Duo MFA integration poorly documented
I searched for "Duo" in the forum but every link that came up (even after checking in a link and the full discussion) never mentions Duo. So here goes.
In the help article for enabling Duo integration (https://help.remotedesktopmanager.com/index.html?authentication_duo.htm) I am missing something.
Also, is this KB setting it up for a data source as it suggests at the beginning? If so how do I modify the data source to enhance security with Duo if it's grayed out (even logged in to the data source as an administrator)? This is an Azure SQL data source BTW.
And then in Step 5 it's talking about an individual user authenticating... but is this what everyone will then immediately see the next time they use this data source? Will each user have to do anything other than attempt to logon and select their Duo method? But then Step 4 is looking for an individual username for Duo... it's confusing.
All Comments (7)
Hello,
The possibility to configure DUO on your data source is greyed out if you don't edit the data source. Editing the data source will allow you to configure DUO as a 2FA to authenticate on the data source.
However, using SQL Azure as your backend data source, it would not be possible for you to force your users to use this 2FA to authenticate on the data source. If you would like to force your users to use DUO as their 2FA, you would need to use Devolutions Password Server as your backend data source.
https://server.devolutions.net/
Best regards,
Jeff Dagenais
Ah, of course. For some reason didn't see the pencil icon. That needs to be better documented in the KB.
OK... why can't it be used for SQL Azure? Also that too needs to be documented in the KB.
So now that it can't be used, I'm still OK with that because my main goal was to secure RDM as a whole not just one data source. And because the instructions in the KB aren't clear if this is really possible or not I would like to know. When I go to Options, Security there is a "Duo automatic 2-factor" option. Now I'm guessing that means IF a data source is secured by Duo this just sets a global option to choose push/SMS/etc.
But if we can here use Yubikey/Google Authenticator (which is more unreliable than other apps for some reason in this case, just with RDM) are there plans to enable us to use Duo for the app as a whole?
Hello,
It's possible to use DUO as your 2FA for Azure, but it's not possible to force your user to use this specific 2FA on SQL Azure data source.
Regarding the usage of DUO as an application 2FA, I would need to get an answer from our engineering department to see if it's on the list or not.
Let me get back to you regarding this.
Best regards,
Jeff Dagenais
Any news on this?
Ping...
Trying to help somehow from my laptop...
You might want to take a look to Spriv instead of Duo.
I am using it and I am really happy. Not sure if what you want to do with RDM is possible but take a look.
Hello,
Sorry for the delay in my response, I was on vacation last week.
I had a discussion with our engineering department and we have opened a ticket to add DUO as an application 2FA in RDM (inside File -> Options -> Security). The ticket number is RDMW-3122.
Best regards,
Jeff Dagenais