Re: Duo: love it or not so much?

[Faust Gorham <fgorham () CSUB EDU>]

Emily,

We implemented DUO when I was with UC Merced and found it to be an excellent product. We integrated into several 
bastion hosts and on our Cisco VPN appliance.

Our plans for future phases:
Integrate into SSO allowing for administrative determination of which services would require MFA
Self-service page where a user could request MFA for certain services where administratively we didn’t require it.
I think today, you see many other vendors providing this integrated into their product offerings for example:
IDAAS (Okta)
Microsoft
So the question is, do you need a separate product?

One thing to note – policy decisions. MFA often requires a cell phone as that second client (text, call, or mobile app) 
does the university now pay for this device?

Cheers,
______________________________
Faust Gorham
Associate Vice President &
Chief Information Officer
California State University Bakersfield
https://www.csub.edu/its/
661-654-3425

From:  The EDUCAUSE Security Constituent Group Listserv
Date:  Tuesday, September 15, 2015 at 10:13 AM
To:  <SECURITY () LISTSERV EDUCAUSE EDU>
Subject:  [SECURITY] Duo: love it or not so much?

All:


We're preparing to launch Single Sign On architecture as part of a larger IAM project, and we are looking at our 
options for 2-step verification / 2-factor authentication / whatever we like to call it these days.  We have been 
advised that Duo is a good solution, and I am curious if others on this list have any experiences they can share.  We 
are likely going to go this way, so I am seeking any positive feedback or potential warnings/gotchas we should look out 
for in our implementation.


Thank you so much!


----
Emily Harris
Interim Information Security Officer, CIS
Vassar College
845-437-7221