Cisco DUO & Authentication Flow

Cisco DUO & Authentication Flow

Both administrators and users may easily perform two-factor (2FA) and multi-factor (2FA) authentication with Duo MFA. With support for smartphones, smartwatches, and FIDO security keys, Duo offers a user-friendly, secure mobile authentication software for rapid, push notification-based validation to confirm your user's identity. 

In order to use the more secure Verified Duo Push feature, users must enter a special code obtained from the login device into the Duo Mobile app. To meet the demands of every user, organizations can select from a number of second- and multi-factor authentication techniques.

Duo MFA does not need to be installed with on-premises hardware because it is a secure cloud-based solution. Duo Mobile, our smartphone app, sends Duo Push, our most popular authentication method. The administrative work involved in registering new users is modest.

With Duo's many user provisioning methods, you can quickly and accurately enroll every user in the two-factor solution. methods include Advanced Directory sync, bulk enrollment, user self-registration, and more.

Advanced administrators may integrate and utilize Duo's solution in an automated and scalable way by using the Admin APIs. Users, phones, tokens, and connectors are all simply managed by administrators. Customers may connect with Duo's security logs via admin APIs for specialized reporting and analytics needs.

DUO Authentication Flow Explained with Cisco FMC

Cisco DUO & Authentication Flow

  • Primary authentication initiated to Cisco FMC
  • Cisco FMC sends an authentication request to the Duo Authentication Proxy
  • Primary authentication must use Active Directory or RADIUS
  • Duo Authentication Proxy connection established to Duo Security over TCP port 443
  • Secondary authentication via Duo Security’s service 
  • Duo authentication proxy receives the authentication response
  • Cisco FMC GUI access is granted

Continue Reading...

No comments