Duo offers a streamlined GUI, flexible policies, and all for a reasonable price
May 05, 2021
Duo offers a streamlined GUI, flexible policies, and all for a reasonable price
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Duo / Cisco Secure Access, by Duo
We use Duo primarily to provide multi-factor access (MFA) for our RADIUS-based devices, though we also use it for MFA with SSO. We are only using it for the IT team, since we use Microsoft MFA for most of the rest of the firm for remote access. We needed a tool with a straightforward interface to manage all of our IT admin MFA needs, such as fine-grained policies, per application.
- Easy-to-use and streamlined GUI for administration/management.
- Lots of MFA options such as code, push, SMS, etc.
- Industry standard with backing by Cisco, positioning it for high adoption and growth.
- Unable to set time-based MFA bypass based on username and source IP, making the solution unnecessarily administratively burdensome.
- Hand-edited configuration file, which is prone to errors and difficult to manage.
- Very positive ROI given it is inexpensive for a small group and helps us secure our most valuable IT assets.
- Lack of extreme policy granularity results in higher administrative overhead, as there is no middle ground (i.e. MFA every time or not at all).
The whole purpose of MFA is to make sure the user that is authenticating is who they say they are and are authorized to perform the action. Additionally, if credentials were compromised, an attempt to use them that would trigger a MFA request to the actual user. This is an added bonus, alerting that the credentials were compromised and investigation and remediation can take place. While we are fairly early on with our Duo implementation, I have no doubts that it will prevent intrusion and data breaches.
We were trying to figure out what properties we needed to pass and update for RADIUS and the pre-sales engineer guided us to the proper documentation and helped us find a solution to our use cases. We certainly didn't make it easy on him, but we appreciated the responsiveness and support.
Each vendor we spoke with had different strengths and weaknesses, some very subtle, and for our use cases, they'd probably all have worked; however, we primarily needed a MFA solution for RADIUS and web that was inexpensive, simple to set up, easy to manage, and backed by a large company.