can either make Duo Security a mandatory MFA authenticator for users or allow them to bypass it and choose an alternative from the other authentication methods available. You can also enable Duo Security login for users belonging to specific domains, OUs, and groups.
Once enabled, users must enroll with Duo Security for the authenticator to be enforced during MFA. Duo provides its list of authentication methods from which users can choose a convenient method to verify their identities. The modes of authentication that Duo Security offers are:
- A passcode sent via push notification to the Duo mobile app.
- A passcode sent via SMS.
- A call placed to any landline or mobile phone.
- Security keys such as YubiKey or Feitian.
- Apple Touch ID.
![Enrolling in Duo Web SDK 4 authentication using ADSelfService Plus.](/products/self-service-password/images/enrolling-in-duo-web-sdk-4-authentication-using-adselfservice-plus.png)
![Enrolling in Duo Web SDK 2 authentication using ADSelfService Plus.](/products/self-service-password/images/enrolling-in-duo-web-sdk-2-authentication-using-adselfservice-plus.png)
Upon successful enrollment, users will be able to authenticate themselves with the respective Duo Security authenticator and complete the required MFA process.
Significance of using Duo Security with ADSelfService Plus
ADSelfService Plus is an identity security solution that offers self-service password management, enterprise SSO, and adaptive MFA, amongst other features. Duo, on the other hand, offers MFA techniques to secure user access to resources. If your organization is Active-Directory-based and already has Duo's MFA techniques deployed, then read on to learn how ADSelfService Plus would benefit you.
ADSelfService Plus supports Duo Security as one of its authenticators. On switching to ADSelfService Plus, you not only get to continue using Duo's MFA methods and retain your users' MFA data, but you can also benefit from the other features that ADSelfService Plus offers. For instance, you can securely empower your users with self-service activities like password reset or change, account unlock, and directory updates. On doing so, you will undoubtedly witness a drastic reduction in the number of help desk tickets and the associated costs.
ADSelfService Plus provides adaptive MFA with support for 19 other authentication methods besides Duo Security, including YubiKey and FIDO2 passkeys. It offers MFA for endpoints, cloud and on-premises applications, VPNs, and Outlook on the web. In simpler terms, ADSelfService Plus makes effective use of Duo's authenticators and helps you reap added functional and cost benefits.
Benefits of using Duo Security in ADSelfService Plus
-
Protection against hacks
The default authentication technique of using only a password is gradually becoming obsolete due to advanced data breach techniques. MFA combats such attacks and protects your organization against breaches.
-
Simple configuration
Configuring Duo Security as an authentication factor in ADSelfService Plus for MFA can be done quickly with minimal steps.
-
Real-time audits
ADSelfService Plus tracks all user actions during identity verification with MFA, generating reports that include information like access time, device utilized, and the outcome of the action.
-
Assured security
Administrators have the option to activate either one or all of the authentication methods for users during MFA to enhance security.
Highlights
Password self-service
Free Active Directory users from attending lengthy help desk calls by allowing them to perform self-service actions like password resets or account unlocks.
One identity with single sign-on
Provide seamless one-click access to a range of cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials.
Password and account expiry notification
Notify Active Directory users of their impending password and account expiry via email and SMS notifications.
Password synchronization
Synchronize Windows Active Directory user password and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Password Policy Enforcer
Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements to resist various hacking threats.
Directory self-update and corporate search
Enable Active Directory users to update their latest information without assistance. The quick search feature helps admins scout for information on peers using search keys like contact numbers.
FAQs
Duo Security is a cybersecurity platform that offers features like MFA and endpoint security to protect users, applications, and data from unauthorized access and breaches.
To log in to Duo, enter your username and password for the associated system. Duo will then prompt you for a second verification step, such as approving a notification on the Duo app, entering a code, or answering a phone call. Once the second factor is verified, you’ll be granted access to your account.
Duo Security MFA is a two-step verification process requiring users to authenticate with something they know (password) and something they have (mobile device, token, or other method) to ensure secure access to systems.
Yes, Duo is secure as it uses encryption, device verification, and other advanced security measures to prevent unauthorized access and safeguard against phishing, brute-force attacks, and other threats.
No, Duo is not a VPN. However, it can be integrated with VPNs to add an additional layer of security by requiring MFA before users can establish a VPN connection.
To set up Duo MFA, download the Duo app on your smartphone, enroll in your organization’s Duo account by scanning a QR code or entering setup information, and link your account for secure authentication.