MFA for Companies of All Sizes
Updated February 21, 2024

MFA for Companies of All Sizes

Jared Miller | TrustRadius Reviewer
Score 10 out of 10
Vetted Review

Overall Satisfaction with Cisco Duo

Duo Security acts as the MFA piece of our security offering to our clients. As a third-party authentication platform and vendor, Duo is capable of catering to a far broader audience in terms of what is protected, and how. We leverage Duo internally and across all clients who have MFA needs.
  • Broad integration library. Many common platforms have direct integrations
  • Conversely, Duo has the ability to configure an internal authentication server, as well as more recently offering a a hosted option to capture those vendors and platforms that do not directly integrate.
  • Duo has fantastic and interactive support. Willing to help you engineer solutions simply as a part of your partnership with them.
  • Additional user syncing authority options would be great. Currently supporting OpenLDAP, Microsoft AD, and Azure AD. Being able to sync from GSuite or the like would be nice.
  • UNQUALIFIED -- I am unaware of any kind of platform that allows external communication built-in. They do have API which allows other platforms to more proactively report on data but so far as I've seen reporting is done in the dashboard and there aren't "alerts" that can be sent out to admins to my knowledge.
  • Duo has allowed us to pursue very advanced security practices, including being able to authenticate callers to our helpdesk as legitimate employees. Although uncommon of an attack vector in our space, it gives an enterprise-level of protection to businesses of ANY size.
  • Because of the additional level of coverage we can provide, while an increased cost from the licensing they have in Microsoft, we have financial gains in reselling this platform as well. Duo makes it easy for the client to change providers/leave and self manage making us "sticky" to clients, but still being flexible enough to allow them out.
  • Unified management and training is the name of the game in our space, and Duo enables this in spades. Lots of training and assistance from their partner program makes MFA a graspable concept for technicians to administrate at all levels at our firm.
Duo's platform allows identification above and beyond specific platforms and accounts. With the Duo application on phones, we are able to authenticate users in a multitude of ways including sending a verification to their phone while on a call with them. Duo has the flexibility to allow disparate scenarios including platforms with different naming schemes (allows for manually added alias') and shared accounts in allowing multiple authenticated devices to be added to a single account and of course vice versa.
We did not evaluate any other tools, the partner program they were offering was nearly completely unique at the time in our space. While others have began to cater to Managed Service Providers in recent years, Duo was among the first. While other platforms have developed around specific methodologies and specializations, I believe Duo stands as the best all-around option today in maturity and unification of product vision.

Do you think Cisco Duo delivers good value for the price?

Yes

Are you happy with Cisco Duo's feature set?

Yes

Did Cisco Duo live up to sales and marketing promises?

Yes

Did implementation of Cisco Duo go as expected?

Yes

Would you buy Cisco Duo again?

Yes

I would say the only situation in which Duo would not be most optimal would be in cases where the client has very simple needs that can be totally covered by Microsoft and Azure applications, etc. If you are able to live entirely inside of Microsoft's sphere then the native MFA options may make more sense from a configuration/less vendor spread perspective. But Duo integrates VERY well with Microsoft and assuming you need to cover some other website/vendor, Duo quickly becomes the better option from then on out. Even then, if you are a managed service provider, Duo gives you a single platform to manage from and standardize on which eliminates configuration differences on your end.

Cisco Security

2FA is critical at all facets - Duo makes for a great third party. Not having to 'put all our eggs in one basket' with Microsoft we are able to achieve a level of flexibility with how when and where we enact 2FA on our employees and clients across the board.

Cisco Duo Support

Fantastic. Hands down one of the most well-focused support engineers. And a company that desires to push you to towards healthy security practices with hands-on assistance for no additional cost. Being acquired by Cisco is somewhat concerning, however, these unique "extra-mile" qualities sometimes have a tendency to disappear once fully integrated into the larger Cisco family which has a very particular way of interacting with vendors/partners.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
No escalation required
Support understands my problem
Support cares about my success
None
As a partner in their MSP program, we have dedicated account managers including a dedicated SME (Subject Matter Expert). These guys have helped us engineer countless unique situations in 1:1 calls and emails as we've learned how to position and configure this product. They also regularly hold webinars reviewing how their platform works ensuring that your own internal engineers are capable of handling the day-to-day needs once applications and policies have been set up for your clients.
We did not, the support offered out of the gate was sufficient for our company.

Using Cisco Duo

The mentioned end-user experience could be somewhat enhanced. Some of our clients do not have formal means of training their own employees so very specific things like: "employees using personal cell phones", and replacement of those devices, quickly become business issues that creates challenges for our smaller clients who do not have formal guidelines along these things are more informal in the way their business runs.
All things that can be helped by us as resellers but some existing client-facing documentation would help and more administrative controls to help "force" people in the right direction.