Cisco Duo MFA in Entra ID
Date Posted:
18 Jun 2025
Category:
Security
Cisco Duo MFA in Entra ID
Date Posted:
18 Jun 2025
Category:
Security
Cisco Duo MFA in Entra ID
Date Posted:
18 Jun 2025
Category:
Security
Cisco Duo External Authentication Method
Introduction Of Cisco Duo MFA in Entra ID
Multifactor Authentication is adding a layer of security to data/information. In this blog, I explained the configuration steps to do MFA in Entra ID using Cisco Duo. Duo is an external authenticator for Entra ID.
Steps to configure Multifactor Authentication in Entra ID using external authentication (Duo Security)
Duo Setup
Log in to the Duo Admin panel. Go to a Applications a Protect the application
Search Microsoft Entra ID External Authentication Methods and authorize the Microsoft account. The account must be a global administrator.
After logging in, the user must allow permission to access and read from the AD tenant
Note the details: Client ID, Discovery Endpoint, and App ID. These details need to be entered in Entra.
Adding an external Authenticator in Duo
Log in to the Microsoft Entra admin centre with global admin credentials
Under Protection a Authentication methods a Policies a Add External method.
Fill in the Client ID, Discovery Endpoint, and App ID from the Duo. These details will be available when creating the application.
Under Conditional access, click policies, and create a new policy.
Provide a name, and under users, choose the users who want to follow this policy.
Under Grant, choose the 'Require Multi-Factor Authentication' option.
Testing Results
After these configurations, when a user who has been in the conditional policy tries to log in to the Entra ID, the user will be prompted to choose the MFA. In this, the Cisco Duo option will be available. The user will be prompted to scan the QR Code, and a one-time Code will be generated in the Duo Application on the registered device. After registering, when the user logs in, it will be automatically redirected to the verification page.
Conclusion
This is how Cisco Duo can be added as an external authenticator in Entra ID. There is another option to add Duo by creating a custom control in the Conditional Access. Enternal authentications are the replacement of custom control since it lags behind some of the standards. External Authentication is supported by Ping Identity, Symantec, RSA, Entrust, HYPR, SILVERFORT, THALES, and TrustBuilder.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Category:
Security
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Category:
Category:
Security
Security
Get your
Tailored Quote for your
Organisation
Get your
Tailored Quote for your
Organisation
Cisco Duo External Authentication Method
Introduction Of Cisco Duo MFA in Entra ID
Multifactor Authentication is adding a layer of security to data/information. In this blog, I explained the configuration steps to do MFA in Entra ID using Cisco Duo. Duo is an external authenticator for Entra ID.
Steps to configure Multifactor Authentication in Entra ID using external authentication (Duo Security)
Duo Setup
Log in to the Duo Admin panel. Go to a Applications a Protect the application
Search Microsoft Entra ID External Authentication Methods and authorize the Microsoft account. The account must be a global administrator.
After logging in, the user must allow permission to access and read from the AD tenant
Note the details: Client ID, Discovery Endpoint, and App ID. These details need to be entered in Entra.
Adding an external Authenticator in Duo
Log in to the Microsoft Entra admin centre with global admin credentials
Under Protection a Authentication methods a Policies a Add External method.
Fill in the Client ID, Discovery Endpoint, and App ID from the Duo. These details will be available when creating the application.
Under Conditional access, click policies, and create a new policy.
Provide a name, and under users, choose the users who want to follow this policy.
Under Grant, choose the 'Require Multi-Factor Authentication' option.
Testing Results
After these configurations, when a user who has been in the conditional policy tries to log in to the Entra ID, the user will be prompted to choose the MFA. In this, the Cisco Duo option will be available. The user will be prompted to scan the QR Code, and a one-time Code will be generated in the Duo Application on the registered device. After registering, when the user logs in, it will be automatically redirected to the verification page.
Conclusion
This is how Cisco Duo can be added as an external authenticator in Entra ID. There is another option to add Duo by creating a custom control in the Conditional Access. Enternal authentications are the replacement of custom control since it lags behind some of the standards. External Authentication is supported by Ping Identity, Symantec, RSA, Entrust, HYPR, SILVERFORT, THALES, and TrustBuilder.