CASE STUDIES
Case Study on CISCO DUO Solution to
one of the top Automotive Manufacturer in India
Customer Challenge

Customer is seekinga solutionthatcreates as trusted level of access using methods such as multi-factor authentication. The desireistotest the Duo solutionto proveit can meet the required Use Cases.

Customer is committedto providingtheresourcesrequiredin ordertotestthe capabilities of Duo based onthe criteria identified below.

Moreover, Customer has various applications in their environment that are accessed by users both on the corporate network and over the internet. Majority of the application access is provided through VPN (SSL) connections. For the purpose of POV, the following application are considered to be in scope of this POV.

Solution & Implementation Criteria
UseCase Dependencies Value SuccessCriteria
UserProvisioning DuoAuthenticationProxy Minimizeadministrative overhead Successfully synchronize users from on premise AD to Duo cloud
Self-Enrollment DuoAuth-prompt MinimizeHelpDesksupport Wastheuserabletoenrolldevice withoutassistance
Self-serviceforenduserswith MFAdevices DuoWebAuth-prompt DeviceMgmt.Portal Allowsuserstomodifytheirlist ofsecondfactordeviceswithout callingthehelpdesk Wasthetestuserabletointuitively replacea devicewithout assistance?
Self-serviceforenduserswith MFAdevices DuoAuth-prompt Allowsuserstomodifytheirlist ofsecondfactordeviceswithout callingthehelpdesk Wasthetestuserabletointuitively replacea devicewithout assistance?
ProtectVPNAccessforremote users DuoCloudSSO SAMLsupportedVPNsolution ProtectsaccesstoVPNwith multi-factorauthentication WastheuserpromptedforMFA whileconnectingtoVPNandwas the MFAsuccessfullydone
CISCO Duo Solution User MFA Flow

For Palo Alto Global Protect VPN, the primary authentication will be configured through Duo cloud SSO. Duo cloud SSO will be integrated with on premise Active Directory through Duo Authentication Proxy.

  • User initiates VPNconnection toPalo Alto Global Protect.
  • Palo Alto Global Protect redirects user to the Duo Single Sign-On for SAML authentication.
  • The user logs in with primary active directory credentials.
  • Duo SSO performs primary authentication via anon-premises Duo Authentication Proxy to Active Directory
  • Duo Single Sign-on begins 2FA
  • User Device Health and Device Trust is validated
  • User completes Duo 2FA authentication
  • Duo SSO redirects the user back to the Palo Alto Global Protect with response messages indicating success or failure
Duo Authentication Proxy

Duo Authentication proxy is an on-premises of tware service that mediates the authentication request between the Duo cloud SSO and on-premise Active Director.

Duo Authentication proxy also enables Duo administrators to import usernames and other identity information directly from on premise active directory.