{"id":622,"date":"2018-09-07T13:04:34","date_gmt":"2018-09-07T08:34:34","guid":{"rendered":"http:\/\/www.enhisecure.com\/isecureblog\/?p=622"},"modified":"2019-05-21T12:33:39","modified_gmt":"2019-05-21T08:03:39","slug":"integrating-cyberarks-pas-solution-with-duos-2fa","status":"publish","type":"post","link":"https:\/\/www.enhisecure.com\/isecureblog\/2018\/09\/07\/integrating-cyberarks-pas-solution-with-duos-2fa\/","title":{"rendered":"Integrating CyberArk’s PAS Solution With DUO’s 2FA"},"content":{"rendered":"

CyberArk’s PAS<\/a> solution uses the Password Vault Web Access System which provides the method by which users request passwords and high-level administrators approve the requests. Access to this system should be as secure as possible. Integrating with a multi-factor authentication system like Duo<\/a> would make the login process more secure by authenticating the user based on LDAP<\/a> password as well as the response received by the Duo Authentication Proxy<\/a> using Duo Push<\/a> setup on the user’s mobile device.<\/p>\n

In the current demo, an LDAP user with the name “testuser” is created on the Active Directory Domain Controller as well as the DUO instance.<\/p>\n

\"\"<\/p>\n

Once the accounts have been created, the DUO Authentication Proxy is setup and is configured as the primary LDAP host for authentication.<\/p>\n

The Duo Authentication Proxy is a service that runs either on Windows<\/a> or Linux<\/a>. It is configured by using the file authproxy.cfg\u00a0<\/em><\/p>\n

The details of the Duo instance and the details of the LDAP server which is being used for\u00a0primary authentication are configured in authproxy.cfg<\/p>\n

The firewall<\/a> must allow outbound traffic to the Duo instance using HTTPS<\/a>.<\/p>\n

Only on successful primary and secondary authentication, access to the PVWA is granted.<\/p>\n