You need a domain like vpn.domian.com
You need a cert for that domain installed and working on ASA
You need to setup SSO first
You will need to put in the email domain eg domain.com
It will ask you to create a TXT record in DNS
You will need to get DNS provider to set that up.
Once confirmed you will be able to download the IDP cert from the duo portal.
Now you can continue with doc
You will need to add mail attribute "UserPrincipalName"
https://duo.com/docs/sso-ciscoasa
Duo and certs
For Duo Auth Proxy v6.4.2, If you are using LDAPS (Which you should, plaintext is bad) for directory sync / SSO in Duo, the windows certificate is required to have been signed with a 2048bit key, Windows seems to use 1024bit by default!
You can request a new server cert on the relevant servers, and specify the key length and it will resolve any LDAPS issues in Duo!
No comments:
Post a Comment