I've implemented RSA RBA (risk-based authentication), which builds on a lot
of the same infrastructure as their fob-based product. I haven't done Duo.
I'll be implementing Okta sometime next year, we already use it for SSO.
Product-agnostic implementation outline:
You need their server/VM/appliance, and whatever you're adding the auth
layer onto has to support your product (or vice-versa.) You may end up
installing something that replaces the default OWA login page for Exchange,
for example. You may have to point Cisco AnyConnect to a customized RADIUS
server. It all depends on what's getting MFA added to it.
Their software/appliance now needs to get a user list; it may integrate
into AD directly, it may require LDAP, etc. There's going to be some way to
provision users into the system, defining who is and isn't covered by MFA.
On Wed, Nov 30, 2016 at 1:31 PM, Kyle Stewart <_kylestew...@outlook.com>
> Hi all, hope this email finds everyone well. We're looking into setting up
> two-factor authentication at my company for a 2017 project and I'm in the
> "Let's get the lay of the land" phase. Right now it seems like Duo is
> making big headway in this market, but I've heard good things about RSA as
> well. I'd love to get some first-hand feedback from people who have used
> these types of 2FA solutions who aren't sales people :)
> Overall I get what 2FA/MFA does, but I'm blurry on how it gets implemented
> - at face value I'm very interested in Duo so if anyone has experience with
> Duo and setting it up (preferably alongside Palo Alto's and GlobalProtect)
> that'd be fantastic.
> Thanks in advance!
> Kyle Stewart
> Discuss mailing list
> This list provided by the League of Professional System Administrators
Discuss mailing list
This list provided by the League of Professional System Administrators