Cisco Duo, upgrade your authentication processes, sleep at night, be awesome.
Updated July 05, 2022

Cisco Duo, upgrade your authentication processes, sleep at night, be awesome.

Sean Muller | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco Secure Access by Duo

Cisco Duo is being used to provide Multi-Factor Authentication for users who have administrative accounts to access our VPN. It will soon be deployed to general VPN users as well and eventually be required when logging into terminal servers. This allowed us to take one step further in our PCI compliance which required MFA for Privliged accounts. It takes its job a bit further by allowing us to geofence our users to ensure they are accessing their resources from know locations for instance within the united states. To sum it up it provides a layer of protection against external threats gaining access to our network by abusing our services that is a leap above our previous capabilities. Follow-up we have stayed with Cisco Duo and now have it deployed to all users, this lets me sleep at night!

  • Integrates with our other cisco products perfectly.
  • Allows Cisco support to provide setup and troubleshooting instead of having to bring multiple vendors into a situation where support is quick to point fingers.
  • Provides user information and reporting which allows us to gain knowledge about our users we can use in troubleshooting.
  • Authenticates with almost perfect certainty that the user who is requesting access to our systems is a valid user
  • Uses geofencing to stop the majority of hacking attempts from countries we have no business with.
  • Elevates the authenticity of our security measures to the executive team
  • Cisco Duo allows for the use of a landline for users who do not have a cell phone which provides coverage for any potential user even ones without cellular devices
  • Allows us to use Duo Mobile to also authenticate salesforce which is forcing MFA at the moment.
  • Other MFA products have a password manager function for an added fee that would be nice to have, though I believe Cisco Duo partnered with Last Pass to provide for now
  • Navigating Cisco Duos Support processes can be difficult, if you open a ticket in the wrong group you may end up having to reopen the ticket in the correct group.
  • Though no MFA does this it would be great to just take a company cell phone and Assign the MFA to SMS text that number, its kind of annoying to have to have the user "Enroll" if its a company owned device.
  • We were able to comply with a higher level of PCI which will affect the insurance cost of credit card processing in a positive way.
  • We are able to show our cyber security insurance provider which will affect our insurance cost in a positive way.
  • We will be more assured of the integrity of our systems allowing us to sleep more peacefully at night.
  • We will have a smaller attack surface which will provide us the ability to better spend our budget on directed improvements instead of having to cast a wide net.
  • Positive Effect - Reduction in Cybersecurity insurance costs after reporting MFA FORCED on our vpn.
Cisco Duo is known for the ability to do what you want and being configurable to whatever you need if you have the talent. If you are new to Cisco Duo and have no support I would not recommend it. If you buy support from Cisco Duo then you can have them configure it properly and have access to their support if anything happens or you need to make a change to how you do things. If you are a Cisco certified network administrator you are in for an easy configuration with your support team. If you just got your network plus and have never worked with cisco before you need the support package or look into getting some external support from an MSP. UPDATE: We have learned how to use this system consistently and in a Stabil way (Make sure you setup a proper NTP Server).
We see many blocked attempts to access our systems every day. There is always the fear that someone will sign up for a service to attempt to download a coupon or sign up for a video game with the same username and password they use at work which if those external low priority systems are ever broken into by a hacker would leave one of our usernames/passwords out on the dark web for a few pennies. Cisco Duo MFA provides us with the needed ability to prove that the users who attempt to log in are our users preventing lockouts from malicious actors trying to brute force their way in or flooding our systems with requests blocking the way for valid users. This lets us sleep at night without fearing the text notification at 3am. FOLLOW UP: Since we had Cisco Duo on our devices it was much easier to setup MFA for our email system and for Salesforce. Both have started enforcing MFA.

Support has been great they assisted us in setting up everything from start to finish, we do have an excellent CCNA certified network administrator but even with that internal support we made sure to get the opinions of the subject matter experts at Cisco Duo to configure things the right way.
Follow Up: Since setting up the NTP Server we have not had to open a ticket in about 9 months.
We brought Cisco Duo into our environment and it was discovered that our ACS needed to be replaced, but the support tech found that we had a higher model of the cisco ACS which could be upgraded to an ISE instead of having to mothball it. This allowed us to end up with two Cisco ISE devices which allowed for an easy transition and the repurposing of the ACS as a backup ISE in our backup/disaster recovery site.

One of the techs realized that since our network admin had not setup a universal NTP server (Something not normal) it caused the system to drift in time between different devices requiring a reboot of our ASA. There have been not issues since we set this up.
Okta had some different methods and features which stacked up closely with Cisco Duo but we went with Cisco Duo for the assurance that the system would perfectly integrate with our other cisco products and the ability to acquire support from one vendor instead of having to bring in two vendors for any potential issue that could come across in the future.

I would like to setup a lifecycle management process like Okta in Duo.

Do you think Cisco Duo delivers good value for the price?


Are you happy with Cisco Duo's feature set?


Did Cisco Duo live up to sales and marketing promises?


Did implementation of Cisco Duo go as expected?


Would you buy Cisco Duo again?


Wherever the price of confirming authentication is a priority, we are not just protecting our network, we are protecting our users connection, we are protecting our employees data, we are protecting our company's stability, we are protecting our customers data, this all sums up to it has to be done right. If you had something less important you are configuring you may not be willing to go the extra length.
Follow up: We are still using duo and will be using it for the foreseeable future. The reason, because once you have had your users enroll they quickly learn that its worth the extra step to get in.

Using Cisco Secure Access by Duo

215 - Every office staff user has the ability to work from home when needed. Additionally when the Drivers/Techs need to connect and download updated files they are also in Duo so their VPN connection is authenticated and safe, this allows us to make sure that the systems we created will not be connected to with something as simple as a username and password.
1 - Cisco has a certification CCNA which would be the appropriate level of skill with Cisco that you would need to setup DUO but if you have set it up once it is going your would probably be fine with a CENT supporting the product. It is very easy to maintain once setup properly.
  • Users connecting from home to the VPN to get into Terminal Server
  • Driver connecting from the Road to download updates
  • IT Dept Connecting from their cell phones to troubleshoot issues
  • To force MFA when turning on user laptops
  • To Restrict the VPN to specific Devices via Mac Address Filtering