Very clear and informative. Can same Application Instance in Duo be used for multiple VPN boxes? I would assume that unique application instance is required for each appliance since configured attribute in Duo, "Service Provider: Base URL hostname" (@4:37) will be unique to the vpn appliance. But would like to get your viewpoint. Thanks!
Hello. I am a programmer. I worked with Fortiauthenticator. I had it implement PHP SAML which worked fine.. Fortiauthenticator was very good. The company asked me to migrate Fortiauthenticator to Duo Cisco SAML. Try to configure the Service Provider section. The Certificate field is mandatory, that is, to upload the certificate file. I have not been able to do it. The Certificate field was not in Fortiauthenticator. Only the IdP metadata download. But this Duo Cisco issue is different. I need help where I can find or explain to me how to generate the Service Provider certificate. Thanks.
This is great. Thank you. This is very helpful. I have a couple of questions if you can help. First, if you have your users setup with 2factor in O365 (which is why/how I am using Azure) do they get the push notification when they auth with Azure and then again once they auth with DUO? And the other question is do you know if password expiration can work with this setup?
OK so I tried it and the answer is yes you will get the O365 2FA AND the Duo 2FA. Password expiration doesn't look to work in this setup. Still researching how to use it.
Here's a link to the FTD Anyconnect with Azure AD. But it's still using Duo MFA, which you don't have to use. You can continue with Microsoft MFA if you like. th-cam.com/video/wgttyx7UFMI/w-d-xo.html
One of the best video explanations of the process and flow of how SAML works.
Very clear and informative. Can same Application Instance in Duo be used for multiple VPN boxes? I would assume that unique application instance is required for each appliance since configured attribute in Duo, "Service Provider: Base URL hostname" (@4:37) will be unique to the vpn appliance. But would like to get your viewpoint. Thanks!
Hello Digo, you are correct. If you add a new appliance or application to protect, you would add a new application to protect in the Duo portal.
Hello. I am a programmer. I worked with Fortiauthenticator. I had it implement PHP SAML which worked fine.. Fortiauthenticator was very good. The company asked me to migrate Fortiauthenticator to Duo Cisco SAML. Try to configure the Service Provider section. The Certificate field is mandatory, that is, to upload the certificate file. I have not been able to do it. The Certificate field was not in Fortiauthenticator. Only the IdP metadata download. But this Duo Cisco issue is different. I need help where I can find or explain to me how to generate the Service Provider certificate. Thanks.
This is great. Thank you. This is very helpful. I have a couple of questions if you can help. First, if you have your users setup with 2factor in O365 (which is why/how I am using Azure) do they get the push notification when they auth with Azure and then again once they auth with DUO? And the other question is do you know if password expiration can work with this setup?
OK so I tried it and the answer is yes you will get the O365 2FA AND the Duo 2FA. Password expiration doesn't look to work in this setup. Still researching how to use it.
@@DeathFA576 Any luck with this?
I am getting the error as " Failed to Generate SAML AuthRequest"any suggestions what should i do ?
Thanks for this informative video. Do you have any video about Cisco FTD with AnyConnect VPN with Azure AD and Microsoft MFA? Thanks
Here's a link to the FTD Anyconnect with Azure AD. But it's still using Duo MFA, which you don't have to use. You can continue with Microsoft MFA if you like. th-cam.com/video/wgttyx7UFMI/w-d-xo.html
How about Implementing SAML for Fortinet VPN, same approach using Azure as Idp and DUO act as proxy MFA, do you have any tutorial?
Sorry Richie, I don't have access to any Fortinet gear.