MFA: "Duo only" vs. other MFA methods

According to the docs, if you want to use Duo for MFA, you cannot use any of the other options. Does anyone know if there is a technical limitation that means Duo cannot (ever) be supported with other options, or will we be able to use Duo and other options in the future? We use Duo were I work, but if we enable Duo now, we cannot extend SMS / OTP app MFA to our external user communities.

Hey @markd!

Checked the docs(Configure Cisco Duo Security for MFA) and it seems like Duo does support SMS / OTP. I’ll confirm internally if there is any technical obstacle that stand in between using it with other options and will get back to you!

After some initial internal discussion I believe this is because Duo has a separate screen and doesn’t use our hosted MFA page which is not a technical barrier I think. As for future plans I would need to ask our product teams

Thanks @konrad.sopala! Turns out this was a bit of a red herring for us anyway. We’ve hooked up our Google Apps domain to our prod and non-prod tenants and, while we haven’t done this yet, the intent is to use the Google Apps connection, which enforces its own MFA, for all our Auth0-enabled employee facing apps. So we will be able to use the other MFA methods for our external users.

1 Like