Cisco Duo continually strives to enhance their products to make it easy for security practitioners to apply access policies based on the principles of zero trust. This blog highlights how Duo is achieving that goal by simplifying user and administrator experience and supporting data sovereignty requirements for customers around the world. Read on to get an overview of what Cisco Duo has been delivering to customers in those areas in the past few months.
Simplifying Administrator and End-User Experience for Secure Access
Duo strives to make secure access frictionless for employees while reducing the administrative burden on IT (Information Technology) and helpdesk teams. This is made possible thanks to the strong relationship between Cisco customers and their user research team. The insights they gained helped implement some exciting enhancements to Duo Single Sign-On (SSO) and Device Trust capabilities.
Duo SSO unifies identities across systems and reduces the number of credentials a user must remember and enter to gain access to resources. Active Directory (AD) is the most popular authentication source connected to Duo SSO, accounting for almost 80% of all setups. To make Duo’s integration with AD even easier to implement, Cisco has introduced Duo SSO support for multiple Active Directory forests for organizations that have users in multiple domains. Additionally, the Expired Password Resets feature in Duo SSO has been added. It provides an easy experience for users to quickly reset their expired Active Directory password, log into their application, and carry on with their day. Continuing the theme of self -service, a hosted device management portal was introduced – a highly requested feature from customers. Now administrators no longer need to host and manage the portal and end users can log in with Duo SSO to manage their authentication devices (e.g.: TouchID, security keys, mobile phone etc.) without needing to open IT helpdesk tickets.
The administrator experience has also been simplified. Administrators can easily configure Duo SSO with Microsoft 365 using an out of the box integration. Duo SSO layers Duo’s strong authentication and flexible policy engine on top of Microsoft 365 logins. Further, many customers have said that they want to deliver a seamless on-brand login experience for their workforce. To support this, Cisco Duo has made custom branding so simple that administrators can quickly customize their end-user authentication experience from the settings page in the Duo Admin Panel.
Device Trust is a critical capability required to enable secure access for the modern workforce from any location. Organizations can easily adopt device trust and distinguish between managed and unmanaged devices. They can enforce a Trusted Endpoint policy to allow access only from managed devices for critical applications. The requirement to deploy and manage device certificates to enforce this policy have been eliminated. The device Health application now checks the managed status of a device. This lowers administrative overhead while enabling organizations to achieve a better balance between security and usability. Additional out-of-box integrations with unified endpoint management solutions have been added, such as Active Directory domain-joined devices, Microsoft Intune, Jamf Pro and VMware Workspace ONE. For organizations that have deployed a solution that is not listed above, Duo provides a Device API that works with any enterprise device management system.