Add support for Duosecurity 2 factor tech login

Avatar
  • updated
  • Completed

I would like to see support for
Duosecurity 2 factor tech login
www.duosecurity.com
they offer push support . it would be nice to see this on screenconnect.

Duplicates 1
DUO Security

I would love to see integration with Duo Security for two-factor authentication. Duo is free for up to 5 integration's and the push approval process is much nicer than Azure/Google/etc.

Pinned replies
Avatar
3
anonymous
  • Answer
  • Started

Hi All,

A quick announcement for anyone who may have missed the news posted on the output stream:

There will be support for Duo Security as a 2FA provider in 6.2. The release should be out mid-April.

Avatar
0
anonymous
  • Completed
Avatar
0
pfp

Are there any plans to support the all the Duo 2FA methods? Right now only push is supported but Duo can use many more methods (multiple mobile devices, OTP, SMS, phone call, bypass code, hardware token, etc) and their API makes it very easy for the user to choose the device and method they want to use to authenticate with.

Avatar
0
anonymous
Quote from pfp

Are there any plans to support the all the Duo 2FA methods? Right now only push is supported but Duo can use many more methods (multiple mobile devices, OTP, SMS, phone call, bypass code, hardware token, etc) and their API makes it very easy for the user to choose the device and method they want to use to authenticate with.

Hi pfp,

We can sure look into adding those additional methods. Please register your request separately since this request is closed internally as it's complete.

Avatar
0
Craig Silver

I am using version 6.3.13446.6374, self-hosted, Linux.


I just set up Duo and I do get a push but accepting it never completes the login; I must always ask my DuoMobile app for a one-time number and enter it into my Control login web page. Is it not possible for the application to complete the login after I accept the Duo push to my phone?


Also, I tried out the "Trust this device" checkbox but even after changing web.config's "TrustDeviceExpireDays" to 0 and restarting the service, I no longer get the Duo prompt from the machine that I originally trusted. Do I have to wait for a day or something before the 0 value kicks in? (According to this forum thread, the default is 30 but setting it to 0 disables it.)

Avatar
0
Mayfield Reynolds
Quote from Craig Silver

I am using version 6.3.13446.6374, self-hosted, Linux.


I just set up Duo and I do get a push but accepting it never completes the login; I must always ask my DuoMobile app for a one-time number and enter it into my Control login web page. Is it not possible for the application to complete the login after I accept the Duo push to my phone?


Also, I tried out the "Trust this device" checkbox but even after changing web.config's "TrustDeviceExpireDays" to 0 and restarting the service, I no longer get the Duo prompt from the machine that I originally trusted. Do I have to wait for a day or something before the 0 value kicks in? (According to this forum thread, the default is 30 but setting it to 0 disables it.)

Hi Craig,


After you accept the push request on your phone, you just leave the 2FA field empty in Control and submit; it doesn't check what you put in that field when using Duo.


When you log in and check the "Trust this device" checkbox, it saves the expiration of the trust within the cookie based on the current TrustDeviceExpireDays setting. So the device you clicked "Trust this device" on will be trusted for 30 days. If you set TrustDeviceExpireDays to 0, it disables trusting new devices from that point forward.

Avatar
0
Craig Silver

Thanks for the quick reply, Mayfield. Odd, I did clear my browser's cookies for the past hour when I was testing but it was only when I explicitly deleted the two for the domain that I got the DUO prompt back.


It's too bad that the application does not automatically respond once I accept the phone's prompt but it's not a big deal. I'm just glad that push works. :)



Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar