Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
$3
per month per user
HID DigitalPersona
Score 8.8 out of 10
N/A
HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and applications.
We evaluated Cisco DUO but ultimately chose HID because of their support for biometrics. With DUO every user would have to have the authentication app on their personal phone and pull it out each time they had to log in. We definitely did not want this for our frontline staff …
I didn't select HID but was part of the decision-makers to move away from HID. The HID product we used was on-prem and carries a lot of overhead (installation, upgrades, hardware). We converted overall business applications to cloud-based OneLogin. We used HID for windows …
It is a very compete and solid solution Once it is in place, and you have configured the different settings and policies it is consistent and works well. It does take some time to work the kinks out. We had a Cisco support provider assist us while we stepped through the process of getting it set up.
During the onboarding process, remote workers can enroll their fingerprints or create secure PINs. This eliminates the need for complicated passwords and enables them to safely access company resources and critical apps from remote locations. HID DigitalPersona's robust authentication techniques and access control features can assist you in adhering to data security laws.
We use Cisco Duo with different type of device and application, but we never face any difficulties to integrate Cisco Duo with any of them.
We integrated Cisco Duo with some of our active directory and some of the OS are quite old but Cisco Duo works totally fine with them.
The end user application is very easy to use. We never had any complain from non tech team members of having trouble of using Cisco Duo.
There are several authentication methods available rather than passcode. I personally like the push notification which is always on time and quite fast.
Speeding up the login process with fingerprint in PIN rather than having to remember a long password. Our IT department has seen a huge decrease in the amount of account lockout and forgot password calls.
It is highly customizable to meet the needs of remote or on-premises workers. It is all configurable through group policy, so it is very easy to set specific requirements on certain groups.
Setup was quick and the administration guides are very easy to follow if you need to go back in and adjust things.
Documentation is oftentimes missing key information for proper implementation. This is circumvented by reading third-party guides or contacting support for additional details.
They do not push Fail-Closed as much as I think they should. Fail-Open is fairly trivial to bypass and it should be made known to the customer during setup how much this will affect overall security.
More vendor integration is something that is always craved by administrators. There are so many third-parties to integrate with.
I find that sometimes I have had to delete a users fingerprints and re-add them. There must be something going on where the software believes that the user has changed their fingerprints.
I have on occasion come across a person where the reader was unable to create fingerprints for that user. It would be interesting to see if the sensitivity of the 4500 reader could be improved on.
I find that using the DigitalPersona software makes the users ultimately forget their passwords. Maybe every once in a while the software could require the user to type in their Windows password to help them remember it.
There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward
It is wonderful for multifactor authentication and gives us many options for what we use to authenticate. All of our users use it and it is engrained into our group policies and people would be very disappointed if it went away.
La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las políticas sin problemas. La integración con las aplicaciones SSO y SaaS facilita aún más el proceso de acceso, mejorando la experiencia del usuario.
I think there are still fundamental enhancements needed to be added to the management consoles and I think there ought to be a Centralized, Windows Based "Thick" Management Application instead of individual utilities which vary from MMCs, Scripts, Wizards, etc.
In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.
I have not needed direct support for Cisco Secure Access by Duo as I have not had a problem with it, but I have full confidence that the support is outstanding. It is now a core component of the corporate technology stack - a problem would mean a serious degradation in the ability of the company to function.
Extremely poor; I've never encountered such. Professional Services completely dropped us for months. Crossmatch tech support seems like it has 3 techs tops! No response to emails, calls, the absolute worst! I will never recommend DP to anyone.
Implementation was straight forward and you can isolate different scenarios in order to test new application setup or add to an existing setup. Gui interface is pretty easy to understand and follow. I had no experience with Duo and still manage to easily set up new policies and rules.
Could use tools to audit license usage at a more granular level as to allow an administrator to free up licenses from users whom seldom use their biometrics to login.
I would fully expect a competitor like Okta or any other multifactor mechanic to function pretty similarly, and I hesitate to say duos the best. I think the idea is that it's a simple concept, but it does it well. So I haven't evaluated any myself outside of duo, but I'm also not in the market and I don't feel like we need to go shopping for something else.
We have used One Identity for software tokens. The Defender software tokens were originally included with our bundle and work pretty well for integration into the AnyConnect VPN client with Cisco. All that said, we use the two products for different applications and DP does what it does very well.
I'm happy to say I'm not involved in budgeting or finance, but the financial benefits are easy to state: Less helpdesk time - helpdesk staff don't have to spend time resetting people's passwords.
Users don't have to wait for Helpdesk to get around to helping them log in.
