Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
$3
per month per user
Jamf Connect
Score 8.5 out of 10
N/A
Jamf Connect is a Mac device authentication solution, that lets a user unbox their device, power it on and access all of their corporate applications and resources after signing on with a single set of cloud identity credentials.
It is a very compete and solid solution Once it is in place, and you have configured the different settings and policies it is consistent and works well. It does take some time to work the kinks out. We had a Cisco support provider assist us while we stepped through the process of getting it set up.
Jamf Connect works particularly well in our lab environments where the central "source of truth" for student accounts is our Okta IdP. As Apple has recommended moving away from Active Directory binding (which was our previous source of truth for authentication) we needed a new central way to manage this function. Okta worked well for other services on campus, and it was a smooth integration to make it work with Jamf Connect for virtually all use cases on campus (we still have a couple of NAS/SAN systems that require Active Directory).
We use Cisco Duo with different type of device and application, but we never face any difficulties to integrate Cisco Duo with any of them.
We integrated Cisco Duo with some of our active directory and some of the OS are quite old but Cisco Duo works totally fine with them.
The end user application is very easy to use. We never had any complain from non tech team members of having trouble of using Cisco Duo.
There are several authentication methods available rather than passcode. I personally like the push notification which is always on time and quite fast.
Documentation is oftentimes missing key information for proper implementation. This is circumvented by reading third-party guides or contacting support for additional details.
They do not push Fail-Closed as much as I think they should. Fail-Open is fairly trivial to bypass and it should be made known to the customer during setup how much this will affect overall security.
More vendor integration is something that is always craved by administrators. There are so many third-parties to integrate with.
There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward
It is almost a certainty that we will continue to use Jamf Connect, even with Apple coming out with Platform Single Sign On. Jamf Connect provides several features that PSSO does not, such as "just in time" local account creation and automatic synchronization of enterprise credentials. It is unlikely that we would investigate other options at this time or in the near future.
La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las políticas sin problemas. La integración con las aplicaciones SSO y SaaS facilita aún más el proceso de acceso, mejorando la experiencia del usuario.
Jamf Connect is quite easy to use and has the necessary options on the login screen (such as WiFi network connection) for getting connected and authenticated. It has a simple to use menulet that allows password changes and resets as well as temporary elevation, all with very clear workflows. It also allows us to assign field staff to their client users' computers so that they can provide support without having to resort to LAPS accounts.
In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.
I have not needed direct support for Cisco Secure Access by Duo as I have not had a problem with it, but I have full confidence that the support is outstanding. It is now a core component of the corporate technology stack - a problem would mean a serious degradation in the ability of the company to function.
Implementation was straight forward and you can isolate different scenarios in order to test new application setup or add to an existing setup. Gui interface is pretty easy to understand and follow. I had no experience with Duo and still manage to easily set up new policies and rules.
I would fully expect a competitor like Okta or any other multifactor mechanic to function pretty similarly, and I hesitate to say duos the best. I think the idea is that it's a simple concept, but it does it well. So I haven't evaluated any myself outside of duo, but I'm also not in the market and I don't feel like we need to go shopping for something else.
The only other product we evaluated was Xcreds from TwoCanoes software, which is essentially a one person shop. We already were Jamf Pro customers, and Jamf Connect fulfilled all of the requirements for this function along with providing professional customer support. Since we already had a relationship with Jamf, it made perfect sense to add this product to our toolkit, and keep technical support contained within one organization.
