I've implemented RSA RBA (risk-based authentication), which builds on a lot of the same infrastructure as their fob-based product. I haven't done Duo. I'll be implementing Okta sometime next year, we already use it for SSO.
Product-agnostic implementation outline: You need their server/VM/appliance, and whatever you're adding the auth layer onto has to support your product (or vice-versa.) You may end up installing something that replaces the default OWA login page for Exchange, for example. You may have to point Cisco AnyConnect to a customized RADIUS server. It all depends on what's getting MFA added to it. Their software/appliance now needs to get a user list; it may integrate into AD directly, it may require LDAP, etc. There's going to be some way to provision users into the system, defining who is and isn't covered by MFA. -Matt Finnigan On Wed, Nov 30, 2016 at 1:31 PM, Kyle Stewart <[email protected]> wrote: > Hi all, hope this email finds everyone well. We're looking into setting up > two-factor authentication at my company for a 2017 project and I'm in the > "Let's get the lay of the land" phase. Right now it seems like Duo is > making big headway in this market, but I've heard good things about RSA as > well. I'd love to get some first-hand feedback from people who have used > these types of 2FA solutions who aren't sales people :) > > > Overall I get what 2FA/MFA does, but I'm blurry on how it gets implemented > - at face value I'm very interested in Duo so if anyone has experience with > Duo and setting it up (preferably alongside Palo Alto's and GlobalProtect) > that'd be fantastic. > > > Thanks in advance! > > > _____________________________ > Kyle Stewart > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
