Educause Security Discussion mailing list archives
Re: Duo: love it or not so much?
From: Emily Harris <emharris () VASSAR EDU>
Date: Tue, 15 Sep 2015 13:53:17 -0400
Faust: With our upcoming implementation, we can either use the vendor supplied MFA which only supports SMS (requiring Vassar to acquire a 3rd party SMS service) or a 3rd party tool that integrates with CAS such as Duo. My initial understanding is that Duo does supply other options such as calling a landline number or an alternate email address. We have definitely thought about the cellphone issue - but mostly for areas that we will be enforcing MFA in the future, such as Finance. ---- Emily Harris Interim Information Security Officer, CIS Vassar College 845-437-7221 On Tue, Sep 15, 2015 at 1:36 PM, Faust Gorham <fgorham () csub edu> wrote:
Emily, We implemented DUO when I was with UC Merced and found it to be an excellent product. We integrated into several bastion hosts and on our Cisco VPN appliance. Our plans for future phases: - Integrate into SSO allowing for administrative determination of which services would require MFA - Self-service page where a user could request MFA for certain services where administratively we didn’t require it. I think today, you see many other vendors providing this integrated into their product offerings for example: - IDAAS (Okta) - Microsoft So the question is, do you need a separate product? One thing to note – policy decisions. MFA often requires a cell phone as that second client (text, call, or mobile app) does the university now pay for this device? Cheers, ______________________________ Faust Gorham Associate Vice President & Chief Information Officer California State University Bakersfield https://www.csub.edu/its/ 661-654-3425 From: The EDUCAUSE Security Constituent Group Listserv Date: Tuesday, September 15, 2015 at 10:13 AM To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Duo: love it or not so much? All: We're preparing to launch Single Sign On architecture as part of a larger IAM project, and we are looking at our options for 2-step verification / 2-factor authentication / whatever we like to call it these days. We have been advised that Duo is a good solution, and I am curious if others on this list have any experiences they can share. We are likely going to go this way, so I am seeking any positive feedback or potential warnings/gotchas we should look out for in our implementation. Thank you so much! ---- Emily Harris Interim Information Security Officer, CIS Vassar College 845-437-7221
Current thread:
- Duo: love it or not so much? Emily Harris (Sep 15)
- Re: Duo: love it or not so much? Haselhoff, Brent (Sep 15)
- Re: Duo: love it or not so much? Brad Judy (Sep 15)
- Re: Duo: love it or not so much? Paul Chauvet (Sep 15)
- Re: Duo: love it or not so much? Dennis Levine (Sep 15)
- Re: Duo: love it or not so much? Rich Graves (Sep 16)
- <Possible follow-ups>
- Re: Duo: love it or not so much? Faust Gorham (Sep 15)
- Re: Duo: love it or not so much? Emily Harris (Sep 15)