Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
$3
per month per user
Oracle ESSO
Score 10.0 out of 10
N/A
Oracle Enterprise Single Sign-On is a single sign-on (SSO) solution, originally named Passlogix and owned and supported by Oracle since 2010.
For secure access to apps and business data, I recommend Cisco Duo. It offers SSO, MFA, and Passwordless access, ensuring teams can securely access business data. It is easy to customize and comes with top-tier security features. It protects business data, apps, and users.
We use Cisco Duo with different type of device and application, but we never face any difficulties to integrate Cisco Duo with any of them.
We integrated Cisco Duo with some of our active directory and some of the OS are quite old but Cisco Duo works totally fine with them.
The end user application is very easy to use. We never had any complain from non tech team members of having trouble of using Cisco Duo.
There are several authentication methods available rather than passcode. I personally like the push notification which is always on time and quite fast.
Should have device to device connection ability whereas internet is not met.
Changes of device can be sorted and easily made using a second email address or any other identification method.
Troubleshooting should be easy to sort out. One time, a Duo admin deleted the authentication group, and some employees were not getting push notifications. It was very hard to find out the cause. Duo should have some troubleshooting finder.
Sometimes push notifications are delayed, and the code does not work. At that time, we need to enroll the device again. Not sure why it happens. Duo should give reasons for the error.
This tool is essentially a hack, making the user experience pretty weak. For example, we use it in an application which has a box to type your password. Every time you enter some data, ESSO steals the focus and types your password into the box, even if you aren't about to submit the form requiring the password.
This tool creates a 2nd CN in the directory and this broke some of our applications which were only expecting a single CN per user in the directory. Why can't it use a traditional database instead?
This tool caused performance issues with Putty. It would peg our CPUs at 100% if the user had Putty running. It took a very long time to resolve the issue.
There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward
La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las políticas sin problemas. La integración con las aplicaciones SSO y SaaS facilita aún más el proceso de acceso, mejorando la experiencia del usuario.
In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.
I have not needed direct support for Cisco Secure Access by Duo as I have not had a problem with it, but I have full confidence that the support is outstanding. It is now a core component of the corporate technology stack - a problem would mean a serious degradation in the ability of the company to function.
Documentation could have been better. I had to piece together different KB/admin guides to make certain things work and I also had to use third-party guides to get bits of information that were missing from Cisco Duo documentation. Support was also engaged multiple times to figure out an issue and after some back and forth it was usually determined that the information I needed was hidden somewhere else and had no direct correlation with the document that was linked from the platform.
Ultimately we ended up going with Cisco Duo because we are a Cisco shop. All of our networking infrastructure, our phones, our wireless environment is Cisco based. It made logical sense to stay with a product that we already have a line of support with. With a smaller support / tech group we depend on outside Cisco support. That support is already here for us, so we stayed with a Cisco product.
There's no substitute for properly developed applications that delegate authentication to an external system like Active Directory or a cloud identity provider. That way, the issues with screen scraping and constantly-breaking integration are solved permanently.
It's one of those things that only costs money in the sense of you have to convince a leadership team to spend money to save money, right? Like a compromise is far more expensive than duo paying for duo. So specifically it's really just about trying to prevent problems. And so while it costs money and we don't have a direct return on investment that we can point out immediately, I would still always advocate for it just because it keeps security. Paying for security is cheaper than getting compromised essentially.
We spent a lot of time implementing it on different applications. However, because it uses screen scraping, every time our apps upgraded, it broke the integration with ESSO, so we had to keep fixing the integration. After a few years, we have stopped integrating new apps with it due to this headache.
