Duo 2-Factor Authentication

Question

Any experience with Duo 2-Factor?  If so, I would like to discuss.
I have a need to incorporate Duo into a working NTLM/Kerberos APM profile to access a IIS web farm.  This is an all internal configuration for both users and servers.  All users are AD authenticated devices on network.  The working profile is currently tranparent to the user.  I only want the Duo component to be internactive.  The working APM looks like the attached image.  
Duo is currently working within our company as it front ends our clinet-VPN service.  I can make the solution work if I follow the Duo white paper at:
    https://www.duosecurity.com/docs/f5bigip

However, I see no reason for a login page to gather user information already known by the PC.  The working profile pulls these credentials today to perform it authentication tasks.

andrew_husking · Answer

Just insert a login form after kerberos auth (or whereever you want it to occur) and change the fields so only password is shown and change the text to be "Please enter your second factor auth"&nbsp;
This is how we do it with our 2nd factor systems.&nbsp;

Forum Discussion

Duo 2-Factor Authentication

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Duo Authentication Proxies

APM Configuration to Support Duo MFA using iRule

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Configure Toopher 2 Factor Authentication to work with APM

SecureAuth 2-Factor STS iApp