Secure Mobile Access 12.4 Administration Guide

Integration of SMA with Cisco Duo Security MFA Server

The SMA1000 appliance can be integrated with Cisco Duo Security Multiple Factor Authentication (MFA) server. This allows users to choose a second factor authentication method on SMA clients to prove their identity. Upon providing primary credentials, users are provided with a list of devices and authentication methods registered with Duo for the user. User can choose an authentication method to authenticate. Based on user choice, user needs to either respond to Push notification or phone-call or other OTP methods and proceed with authentication. Users who fail to authenticate against Cisco Duo Security MFA server will be denied login access.

This authentication server can be attached to any primary authentication server supported by SMA. This authentication server automatically uses the username provided for primary authentication, thus the user does not have to enter username again for Cisco Duo Security MFA authentication.

As an admin you can check if the user's IP is forwarded to Cisco Duo Security MFA server, so that Cisco Duo Security can enforce network related policy enforcement.

Prerequisites:

  • SMA/CMS running 12.4.3 firmware version.

  • Ensure you have an active license or partnership with Cisco Duo Security service to do MFA.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden