Amazon Cognito vs. Cisco Duo vs. MojoAuth

Well Suited

1. B2C mobile and web apps with a high number of users.
2. Cheaper and cost-effective.
3. If the other pieces of the infra are already using AWS services like Lambda, S3, Pinpoint, etc.

Not Suited For:

1. Advanced use-cases (Biometrics based authentication) Email, and other MFA channels.
2. For any use-cases needing SCIM.
3. Customized flows of SSO, and MFA will need a layer on Lambda and other AWS services.

Incentivized

For secure access to apps and business data, I recommend Cisco Duo. It offers SSO, MFA, and Passwordless access, ensuring teams can securely access business data. It is easy to customize and comes with top-tier security features. It protects business data, apps, and users.

Incentivized

• Strong integration with React.js and client-side applications
• Easy to bridge Cognito identities with the rest of the AWS ecosystem
• Easy to store user profile data directly in Cognito rather than having to build additional services/endpoints
• Easy integration with AWS Lambda to extend and add sophistication to the service

Incentivized

• We use Cisco Duo with different type of device and application, but we never face any difficulties to integrate Cisco Duo with any of them.
• We integrated Cisco Duo with some of our active directory and some of the OS are quite old but Cisco Duo works totally fine with them.
• The end user application is very easy to use. We never had any complain from non tech team members of having trouble of using Cisco Duo.
• There are several authentication methods available rather than passcode. I personally like the push notification which is always on time and quite fast.

Incentivized

• Amazon Cognito has a bit of a learning curve. You need to learn its concepts and terminology. The documentation does not describe some topics comprehensively.
• Some Console screens would benefit from improved search and filtering options.
• When another AWS product (e.g., SageMaker) configures Cognito on your behalf, it is not clear what you're getting. For example, the expiration of a temporary password was configured but never communicated.

Incentivized

• Should have device to device connection ability whereas internet is not met.
• Changes of device can be sorted and easily made using a second email address or any other identification method.
• Troubleshooting should be easy to sort out. One time, a Duo admin deleted the authentication group, and some employees were not getting push notifications. It was very hard to find out the cause. Duo should have some troubleshooting finder.
• Sometimes push notifications are delayed, and the code does not work. At that time, we need to enroll the device again. Not sure why it happens. Duo should give reasons for the error.

There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward

Incentivized

Amazon Cognito is easy to use and implement if you don't need to implement custom policies. But if your security team requires something outside the box, then implementation becomes complicated and you risk wasting time. There is no option for customizable regex for passwords, which is a major deficiency. The standard password policy, allow to choose the length of the password, if it should contains at least one number, one special character, one uppercase letter and one lowercase letter.

Incentivized

La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las políticas sin problemas. La integración con las aplicaciones SSO y SaaS facilita aún más el proceso de acceso, mejorando la experiencia del usuario.

Incentivized

In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.

We do not see any degradation of performance of the protected applications. There are occasional lags in receiving the push but no show stooppers.

Community support is excellent, many times even better and quicker then the offical AWS support. I really cannot recommend community support enough! Apart from that the service is relativily easy to use and does not have a huge learning curve. Examples are easy to follow and will help you start using the service.

Incentivized

I have not needed direct support for Cisco Secure Access by Duo as I have not had a problem with it, but I have full confidence that the support is outstanding. It is now a core component of the corporate technology stack - a problem would mean a serious degradation in the ability of the company to function.

Incentivized

There was no in person training but checking the box was the only way I could complete all of the questions.

This was not organized training but the videos that Duo provides to teach you how to install a particular integration are top notch.

Documentation could have been better. I had to piece together different KB/admin guides to make certain things work and I also had to use third-party guides to get bits of information that were missing from Cisco Duo documentation. Support was also engaged multiple times to figure out an issue and after some back and forth it was usually determined that the information I needed was hidden somewhere else and had no direct correlation with the document that was linked from the platform.

Incentivized

They are ideal tools to create a secure and unique login experience for our applications. Thanks to its API authorization, Amazon Cognito ensures connections to applications that are secure.It is easy to use and provides easy access to files and applications that you need to complete your goal.

Incentivized

Ultimately we ended up going with Cisco Duo because we are a Cisco shop. All of our networking infrastructure, our phones, our wireless environment is Cisco based. It made logical sense to stay with a product that we already have a line of support with. With a smaller support / tech group we depend on outside Cisco support. That support is already here for us, so we stayed with a Cisco product.

Incentivized

So far, the only limits we've encountered were tied to our imagination. Duo's strong list of supported integrations is amazing.

• ROI is great for Amazon Cognito Overall.
• It is included in the AWS Free Tier so you can use it for a good amount without paying, so the software can be tested beforehand.
• The paid pricing is also affordable, so a positive impact on ROI.

Incentivized

• It's one of those things that only costs money in the sense of you have to convince a leadership team to spend money to save money, right? Like a compromise is far more expensive than duo paying for duo. So specifically it's really just about trying to prevent problems. And so while it costs money and we don't have a direct return on investment that we can point out immediately, I would still always advocate for it just because it keeps security. Paying for security is cheaper than getting compromised essentially.

Incentivized