Duo Two-Factor Authentication for SailPoint Identity Security Cloud

What is Duo

Duo is a two-factor authentication solution that helps organizations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications.

Why Duo

Duo is fast, easy and flexible. Passwords and even basic Multi-Factor Authentication (MFA) aren’t enough to keep you safe from today’s attackers. Duo gives you the extra layers of protection you need for secure access management. With this setup, Duo two-factor authentication (2FA) is added as a verification option for account unlocking and password resets.

Prerequisites to integrate Duo

  1. Configure SailPoint Web application and copy ClientID, secret and hostname these details are required for SailPoint integration.
  2. Add users and enroll them in the application. User should have an account in SailPoint.

Technical Overview:

Here’s the technical demonstration on the integration of Duo

Use case Demonstration – Integration flow:

Please refer to the below video to have an understanding about Duo integration

SailPoint configuration

  1. The steps to be done in SailPoint tenant for duo integration
  2. First in SailPoint, integrate the Duo and then check the test connection after successful test connection
  3. Enable multifactor Authentication in Identity profile
  4. And select duo web in Password Reset and Unlock Settings
  5. Now you are all set to use duo authentication

Duo 2FA for Identity security cloud password reset

  1. With duo integration user can reset his password
  2. First user has to proceed to reset password
  3. Enter the username
  4. Then you should enter the passcode received from duo after successful duo authentication you can able to set new password

Duo 2FA for Identity security cloud Unlock account

  1. If the user account got locked, then he can unlock his account with duo integration
  2. First user has to proceed to unlock account
  3. Enter the username
  4. After successful duo authentication your account will be unlocked

 

A Deep-Dive into Okta Sign-On Policies

  • Introduction
  • Usecase Overview
  • Usecase Demonstration
  • Challenges
  • Conclusion
  • Reference Links

Introduction:

In today’s digital landscape, organizations rely on various applications to enhance productivity, necessitating secure access for diverse workforces, including remote employees and contractors. To ensure secure access for remote workers using new devices, implementing Multi-Factor Authentication (MFA) is essential. When accessing sensitive applications from unrecognized devices, Okta prompts for MFA, requiring additional authentication steps such as a one-time password or biometric verification. Administrators can set contextual-behavior based sign-on policies to determine when MFA is necessary, enhancing security and reducing unauthorized access risks, while logging all attempts for monitoring and auditing.

Usecase Overview:

Please refer to the below video to have an understanding about Okta Sign-On Policies focusing on their structure, functionality, and how they enhance security using contextual behavior detection methods.

Usecase Demonstration:

This demonstration offers a comprehensive overview of the Sign-on Policies in Okta, highlighting the practical application with a common scenario around WFH / remote employees.

Challenges:

In general, many organizations encounter various challenges when it comes to user access management: 

  • Securing access for remote employees, contractors, and full-time staff who require varying levels of access to applications. 
  • Ensuring consistent user attributes and access permissions across all applications. 
  • Demonstrating compliance with security standards by implementing strong access controls and monitoring user activity. 
  • Minimizing administrative overhead associated with managing user identities and access. 

Conclusion:

Implementing Okta for centralized security management enables organizations to leverage the platform’s robust features and benefits. By setting up user groups, integrating applications, configuring session policies, and enabling MFA, companies can create a secure and efficient identity management system that meets their specific requirements. 

Reference Links:

Global session policies | Okta Docs

Authentication policies | Okta Docs

Multifactor authentication | Okta Docs

Behavior Detection | Okta Docs

Risk scoring | Okta Docs