Reputation: 37
SharePoint with Duo Authentication (multifactor)
There seems to be almost nothing published about how to integrate multifactor or proprietary "duo" authentication with SharePoint. Duo say it's possible but you have to basically set it up from scratch. Are there any other methods or ways to configure sharepoint with multifactor authentication?
Upvotes: 0
Views: 1234
Answers (1)
Reputation: 7059
Duo's knowledge base ("Does Duo Work With Microsoft SharePoint?") provides a brief list of integration options:
Duo does not have a direct integration with SharePoint, but we can provide two-factor authentication to protect the application in the following ways:
- Utilizing the Duo Network Gateway.
- Proxy authentication traffic through a supported SSL VPN such as Juniper's SSL VPN.
- Virtual Desktop using Citrix or VMware View.
- ADFS.
- Use our .NET WebSDK. Note: This requires a developer familiar with SharePoint.
- This F5 solution. [Note: links to a SharePoint-specific solution for F5 load-balancer hardware/software]
One of the more forward-looking ways is to use Active Directory for authentication and ADFS (Active Directory Federation Services) for identity federation.
Then you can use the existing Duo integration options with ADFS (documented here), and you'll be better situated if you ever want to switch to another multifactor provider, like Azure MFA.
The other solutions involve intercepting traffic before it can reach SharePoint through hardware/network/virtualization means. ADFS is the only "off the shelf" solution that really integrates MFA with the authentication process.
If you do decide to roll your own Duo-integrated login page, good luck. But remember that it's not SharePoint that gets the multi-factor authentication (SharePoint doesn't handle authentication), but rather your authentication provider. Multi-factor authentication is applied before reaching the service (SharePoint), not within the service itself.
If you're building your own forms-based claims provider, that's the system with which you'll need to integrate multifactor (unless you use one of the interception methods above).
Upvotes: 1
Related Questions
- ITfoxtec.Identity.Saml2 - Multiple authentication schemes with Asp.net Core Identity
- Active Directory with multi factor authentication for an existing web application
- identityServer4 with Login Step-up and MFA
- Multi-factor authentication for hybrid azure AD joined domain
- Does DUO integrate with Microsoft Azure Active Directory B2C?
- Does Azure Active Directory B2C already support Multifactor Authentication Security Questions?
- Implementing A Custom 2 Factor Authentication Mechanism In Asp.Net Core
- SSO and multi-factor authentication
- Shiro, Multi Factor Authentication
- Sharepoint Multi Authentication