Re: Duo: love it or not so much?

[Rich Graves <rgraves () CARLETON EDU>]

We had about 100 users of Duo, for remote access to a Citrix farm plus SSH and some RDP, for about 3 years. User 
feedback was good. 

New management decided that users would never accept 2-factor, so it was turned off for public-facing services (I found 
out about the change when a user asked where Duo went). Two years later, said manager tried Duo, decided it's not too 
bad, and decided that the entire department had to start using it immediately. So we will probably be ramping back up 
by the end of this calendar year.

There is one current issue, with bad timing for us: in order to identify out-of-date Flash and Java plugins for their 
new "platform" up-sell, Duo recently (3 weeks ago?) added a Java loader to all Duo web integrations. This creates a 
brief pause and a transient click-to-run warning, or sometimes a modal popup, in most modern browsers. 

Because we are not paying for platform, we get (justified) user concern without the benefit of knowing who has 
out-of-date plugins. Have other sites this noticed and complained about this? Please do.

Dennis Levine:
> Another great thing with Duo is the educational pricing you can get if you
> are an Internet 2 member. The price is low enough that you would be crazy
> to not have two factor for staff\faculty and students. 

You need to be an InCommon member. As with other things, there is a small additional discount for Internet2.

How crazy the deal is depends on where you fall in the IPEDS quanta. Carleton.edu is just below the 2500 enrollment 
number. StOlaf.edu is just above it. This means that StOlaf.edu needs to pay twice as much. It's still a good deal, but 
a hard sell when you know you're paying significantly more per seat than your neighbor. This is only an issue for the 
two smallest tiers.