I've implemented RSA RBA (risk-based authentication), which builds on a lot
of the same infrastructure as their fob-based product. I haven't done Duo.
I'll be implementing Okta sometime next year, we already use it for SSO.

Product-agnostic implementation outline:

You need their server/VM/appliance, and whatever you're adding the auth
layer onto has to support your product (or vice-versa.) You may end up
installing something that replaces the default OWA login page for Exchange,
for example. You may have to point Cisco AnyConnect to a customized RADIUS
server. It all depends on what's getting MFA added to it.

Their software/appliance now needs to get a user list; it may integrate
into AD directly, it may require LDAP, etc. There's going to be some way to
provision users into the system, defining who is and isn't covered by MFA.

-Matt Finnigan


On Wed, Nov 30, 2016 at 1:31 PM, Kyle Stewart <_kylestew...@outlook.com>
wrote:

> Hi all, hope this email finds everyone well. We're looking into setting up
> two-factor authentication at my company for a 2017 project and I'm in the
> "Let's get the lay of the land" phase. Right now it seems like Duo is
> making big headway in this market, but I've heard good things about RSA as
> well. I'd love to get some first-hand feedback from people who have used
> these types of 2FA solutions who aren't sales people :)
>
>
> Overall I get what 2FA/MFA does, but I'm blurry on how it gets implemented
> - at face value I'm very interested in Duo so if anyone has experience with
> Duo and setting it up (preferably alongside Palo Alto's and GlobalProtect)
> that'd be fantastic.
>
>
> Thanks in advance!
>
>
> _____________________________
> Kyle Stewart
>
> _______________________________________________
> Discuss mailing list
> Discuss@lists.lopsa.org
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
> This list provided by the League of Professional System Administrators
>  http://lopsa.org/
>
>
_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
 http://lopsa.org/

Reply via email to