Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duo/MFA integration without external services like adfs. #145

Open
CodeNameTheOnlyOne opened this issue Feb 24, 2022 · 3 comments
Open

Duo/MFA integration without external services like adfs. #145

CodeNameTheOnlyOne opened this issue Feb 24, 2022 · 3 comments
Assignees
@ryannewington
Labels
enhancement New feature or request pinned

Comments

@CodeNameTheOnlyOne
Copy link

a simple method of combining the built in windows authentication with either a google authenticator code/ or some other service like duo to provide a simple mfa for new insurance requirements.
i know i can do this with adfs but i have some customers that only have one server and running domain controller/lithnet/adfs all on the same server does not seem feasible, as iis/ams would both want 80/443 and adfs does not seem to like running on a dc.

a method of combining windows auth + some mfa all inside of ams would be great, i would be willing to pay for enterprise for this.

it could be as simple as sending an email with a code, that i could email to a cell phone, or a otp code.

if there is a method of doing this currently that would be great, just let me know if i missed something.
@CodeNameTheOnlyOne CodeNameTheOnlyOne added the enhancement New feature or request label Feb 24, 2022
@ryannewington ryannewington self-assigned this Mar 26, 2022
@ryannewington
Copy link
Member

@CodeNameTheOnlyOne

We don't have this capability to do, this currently (and it's not terribly easy to add unfortunately), but we will consider this for our backlog for a future release. I appreciate the detail provided to articulate the case for this. It is well understood.

For what its worth, there shouldn't be any issue running ADFS and AMS on the same server, as you can tie AMS to a specific host name to listen on, so it shouldn't conflict. You'd have to run this in a VM though if you only had a single server which was the DC, so I agree this is not ideal.

The only other option I could suggest is using Yubikey devices as smart cards. This would require a PKI server, but I believe this can be deployed along side the DC role.

@austinthomsen
Copy link

Throwing my 2 cents in here. I think when people ask for Duo support they'd probably accept RADIUS or LDAP support. I can't speak for others, but we point a ton of IT infrastructure at our Duo Auth Proxy server for MFA. To the application it just looks like RADIUS or LDAP, but we get the protection of Duo MFA.

@c3rberus
Copy link

c3rberus commented Aug 25, 2023
edited
Loading

Support for Duo MFA would be great, or RADIUS where Duo Proxy could be used.

As a workaround for now, we have Azure AD P2 and Duo for admins, so we are able to setup Azure AD Conditional Access that calls out to Duo using custom control. Not great in that it has a dependency on Azure AD CA, but it works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryannewington ryannewington

Labels
enhancement New feature or request pinned
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@CodeNameTheOnlyOne @c3rberus @ryannewington @austinthomsen