Cisco Duo Provides a Flexible, Managed MFA Authentication Solution
Updated July 28, 2023
Cisco Duo Provides a Flexible, Managed MFA Authentication Solution
Score 10 out of 10
Vetted Review
Overall Satisfaction with Cisco Secure Access by Duo
We needed to implement multi-function authentication (MFA) on multiple platforms (Mac, Windows, Andriod, iPhone) with multiple applications. We have a hybrid workforce and heavily leverage cloud and on-premise technology and applications.
Pros
- Easy to use
- Easy to implement
- Easy to recover from a lost or damaged phone
- Easy to track
Cons
- Recovery aspects are not necessarily obvious
- The Cisco Duo installation defaults to allowing MFA to be off if the application cannot communicate is a major flaw
- It is not obvious that tight controls need to be in place for end-user self-service provisioning. In some circumstances a compromised user ID and password could obtain a legitimate MFA configuration if the compromised user had not yet setup their Duo configuration before the compromise.
- Duo has allowed us to better secure web and corporate resources that are internet facing. This has allowed us to avoid the CISA "risky practices" label for internet facing resources.
- Duo has allowed us to better leverage the hybrid work model that started under COVID-19 and continues today by easily allowing an employee to safely access whatever corporate resources they need.
We have a single MFA solution for almost all local and remote access as well as cloud access. There is less to maintain. Basic credential theft attacks cannot be effective because the attacker cannot meet the MFA challenge to launch the attack.
Everytime has been an excellent support experience.
Cisco Duo is superior to Google or Microsoft Authenticator. At their most basic levels all three do a fine job of providing MFA access codes and all three can work off the same QR code to set up new MFA configurations. Cisco provides a centralized management with policies and very nice recoverability vs. just a nice, basic authenticator app that the other two products offer.
Do you think Cisco Duo delivers good value for the price?
Yes
Are you happy with Cisco Duo's feature set?
Yes
Did Cisco Duo live up to sales and marketing promises?
Yes
Did implementation of Cisco Duo go as expected?
Yes
Would you buy Cisco Duo again?
Yes
Cisco Hybrid Work
- Webex Meetings
- Webex Webinars
- Cisco AnyConnect
- Cisco Secure Access by Duo
- Working from an office or other company space
- Working from home
We have been working in hybrid mode for well over 6 years. It works great for us. For the most part, location doesn't matter for most of our employees work whether in the office, out with customers, or working from their home office. We have both VDI and web-based solutions implemented. We are trying to de-emphasize in-office solutions vs. web solutions which are easier to access remotely.
It is harder to interact casually as you can't pop into someone's office as you are walking down the hall We have to be more intentional about unscripted interaction opportunities. We also are implementing all staff in-person meetings periodically to keep everyone connected.
It would be much more cumbersome and much riskier to operate in a hybrid environment without Duo and AnyConnect.
Sometimes we have had connectivity problems with Zoom or WebEx in our meetings which is frustrating.
We have only used VMware and Cisco for all hybrid work from the beginning.
- Webex
- Microsoft Teams
- Zoom
- Google Meet
- Slack
- GoTo
- RingCentral
We use WebEx for all internal and many customer meetings. We use Zoom for our customer webinars. We use Teams and RingCentral internally. The rest are based upon customer or vendor requirements.
Resilience and Reliability
It is vital that the tools just work without major thought and that the tools are secure. Duo and AnyConnect just work. WebEx and Ringcentral overall work well and are secure. Spotty internet connectivity is sometimes a problem beyond the control of any of these products.
Redundant servers, better internet connections, MFA options, SSL-based certificates.
- I think our implmentation is rather boring and traditional - safe, secure authentication whether on-site or remote.
Using Cisco Secure Access by Duo
15 - Technical, Sales, Administrative
1 - We have a lead systems engineer who supports our Duo integration.
- MFA
- Secure Remote Access
- Secure Local Authentication
- Secure Web Site Access
- Implement MFA for all users internally on their endpoints.
Evaluating Cisco Secure Access by Duo and Competitors
- Cloud Solutions
- Scalability
- Integration with Other Systems
- Ease of Use
It works well in a variety of environments so we are leveraging one platform as much as possible.
I wouldn't change anything
Cisco Secure Access by Duo Implementation
- Implemented in-house
Change management was minimal - You just have to make sure you follow enrollment and client implementation properly to not leave security gaps due to startup issues.
Cisco Secure Access by Duo Training
- No Training
Yes it is very simple to use for end users.
Configuring Cisco Secure Access by Duo
Make sure you install fail to closed vs. fail open. Make sure you tightly control enrollment to not allow compromised accounts to gain MFA status.
No - we have not done any customization to the interface
No - we have not done any custom code
Cisco Secure Access by Duo Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success | None |
Yes because we can't be without MFA authentication for our remote users.
Using Cisco Secure Access by Duo
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Well integrated Consistent Quick to learn Convenient Feel confident using | None |
- MFA
- None
Yes - It works well
Cisco Secure Access by Duo Reliability
Integrating Cisco Secure Access by Duo
- VMware Horizon View
- Windows Server and Workstation OS
- Cisco AnyConnect
- Most all of our web resources
It wasn't hard with any of the platforms.
- No
So far anything we wanted to do was supported.
- Single Signon
- API (e.g. SOAP or REST)
No
Look at the list and find what you can implement
Relationship with Cisco
Not sure as I did not do the purchasing.
Upgrading Cisco Secure Access by Duo
- None it still just works
- It to continue to work
Comments
Please log in to join the conversation