According to the docs, if you want to use Duo for MFA, you cannot use any of the other options. Does anyone know if there is a technical limitation that means Duo cannot (ever) be supported with other options, or will we be able to use Duo and other options in the future? We use Duo were I work, but if we enable Duo now, we cannot extend SMS / OTP app MFA to our external user communities.
Hey @markd!
Checked the docs(Configure Cisco Duo Security for MFA) and it seems like Duo does support SMS / OTP. I’ll confirm internally if there is any technical obstacle that stand in between using it with other options and will get back to you!
After some initial internal discussion I believe this is because Duo has a separate screen and doesn’t use our hosted MFA page which is not a technical barrier I think. As for future plans I would need to ask our product teams
Thanks @konrad.sopala! Turns out this was a bit of a red herring for us anyway. We’ve hooked up our Google Apps domain to our prod and non-prod tenants and, while we haven’t done this yet, the intent is to use the Google Apps connection, which enforces its own MFA, for all our Auth0-enabled employee facing apps. So we will be able to use the other MFA methods for our external users.
1 Like